Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Helpme Nothing seems to get rid of hosts and sharing files everywhere


  • This topic is locked This topic is locked
21 replies to this topic

#1 someonehelpplease

someonehelpplease

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 14 October 2015 - 01:31 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:24:36 AM, on 10/14/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

Boot mode: Normal

Running processes:
C:\windows\TEMP\DPTF\esif_assist.exe
C:\windows\syswow64\wwahost.exe
C:\Users\Casey\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @oem21.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: CCSDK - Lenovo - C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\windows\SysWOW64\esif_uf.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FastbootService - Lenovo - C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GDCAgent - Lenovo - C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service (Intel® ME Service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo OKO Service - Lenovo(beijing) Limited - C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
O23 - Service: LenovoSetSvr - Lenovo(beijing) Limited - C:\Program Files\Lenovo\LenovoUtility\LenovoSetSvr.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
O23 - Service: OKOControlSvc - Lenovo(beijing) Limited - C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
O23 - Service: PaperLookingSrv - Lenovo - C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe
O23 - Service: PLHotkeyService - Unknown owner - C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 7831 bytes



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 AM

Posted 14 October 2015 - 10:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

p.s.
HijackThis is no longer supported and is not ready for current operating systems.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 18 October 2015 - 07:26 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by Casey (administrator) on CASEY (18-10-2015 18:57:16)
Running from C:\Users\Casey\Downloads
Loaded Profiles: Casey (Available Profiles: Casey & casey_000)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FBService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\LenovoSetSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Lenovo) C:\Users\Casey\AppData\Local\Apps\2.0\M6AML78D.V6W\Q3YRXLCR.M5Q\lsb...tion_91a10ba61c75c82d_0001.0005_a24d0d716055ed94\LSB.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_BYPASS_AUDIO_EFFECT_WHEN_POWERSAVING] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-01] (Synaptics Incorporated)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [10828056 2015-10-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [605992 2015-03-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [609200 2015-03-01] (Waves Audio Ltd.)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [31232 2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9bde7ac4-539f-42dd-bb13-ce374a7d4011}: [DhcpNameServer] 150.213.1.3
Tcpip\..\Interfaces\{fe7b55ed-f092-44bf-862e-a4b8d72cc32c}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll No File
 
FireFox:
========
FF ProfilePath: C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\b4pfr7co.default
FF NetworkProxy: "type", 4
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-07-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-07-03] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\b4pfr7co.default\Extensions\firefox@zenmate.com.xpi [2015-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFPlgn [2015-10-18]
 
Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-13]
CHR Extension: (Google Docs) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-13]
CHR Extension: (Google Drive) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-13]
CHR Extension: (YouTube) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-13]
CHR Extension: (Google Search) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-13]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-10-13]
CHR Extension: (Google Sheets) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-13]
CHR Extension: (Norton Safe) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-13]
CHR Extension: (Gmail) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-13]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S4 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
R2 esifsvc; C:\windows\SysWOW64\esif_uf.exe [953352 2014-06-10] (Intel Corporation)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191000 2015-01-27] (Lenovo) [File not signed]
S4 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-07-03] (Intel Corporation)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2742568 2015-03-31] (Lenovo(beijing) Limited)
R2 LenovoSetSvr; C:\Program Files\Lenovo\LenovoUtility\LenovoSetSvr.exe [369944 2015-10-13] (Lenovo(beijing) Limited)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [359208 2015-03-30] (Lenovo(beijing) Limited)
R2 PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe [173336 2014-08-11] (Lenovo)
S4 PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe [25368 2014-08-11] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S4 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-09-03] (Lenovo)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7578328 2014-12-22] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151008.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-09] (Microsoft Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [35136 2014-06-10] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [34072 2014-06-10] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-20] (Symantec Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [192624 2014-06-10] (Intel Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2015-01-27] (Windows ® Win 7 DDK provider) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151016.001\IDSvia64.sys [767216 2015-10-09] (Symantec Corporation)
S3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151017.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151017.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [7239384 2014-08-29] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-09-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605040.018\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [65728 2015-10-01] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys 22CE801AD25C51E2553F41A076BB0CB2
C:\Windows\System32\drivers\3ware.sys 2C49A2441EBB24C6ACFB524C1459115F
C:\Windows\System32\drivers\ACPI.sys B87D3D07FE6F15328C6860D542F0E2BD
C:\Windows\System32\Drivers\acpiex.sys 1E3C4EDBB7F3F668B7205E351010BB79
C:\Windows\System32\drivers\acpipagr.sys 13B1C26AEDCB40082CDD97506F968129
C:\Windows\System32\drivers\acpipmi.sys B3D64FF927D611721DA73A61BF3A18B3
C:\Windows\System32\drivers\acpitime.sys 19F793B2203D94AC1F8AEDB08B494E2E
C:\Windows\System32\drivers\AcpiVpc.sys E5D1706CE2BFC9127655B194839BEDB5
C:\Windows\System32\drivers\ADP80XX.SYS 2A24E10C1A1DE0E0035E353EED494A1C
C:\Windows\system32\drivers\afd.sys 6C12C7E01A4F64E0AA9C88AF66955CC9
C:\Windows\System32\drivers\agp440.sys EF09D07626820F7F89519514C17FE768
C:\Windows\System32\DRIVERS\ahcache.sys 8A289EF0721F95267BF2404BABEE146D
C:\Windows\System32\drivers\amdk8.sys 6763084E8322A4876D1613854640F914
C:\Windows\System32\drivers\amdppm.sys DE29D8AB57AD67D4940CAB4A48B3E230
C:\Windows\System32\drivers\amdsata.sys 4C1F9BBAF5CCD76D4642F3B92B97B454
C:\Windows\System32\drivers\amdsbs.sys F8195C1A15955180DD663E7FF4C2F6DD
C:\Windows\System32\drivers\amdxata.sys DD2F5BBCFAC4D8E48DB1A95A7EEBFF08
C:\Windows\system32\drivers\appid.sys 46AAF119090573A80D603745582229ED
C:\Windows\System32\drivers\arcsas.sys 0756EECAC010BE449D07502DF27E7701
C:\Windows\System32\drivers\asyncmac.sys A5792F971EFE86B7F56EE7299ED1082B
C:\Windows\System32\drivers\atapi.sys 8921DF6060DB5C7700AA48CB12E9EA08
C:\Windows\System32\drivers\bxvbda.sys 00D64E82900E4EC9062805ED87C2D75A
C:\Windows\System32\drivers\BasicDisplay.sys 5164A66EC1565711A7B4CF2F143B4979
C:\Windows\System32\drivers\BasicRender.sys F4C58BBF2972BD84C73F6A14CA35AC4E
C:\Windows\system32\drivers\bcbtums.sys 6FED40EC0DB11DF1B2AD08621FBDDED6
C:\Windows\system32\DRIVERS\bcmwl63a.sys C9D56F984B66C110954CD23982DF29F8
C:\Windows\System32\drivers\bcmfn2.sys 25349D0B334E528667980948ED107D89
C:\Windows\System32\Drivers\Beep.sys 1E8A9267F8886803AAE02982FC1B5BC4
C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151008.001\BHDrvx64.sys 9CF4428D09C73B6F633AF9E58B835689
C:\Windows\System32\DRIVERS\bowser.sys C9FD65687EF89715999C582D3E568812
C:\Windows\System32\drivers\BthAvrcpTg.sys F8DD3B0EAC1EF1D087AE47E5819540AC
C:\Windows\System32\drivers\BthEnum.sys 74C9D52F3F594529465E18B2BFF80487
C:\Windows\System32\drivers\bthhfenum.sys 647E2A425AD43637EAA01096A58B7089
C:\Windows\System32\drivers\BthHFHid.sys B95040CAD3434D9EE003065363A0FAFF
C:\Windows\system32\DRIVERS\BthLEEnum.sys 986F756D10B5A2B3971A03BD6308B94F
C:\Windows\System32\drivers\bthmodem.sys 29AEE352AED4FCD2191436D263D75347
C:\Windows\System32\drivers\bthpan.sys 38C97371F058E889F730BF35530732F4
C:\Windows\System32\Drivers\BTHport.sys FCC211B0F46D831506D0D76539203899
C:\Windows\System32\Drivers\BTHUSB.sys 5866AE46EEF644E6DE5C95942AE419D7
C:\Windows\system32\DRIVERS\btwampfl.sys 8B8B304DF17084338326BC4ACC2716C5
C:\Windows\System32\drivers\buttonconverter.sys 854AF190F55E6D70EC65A85798F896E2
C:\Windows\System32\drivers\capimg.sys A10A1E05A943B10ECE5D57D131B7404D
C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys 5A1C7DBDDB001BC6F1D1720E655445E2
C:\Windows\System32\DRIVERS\cdfs.sys F2829DC6D292DCAC5029893BB2E9FEE3
C:\Windows\System32\drivers\cdrom.sys CA160E02F35A61C6F5C681FB4669C519
C:\Windows\System32\drivers\circlass.sys 60D7D304DF75DFF6A46CF633F583B592
C:\Windows\System32\drivers\CLFS.sys FF9D4BCE19E5D36CB3A845A3286DA6C3
C:\Windows\System32\drivers\CmBatt.sys 8EBA63416EC166EBA6EF6D34A505D8C8
C:\Windows\System32\Drivers\cng.sys 3B64DA873CEA5BEC42570BFF1054A014
C:\Windows\System32\DRIVERS\cnghwassist.sys 5EEA0856000F81B3D709BC81B3AA1EF2
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys 74CD3BF688E2B408227FE012A2F2D8ED
C:\Windows\System32\drivers\condrv.sys D38774D1D383A2CDB9A4F64B7206913B
C:\Windows\System32\drivers\dam.sys F038EAF73AAB72A4A89185A5A7B9FD75
C:\Windows\System32\Drivers\dfsc.sys 25435407D97419627F4B10653433BF2B
C:\Windows\System32\drivers\disk.sys FDCD449AE9E75D7690593D16ADAF4DB4
C:\Windows\System32\drivers\dmvsc.sys F10A8F6D036CEDD14A5471782C52F041
C:\Windows\System32\drivers\dptf_cpu.sys 7C1A276BE7C932996E793426D75624C2
C:\Windows\System32\drivers\dptf_pch.sys 2FE664B44EDC33F428649581FA003D06
C:\Windows\system32\drivers\drmkaud.sys 45771610FF181434073B5A0A00F20F8D
C:\Windows\System32\drivers\dxgkrnl.sys 89C9C3745F270EF93988DA57BC6AA62B
C:\Windows\System32\drivers\evbda.sys 3070013B01EDA42C7EB67D731340C396
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys D3E6B497A7A5B6B361B4E575C90256B2
C:\Windows\System32\drivers\EhStorClass.sys 59EE187E333EE9914DD9BEA5F4E0D85D
C:\Windows\System32\drivers\EhStorTcgDrv.sys 9297F1CC486F24BDFD2874156AC5430F
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 9F027B93978539BA087851C31D572E39
C:\Windows\System32\drivers\errdev.sys F7FCCA6300485EF60CEA6D991D6C8C78
C:\Windows\System32\drivers\esif_lf.sys DB3C9C8C044F4203221DC944AB539603
C:\Windows\System32\Drivers\exfat.sys DCCDC3F35F0618692117DF90800A4284
C:\Windows\System32\DRIVERS\Fastboot.sys E922EA9246FE2EDE19CCBD7D0060CB33
C:\Windows\System32\Drivers\fastfat.sys 5A1C6AFFF6946C5C21A27AE05084C0D1
C:\Windows\System32\drivers\fdc.sys 583EB1C7690E361213BBD0472155128B
C:\Windows\System32\drivers\filecrypt.sys CDFD81CACE0E11596A3BB61EC4CF6467
C:\Windows\System32\drivers\fileinfo.sys 3F02FEDAE894CBF4BAADDF8C8E1D53A8
C:\Windows\System32\drivers\filetrace.sys 2824933386E30DE5BA089DF539CE19A3
C:\Windows\System32\drivers\flpydisk.sys 6A598249640F8BEDD79EC73917E1664F
C:\Windows\System32\drivers\fltmgr.sys 44B6A6832134DF651E887E941478CA35
C:\Windows\System32\drivers\FsDepends.sys 3F3B9E8CECD5604BC7746EF3A852EB67
C:\Windows\System32\Drivers\Fs_Rec.sys A60583221C7BB7CEC35C63285A297BE1
C:\Windows\System32\DRIVERS\fvevol.sys 58013A50225174EEF1410E37795D7908
C:\Windows\System32\drivers\gagp30kx.sys 0DAAE3EFCE00133AB3E383A36C47CDAF
C:\Windows\System32\drivers\vmgencounter.sys F59155B95D01C08F9ED774B626B504A1
C:\Windows\System32\drivers\genericusbfn.sys AE24452F55C6F1784CBD7489D0CDDB02
C:\Windows\System32\Drivers\msgpioclx.sys 96F0D3A583A91B634EE2AC2507356EDC
C:\Windows\System32\drivers\gpuenergydrv.sys BA2455D93BD57989A04FE4094AA6F941
C:\Windows\System32\drivers\HDAudBus.sys C277A49F8A8295840DEBC9240B75A282
C:\Windows\System32\drivers\HidBatt.sys D5A57EF4822A0388352FFF9F5CD53495
C:\Windows\System32\drivers\hidbth.sys 39575B53EB80C77FF2A3F1449D00B7F5
C:\Windows\System32\drivers\hidi2c.sys 35C3B602664116E737FF729F9A7156AD
C:\Windows\System32\drivers\hidinterrupt.sys C4ABE526BBF2A18E8AF70177FBAD9C6E
C:\Windows\System32\drivers\hidir.sys 348416C7D7EB05BC3099FE2F2B27985C
C:\Windows\System32\drivers\hidusb.sys 01F732724AF6EFE69886DA95A4E51820
C:\Windows\System32\drivers\HpSAMD.sys 3844CE7DD23530CAD59D8CABA57CCB05
C:\Windows\System32\drivers\HTTP.sys CA6EADBB8731CA27BDA4037BF290AC14
C:\Windows\System32\drivers\hwpolicy.sys 8841D927EB1F7FFC8B1805BC0CF190ED
C:\Windows\System32\drivers\hyperkbd.sys 53436C3835E80F4421652A67F44D6313
C:\Windows\system32\DRIVERS\HyperVideo.sys B2DC6C2F313EBB967B556B4E73A75451
C:\Windows\System32\drivers\i8042prt.sys D4CDEE4A62BDFFF6E8558A9552148EA7
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys F1DF87463AC308047B089E9F0456B4C8
C:\Windows\System32\drivers\iaStorA.sys 9863EC0FB887C0AD0C3A20AC3BF91629
C:\Windows\System32\drivers\iaStorAV.sys 9FDD4763A115D04F565C38183DE4646F
C:\Windows\System32\drivers\iaStorV.sys 4E69EE8F8E5DA036535D433C544AF9E2
C:\Windows\System32\drivers\ibbus.sys 15C59DF20F74A0C2C764B991FED7F4A5
C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151016.001\IDSvia64.sys 55780CBB981F19CF97B455A3546F1C7C
C:\Windows\system32\DRIVERS\igdkmd64.sys 6FFC445E0D38C3C880125F2C201C9BC6
C:\Windows\system32\drivers\RTKVHD64.sys 1E1E28EEFAB3F61F7159FB5AD3A269A8
C:\Windows\system32\DRIVERS\IntcDAud.sys EA26AE512C63026756D2ACA0711BA7E5
C:\Windows\System32\drivers\intelide.sys 498759139F71142888CF7EFA1ABE18C8
C:\Windows\System32\drivers\intelpep.sys DC270DDCDDC2EF65D484A65CC5166222
C:\Windows\System32\drivers\intelppm.sys B4D9C777762B1F7356958B9C0AA93BEB
C:\Windows\System32\drivers\ioqos.sys 22BD83268B80A8C89AAC0BDF46E4EB5D
C:\Windows\System32\DRIVERS\ipfltdrv.sys A49E47A6E1429123F46A7CA9C05AEFC1
C:\Windows\System32\drivers\IPMIDrv.sys E0C276985AF968CE295B8E09C121321F
C:\Windows\System32\drivers\ipnat.sys 5D3744E6FDEC1A6FB3FA9B1DD4AF0694
C:\Windows\System32\drivers\irenum.sys B18202D72C0EF4B53CEC6F59E3E1B955
C:\Windows\System32\drivers\isapnp.sys CD04CBCCCB4C0E4BB06B98E0F45C888A
C:\Windows\System32\drivers\msiscsi.sys 5D90E942C94B20E0F321015C0ABF3EEA
C:\Windows\System32\drivers\iwdbus.sys F1D3A377ED9BA1CA449824C41CAF104C
C:\Windows\System32\drivers\kbdclass.sys 4192DFE6CA143C0AD8AF42C51A82BECA
C:\Windows\System32\drivers\kbdhid.sys B63C0DB341DCB46CF7AA259333A737DD
C:\Windows\System32\drivers\kdnic.sys 53C79A7FABDAAFD11EAB31963FB2CED7
C:\Windows\System32\drivers\KMDFVirtualMouse.sys 23E3E79A244E63F416A89640359C78B3
C:\Windows\System32\Drivers\ksecdd.sys 1E99B26BDB9B9C9BC775ED4543558560
C:\Windows\System32\Drivers\ksecpkg.sys 6198A79011C67497B324798B3D4272CE
C:\Windows\system32\drivers\ksthunk.sys 503597D9B72DBD9998F722F12A51ACFC
C:\Windows\System32\drivers\lltdio.sys DB789F57CE94C827FBFF709CA5ABD29E
C:\Windows\System32\drivers\lsi_sas.sys 3BB39166E446D456C277C17DFEA3DAC6
C:\Windows\System32\drivers\lsi_sas2i.sys 25CF625E46307A5D6674C8DFA1A289AA
C:\Windows\System32\drivers\lsi_sas3i.sys 722C52B12EA4C198D56994934C9DDAB6
C:\Windows\System32\drivers\lsi_sss.sys 3371FF1D5D745C3306C6A2C4E99C25A9
C:\Windows\system32\drivers\luafv.sys C692B9C0352315417CF49FFA664957A3
C:\Windows\System32\drivers\megasas.sys B2ED9A7A5587A128A0EFD0DBE7662E95
C:\Windows\System32\drivers\megasr.sys 083F71488E6780A67290273180256EA5
C:\Windows\system32\DRIVERS\TeeDriverx64.sys 1BC9159CF58BABD89419072EA180A8F6
C:\Windows\System32\drivers\mlx4_bus.sys 5907A10D46747A2B6DBFD6A198254DC2
C:\Windows\system32\drivers\mmcss.sys 91ED6F0EDF4158D63C52194F17D4F42E
C:\Windows\System32\drivers\modem.sys 2C4CC9F6ADBED5A6D131FDB97A78FF68
C:\Windows\System32\drivers\monitor.sys D8DB13529C8AD6FBAF8E2F382024374F
C:\Windows\System32\drivers\mouclass.sys 2DAAF1EE1C30F2FCF59851A64ADA0422
C:\Windows\System32\drivers\mouhid.sys D30FE074503283829ED194BCAE6239C3
C:\Windows\System32\drivers\mountmgr.sys D5EC9413527B286CFEEB0294C53ABB95
C:\Windows\System32\drivers\mpsdrv.sys 989A1BBD9C49B107B4A47D06E6827A69
C:\Windows\system32\drivers\mrxdav.sys C1E74DD1D84861D8F12FF8BC0BA11975
C:\Windows\System32\DRIVERS\mrxsmb.sys 1DF2C5FD2710A13B07E663A12F0E0EEA
C:\Windows\System32\DRIVERS\mrxsmb10.sys 185932B1149BD707F8A13174CDAB365B
C:\Windows\System32\DRIVERS\mrxsmb20.sys 99E24D4DBACBC569833B9A67710D65E7
C:\Windows\System32\drivers\bridge.sys 6F8BE4FB6262012E61BBADB5444628DC
C:\Windows\System32\Drivers\Msfs.sys 7C55F1751CAC199680D4489D1EE46544
C:\Windows\System32\drivers\msgpiowin32.sys 988588C16A53C2581488C15FF18934BF
C:\Windows\System32\drivers\mshidkmdf.sys 09622DBC24D0178F15DB8461BB6970DF
C:\Windows\System32\drivers\mshidumdf.sys 34BB07495C0159BE4189841E16F3BC2F
C:\Windows\System32\drivers\msisadrv.sys 7BF3F0DA362C053918F5F2EC43CE39E2
C:\Windows\system32\drivers\MSKSSRV.sys B2D0FD21FE67D6434769CC6F7A7883CA
C:\Windows\System32\drivers\mslldp.sys FB3801F176376286A3F8F20FFB8CDC53
C:\Windows\system32\drivers\MSPCLOCK.sys 8CBDF0E7A6CD824352F37A682A33DF7E
C:\Windows\system32\drivers\MSPQM.sys 33E5B6261D69ACD4948A5C64B9D8F29F
C:\Windows\System32\Drivers\MsRPC.sys 557DF8C0DBBBF518AC395C6EB1B179AE
C:\Windows\System32\drivers\mssmbios.sys 0A29AFA668F5DD50482A98ECE70C77A7
C:\Windows\system32\drivers\MSTEE.sys 30CE30877FD5BFADE74FA27D7829BF89
C:\Windows\System32\drivers\MTConfig.sys 13D88C0B8A2FA001CD72D454955A6974
C:\Windows\System32\Drivers\mup.sys 00C7F0F06A0A48B9CDB6B3AC3BE288F0
C:\Windows\System32\drivers\mvumis.sys 8E237527CA260C71D39ED4081BDF3419
C:\Windows\System32\DRIVERS\nwifi.sys 48D0587A8302FD3302CFE6F59F7345B0
C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151017.001\ENG64.SYS 5A4EC58A5F2E63DB2092B343CF1B2834
C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151017.001\EX64.SYS 526EA496D7F06B3746775046B33027C1
C:\Windows\System32\drivers\ndfltr.sys CF8296427834CF8BBB3EE1444C17362D
C:\Windows\System32\drivers\ndis.sys 616F40B897DA651221F86A1741E9609B
C:\Windows\System32\drivers\ndiscap.sys A0719D1EBA971DFC5DF5F7CC010385F8
C:\Windows\System32\drivers\NdisImPlatform.sys 0C557932CCCC65AEB37326DD36504527
C:\Windows\System32\DRIVERS\ndistapi.sys 56F9345D1945826135FBAB7589592B1F
C:\Windows\System32\drivers\ndisuio.sys AADFC340939D99E5D756E713E1D452EB
C:\Windows\System32\drivers\NdisVirtualBus.sys 312DFD787D99D3BF1427B0388BC04F71
C:\Windows\System32\drivers\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
C:\Windows\System32\DRIVERS\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
C:\Windows\System32\DRIVERS\NDProxy.sys 6E98F16983C4AE8703FF9F90AB4B31DD
C:\Windows\System32\drivers\Ndu.sys F1B7CC77F412C8D45B2DDCF76EDA4F9D
C:\Windows\System32\drivers\netbios.sys 824FDC990A3F79069BE468A132EB6888
C:\Windows\System32\DRIVERS\netbt.sys F0D791348AD254360CC3C3E501CCB745
C:\Windows\System32\drivers\netvsc.sys 46E862DA2CF8F351375EF537276B69B5
C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
C:\Windows\System32\Drivers\Npfs.sys 41557BE174E9EC6AC703A8A4ADBC6650
C:\Windows\System32\drivers\npsvctrig.sys AC3F70FCFBCE97AA2F12BA43EE13B86E
C:\Windows\System32\drivers\nsiproxy.sys 66A98C407085B8920DF1E6D722F1ADB8
C:\Windows\System32\Drivers\NTFS.sys 466EC5659C02ED53DBD47DC1BC2B8086
C:\Windows\System32\Drivers\Null.sys 383E546EF4982262A0EF6CC2B6E9D525
C:\Windows\System32\drivers\nvraid.sys 466F875F1D4C6ABB46AF28007009237C
C:\Windows\System32\drivers\nvstor.sys 76F19EAE7A52CBAF7B8EC428BE6E0DA0
C:\Windows\System32\drivers\nv_agp.sys 0D0CB77D74B38E0EC62341C19E469D8D
C:\Windows\System32\drivers\parport.sys 38F1AE32339731F6E5A7281AE8042545
C:\Windows\System32\drivers\partmgr.sys 707889D2F95AAE8C9DD254D8767AD908
C:\Windows\System32\drivers\pci.sys 2834089EA4E550FF3B96E61FB4AA34ED
C:\Windows\System32\drivers\pciide.sys 3D587E4295B11B8480F7ACB09A89D718
C:\Windows\System32\drivers\pcmcia.sys B8F07002B5F1DA23CFF979C2806B09F3
C:\Windows\System32\drivers\pcw.sys FF588077D0C6AC2EA3FCBF1903CE08D0
C:\Windows\System32\drivers\pdc.sys 70469C8AC4AD367295E70CFDD81B754C
C:\Windows\System32\drivers\peauth.sys 688F47C342E1BBC87A48AB71D316233E
C:\Windows\System32\drivers\percsas2i.sys 189265498945593D5256CFF7FEBB9665
C:\Windows\System32\drivers\percsas3i.sys 9B86965114F6831A5130EFE6657B17D9
C:\Windows\System32\drivers\raspptp.sys 1433EB7908E5E1E20FFD50E4126C3484
C:\Windows\System32\drivers\processr.sys 22DE54C3974E4FD98F61D095C22C59B7
C:\Windows\System32\drivers\pacer.sys EDD52C352CBAAAD13FD7BD5DCEA309B3
C:\Windows\system32\drivers\qwavedrv.sys 51590F442C6E5D43244BA30DDB0CE79D
C:\Windows\System32\DRIVERS\rasacd.sys E951E70019865B06126AF850BCCA2026
C:\Windows\System32\drivers\AgileVpn.sys 0BF8607133AE264BC3C41A5BAA5FFB7B
C:\Windows\System32\drivers\rasl2tp.sys CA60F6C03611AF1710BC903ED9F566FB
C:\Windows\System32\drivers\raspppoe.sys E5FA41160F5A3D78D8F7765E5C5F6BB0
C:\Windows\System32\drivers\rassstp.sys DF0834AE921E633E05D1FDC55C318957
C:\Windows\System32\DRIVERS\rdbss.sys FC9B7AC6E2B837EF7CD6C64F7068D41D
C:\Windows\System32\drivers\rdpbus.sys FB7375657F8A5932C35EAA45E9B4B416
C:\Windows\System32\drivers\rdpdr.sys A32AED8C644734B283A7C9D08D76064D
C:\Windows\System32\drivers\rdpvideominiport.sys 37CC7E41243EFBB4FBC0510E5CA32A02
C:\Windows\System32\drivers\rdyboost.sys DAF957B25A35757E9D814611FAE8FE3B
C:\Windows\System32\Drivers\ReFSv1.sys 2C72E029C153D25325CA182A669E4ADE
C:\Windows\System32\drivers\rfcomm.sys 67E83C0C9A2B5ACEE9EF690E6B7E9189
C:\Windows\System32\drivers\rspndr.sys DC66C1D262D64E30A30B68E9F21AC74B
C:\Windows\system32\DRIVERS\rtsuvc.sys 6AB980A12B0B00420B6DA074CD26E198
C:\Windows\System32\drivers\vms3cap.sys 88F7703F2A4677C828124AE2110D3EBC
C:\Windows\System32\drivers\sbp2port.sys B467E932FE4E16E201DC7E56870CB559
C:\Windows\System32\DRIVERS\scfilter.sys 31DDA0716EC265CA57DAF9D2295FD76F
C:\Windows\System32\drivers\sdbus.sys 004C66464D8FE76D5DA78BE6777D61AF
C:\Windows\System32\drivers\sdstor.sys F4BF50A7D16A97A887BFA0F193693C42
C:\Windows\system32\DRIVERS\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
C:\Windows\System32\drivers\SerCx.sys 9DB0BBE3ABE1F49651AE51EC5BCABE58
C:\Windows\System32\drivers\SerCx2.sys C4AF79C37334D995D95C22C14FDBF7FD
C:\Windows\System32\drivers\serenum.sys FC541A272F47BE03E67A9FCB87FA8C3E
C:\Windows\System32\drivers\serial.sys 2A5F5F95FCA123DCBF53B5F603B64789
C:\Windows\System32\drivers\sermouse.sys C8738887228B7BFA3B1A906816A8BB12
C:\Windows\System32\drivers\sfloppy.sys 67832B68752CDF7FDE56949E4A2E70BF
C:\Windows\System32\drivers\SiSRaid2.sys ED058030296CF9B79C8D48BF43724323
C:\Windows\System32\drivers\sisraid4.sys 633D3D1581E9DCCD5A2D8F039104C9A5
C:\Windows\System32\drivers\spaceport.sys 187B4AD4446C59F8FCC4A10F473EE3D1
C:\Windows\System32\drivers\SpbCx.sys 2799FCA215919FDC9A87C5FCAB530828
C:\Windows\system32\drivers\NSx64\1605040.018\SRTSP64.SYS BFA32A566B958EF5A1D6383F3CB03AA2
C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS BA2ABBEA69BD1866C973DE11CB0CE9F8
C:\Windows\System32\DRIVERS\srv.sys AA1F23501511EFE9CF9771F6B20E8D45
C:\Windows\System32\DRIVERS\srv2.sys F5B169EDF9D5E3C7200D89D30E065D13
C:\Windows\System32\DRIVERS\srvnet.sys 2E142E027F0AA698BA4DCE49CBDB43CD
C:\Windows\System32\drivers\stexstor.sys DDE064A4298FD1FBF804D3ED691E7EDB
C:\Windows\System32\drivers\storahci.sys 32C95F44108C3E7DB58F773346E3C9D0
C:\Windows\System32\drivers\vmstorfl.sys 8883C8CE4942A99B84E1CC6EFA19738E
C:\Windows\System32\drivers\stornvme.sys AE7B7E1E95BFB9340B1956C98CA52C81
C:\Windows\System32\drivers\storqosflt.sys 63513EF3121689B3A59BD217618A2E42
C:\Windows\System32\drivers\storufs.sys 000F5CFCEF0F06DC8FD1D2F568E48AE4
C:\Windows\System32\drivers\storvsc.sys 7415087F9006D6818F85F3CBD79B1A50
C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys 802278EE4ACCE9EA1F1481DF20EB1667
C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS C9EC22D5B3C6B32A7C8B4A73870A7379
C:\Windows\System32\drivers\NSx64\1605040.018\SymELAM.sys 1DE0CBF15AC67AE0E5B456ADEFB89493
C:\windows\system32\Drivers\SYMEVENT64x86.SYS 6DF8F618B93C821630C9BAA8DA3FAAAF
C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS 0891E59A27208B9B727BAB863B853E80
C:\Windows\system32\drivers\NSx64\1605040.018\SYMNETS.SYS 751C968945EFD42469FE52D6CE384196
C:\Windows\system32\DRIVERS\SynRMIHID.sys 6DCCAF437637DFBEAE8F632C9AF2D793
C:\Windows\System32\drivers\Synth3dVsc.sys 12D0CB1DCAE6725B6CA54CC2038C4C8C
C:\Windows\system32\DRIVERS\SynTP.sys 3FCFE5221C6FE16BA7C57AA3B324EF8B
C:\Windows\System32\drivers\tcpip.sys 7EBD20284AC9BF9F0A020B86769BB074
C:\Windows\System32\drivers\tcpip.sys 7EBD20284AC9BF9F0A020B86769BB074
C:\Windows\System32\drivers\tcpipreg.sys D378A1AF58AFA84BB6AC753F2C1BE9F4
C:\Windows\system32\DRIVERS\tdx.sys 28E1E63A1AC65E17B3194238FA2CF3BF
C:\Windows\System32\drivers\terminpt.sys CCDBD2817C10A4F631280CBB3AE44FFB
C:\Windows\system32\drivers\tpm.sys F4AEDABC8F3A9D632F8206D0C7F8CA09
C:\Windows\System32\drivers\TsUsbFlt.sys 676C801CAA61AADD0C918CC536A74B78
C:\Windows\System32\drivers\TsUsbGD.sys 2BB6CC0DD1CEE86330743B56FA9FE91F
C:\Windows\System32\drivers\tunnel.sys 14B46248612DF1B1A695040FFFBCFAFC
C:\Windows\System32\drivers\uagp35.sys D0BE5EA1652D55029C9A898FB8ACFCE0
C:\Windows\System32\drivers\uaspstor.sys 13C15E4B238895FE4731DB1D612EEB5F
C:\Windows\System32\Drivers\UcmCx.sys BEBB8B55C5F99B69EEE39A9D7BADB21E
C:\Windows\System32\drivers\UcmUcsi.sys DE3EDAF609D00EA2E54986E6459796A6
C:\Windows\System32\drivers\ucx01000.sys FB1C1D8B96A482F3581338D6752E1D6C
C:\Windows\System32\drivers\udecx.sys 4E1543ACE2F6E2846713E5123D9D4159
C:\Windows\System32\DRIVERS\udfs.sys CDCA9CC1D8293E75218D8FF85F2337A4
C:\Windows\System32\drivers\UEFI.sys BC683E19307C533C7161DB7A58051347
C:\Windows\System32\drivers\ufx01000.sys D14B42C26DE402F316D49667D15446F0
C:\Windows\System32\drivers\UfxChipidea.sys 192470BE4321791FBB25F379D0141D6F
C:\Windows\System32\drivers\ufxsynopsys.sys F7BD838E84E6B286DBCE068EFB8C0800
C:\Windows\System32\drivers\uliagpkx.sys A25842AC180F0E8B02380ECB8ADA1AF5
C:\Windows\System32\drivers\umbus.sys 21088F43172525C7E02D335A3327F46C
C:\Windows\System32\drivers\umpass.sys 294A291B5D48FE8F38DD94B7272442C5
C:\Windows\System32\drivers\urschipidea.sys A7A52EDDC3FAF183D6AC4774690ADF13
C:\Windows\System32\drivers\urscx01000.sys 2EEA0897DD9E30E958B508D557F0B5E4
C:\Windows\System32\drivers\urssynopsys.sys DC54D775A3A61E4CDE871B4E38A1459A
C:\Windows\System32\drivers\usbccgp.sys 18B63A0980F4AA1E6D7879B253980E37
C:\Windows\System32\drivers\usbcir.sys 1C60A1A3C8E1E819E16F12BAEB1C83F8
C:\Windows\System32\drivers\usbehci.sys 9A3E39F85DC6E3B9F792F1095ACFF788
C:\Windows\System32\drivers\usbhub.sys 0A368247A900656CC0678117DFC3A87C
C:\Windows\System32\drivers\UsbHub3.sys C08449092043601887A1743350888635
C:\Windows\System32\drivers\usbohci.sys 72EA850B59F40C25A4FEDDA5FE84EFEB
C:\Windows\System32\drivers\usbprint.sys 47B2B2DE152E25546944049CA1170BB1
C:\Windows\System32\drivers\usbser.sys 1F72E1A7E1858B7B3FF81522FCEBDE95
C:\Windows\System32\drivers\USBSTOR.SYS CD35467670DF1E6FBF36DA308F0C872B
C:\Windows\System32\drivers\usbuhci.sys DFA92EA105DD1073B43FB210EEB03DD4
C:\Windows\System32\drivers\USBXHCI.SYS C67A03F54A1EA683F4880A481EE5FF6C
C:\Windows\System32\drivers\vdrvroot.sys 26223003DDFB347B5CF3EC0B56DB066B
C:\Windows\System32\drivers\VerifierExt.sys A417284BC6B5C2EEF63F2C5154473530
C:\Windows\System32\drivers\vhdmp.sys 4C39C05A72EB14C0567501C7E087E564
C:\Windows\System32\drivers\vhf.sys C42206A15078596FDE8E89BB629DE342
C:\Windows\System32\drivers\vmbus.sys 248D9F911A5C94CF8477125DD0C3A291
C:\Windows\System32\drivers\VMBusHID.sys 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E
C:\Windows\System32\drivers\volmgr.sys 91F165C5D71D9DCB18D4661CF10D1084
C:\Windows\System32\drivers\volmgrx.sys 17042748AC05862A0283D32575220080
C:\Windows\System32\drivers\volsnap.sys 823A237D871CD652C6BFD47BECB6810A
C:\Windows\System32\drivers\vpci.sys 78727FA284C2095EED660D71CD3C9AEF
C:\Windows\System32\drivers\vsmraid.sys 2415961D561E02F5E46B7C1C687A6788
C:\Windows\System32\drivers\vstxraid.sys 6AE9A843AE979F2DCCA5A25C07C7A5F8
C:\Windows\System32\drivers\vwifibus.sys BD232C761C59FA8D8EF626CA630E2D2E
C:\Windows\System32\drivers\vwififlt.sys 3039687AB65CEE26CF478C1F42FFCD7D
C:\Windows\System32\drivers\vwifimp.sys 37C868DDE3103130B00AD1313DAB5ACB
C:\Windows\System32\drivers\wacompen.sys FC40A7527D39F06D032A6553D22E4BF6
C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
C:\Windows\system32\drivers\WdBoot.sys C8BA574B3BA6AE88741AC86B1FE3C1DC
C:\Windows\System32\drivers\Wdf01000.sys 927AD29D7F91B9A0C5294932374DA15E
C:\Windows\system32\drivers\WdFilter.sys C5BB7C612B4C852836BEA39593BA5F46
C:\Windows\System32\DRIVERS\wdiwifi.sys 9B2039C5673EEBF1D4E34ABC0AFB88C7
C:\Windows\System32\Drivers\WdNisDrv.sys BD193A7BD34B2E829FAF56306FEE3B09
C:\Windows\System32\drivers\wfplwfs.sys DBF5255B759212E5217A2748567A0B5C
C:\Windows\System32\drivers\wimmount.sys 4375BCBA419D19695CF566082CEF27D3
C:\Windows\System32\drivers\WindowsTrustedRT.sys 037BC6DE5F58D4A74A5BB0C12DCECDCA
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 70BCD70BD53F2FE660ED94B025A043EB
C:\Windows\System32\drivers\winmad.sys 7792AE5403BF8975B6460DFC3428D129
C:\Windows\System32\drivers\WinUSB.SYS 811F30EB6EE8318C4171CB95AE30B9BD
C:\Windows\System32\drivers\winverbs.sys DF00381AB8665D48DE3FF794BC6760AB
C:\Windows\System32\drivers\wmiacpi.sys 623ED8E10DFEEAB7AE2CD11A0451DB79
C:\Windows\System32\Drivers\Wof.sys 78CA1FF6FE37EEFAFF99DD1C956AF60A
C:\Windows\System32\DRIVERS\wpcfltr.sys 388F2A3C771B8BEE76FD1AAF9614D08E
C:\Windows\System32\drivers\WpdUpFltr.sys 37DCE976B3935380F2F6E39ABB6BF40D
C:\Windows\system32\drivers\ws2ifsl.sys 3CD22DD5A790CF7C24D65455E565EA83
C:\Windows\System32\drivers\WSDPrint.sys E392DFAF6D0DEFC812ECC727A61F91C5
C:\Windows\system32\DRIVERS\WSDScan.sys 0902C63D8C836EA4D0876FCD8D627701
C:\Windows\System32\drivers\WudfPf.sys 835F60262E7E310080EA05F6752BF248
C:\Windows\System32\drivers\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
C:\Windows\system32\DRIVERS\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
C:\Windows\System32\drivers\xboxgip.sys 30021D1E0407B71E8D5D4F8DAE4E656A
C:\Windows\System32\drivers\xinputhid.sys 6851673B90D8CB332439E0339F81A6B6
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-18 18:57 - 2015-10-18 18:57 - 00045475 _____ C:\Users\Casey\Downloads\FRST.txt
2015-10-18 18:56 - 2015-10-18 18:56 - 02196992 _____ (Farbar) C:\Users\Casey\Downloads\frst64.exe
2015-10-18 18:48 - 2015-10-18 18:48 - 00016148 _____ C:\WINDOWS\system32\CASEY_Casey_HistoryPrediction.bin
2015-10-18 17:51 - 2015-10-18 18:44 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-18 17:22 - 2015-10-18 18:46 - 00000000 ____D C:\WINDOWS\pss
2015-10-18 16:56 - 2015-10-18 16:56 - 00000000 ____D C:\Users\Casey\Downloads\log
2015-10-18 16:49 - 2015-10-18 16:57 - 00000000 ____D C:\Users\Casey\Downloads\TMRBLog
2015-10-18 16:49 - 2015-10-18 16:49 - 14861360 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\svchost64.exe.exe
2015-10-18 16:49 - 2015-10-18 16:49 - 00000000 ____D C:\WINDOWS\system32\log
2015-10-18 16:48 - 2015-10-18 16:48 - 00260483 _____ C:\Users\Casey\AppData\Local\census.cache
2015-10-18 16:48 - 2015-10-18 16:48 - 00180513 _____ C:\Users\Casey\AppData\Local\ars.cache
2015-10-18 16:35 - 2015-10-18 16:35 - 09739456 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\attk_far_gui_x64.exe
2015-10-18 16:35 - 2015-10-18 16:35 - 00000000 ____D C:\WINDOWS\system32\TrendMicro AntiThreat Toolkit
2015-10-18 16:19 - 2015-10-18 16:46 - 00000334 _____ C:\Users\Casey\Downloads\Result.txt
2015-10-18 16:17 - 2015-10-18 16:35 - 00000324 _____ C:\WINDOWS\system32\Result.txt
2015-10-18 16:16 - 2015-10-18 16:16 - 09739456 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\svchost.exe.exe
2015-10-18 16:07 - 2015-10-18 16:07 - 00000000 ____D C:\TMRescueDisk
2015-10-18 16:06 - 2015-10-18 16:07 - 73956728 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\RescueDisk.exe
2015-10-18 14:51 - 2015-10-18 14:51 - 02494944 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\HousecallLauncher64.exe
2015-10-18 14:49 - 2015-10-18 18:50 - 00000000 ____D C:\Users\Casey\AppData\Local\MicrosoftEdge
2015-10-18 14:45 - 2015-10-18 14:45 - 01261876 _____ C:\Users\Casey\Desktop\Info20151018144415.xml
2015-10-18 14:35 - 2015-10-18 14:35 - 00002349 _____ C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-18 14:34 - 2015-10-18 18:49 - 00000000 ____D C:\Users\Casey\AppData\Local\Deployment
2015-10-18 14:34 - 2015-10-18 14:34 - 00000000 ____D C:\Users\Casey\AppData\Local\Publishers
2015-10-18 14:33 - 2015-10-18 14:35 - 00000000 ____D C:\Users\Casey\AppData\Local\Comms
2015-10-18 14:33 - 2015-10-18 14:33 - 00000000 ____D C:\Users\Casey\AppData\Local\TileDataLayer
2015-10-18 14:29 - 2015-10-18 14:29 - 00016148 _____ C:\WINDOWS\system32\CASEY_casey_000_HistoryPrediction.bin
2015-10-18 14:24 - 2015-10-18 14:52 - 00000010 _____ C:\Users\Casey\AppData\Local\sponge.last.runtime.cache
2015-10-18 14:23 - 2015-10-18 14:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\casey_000\Downloads\HijackThis (1).exe
2015-10-18 14:23 - 2015-10-18 14:23 - 00009642 _____ C:\Users\casey_000\Downloads\hijackthis.log
2015-10-18 14:21 - 2015-10-18 14:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\casey_000\Downloads\HijackThis.exe
2015-10-18 14:21 - 2015-10-18 14:21 - 00000036 _____ C:\Users\Casey\AppData\Local\housecall.guid.cache
2015-10-18 14:21 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-10-18 14:20 - 2015-10-18 14:20 - 02494560 _____ (Trend Micro Inc.) C:\Users\casey_000\Downloads\HousecallLauncher64.exe
2015-10-18 14:19 - 2015-10-18 14:19 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\casey_000\Downloads\RUBottedSetup.exe
2015-10-18 14:19 - 2015-10-18 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-10-18 14:19 - 2015-10-18 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2015-10-18 14:19 - 2015-10-18 14:19 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-10-18 14:19 - 2015-10-18 14:19 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-10-16 20:43 - 2015-10-16 20:43 - 04564250 _____ C:\Users\casey_000\Desktop\net-internals-log.json
2015-10-16 20:21 - 2015-10-16 20:28 - 00000000 ____D C:\Users\casey_000\AppData\Local\Mozilla
2015-10-16 20:21 - 2015-10-16 20:21 - 00001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-16 20:21 - 2015-10-16 20:21 - 00001231 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-16 20:21 - 2015-10-16 20:21 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Mozilla
2015-10-16 20:21 - 2015-10-16 20:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-16 20:21 - 2015-10-16 20:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-16 20:16 - 2015-10-16 20:16 - 00000000 ____D C:\Users\casey_000\AppData\Local\Mixesoft
2015-10-16 19:57 - 2015-10-16 19:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-16 19:13 - 2015-10-16 20:28 - 00000000 ____D C:\Users\casey_000\Desktop\remove
2015-10-16 18:37 - 2015-10-16 14:47 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-16 18:37 - 2015-10-16 14:40 - 00000000 __SHD C:\Recovery
2015-10-16 18:35 - 2015-10-16 18:35 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-16 18:35 - 2015-10-16 18:35 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-16 18:35 - 2015-10-16 18:35 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-16 18:35 - 2015-10-16 18:35 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-16 18:35 - 2015-10-16 18:35 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-16 18:35 - 2015-10-16 18:35 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-16 18:35 - 2015-10-16 18:35 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-16 18:35 - 2015-10-16 18:35 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-16 18:35 - 2015-10-16 18:35 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-16 18:35 - 2015-10-16 18:35 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-16 18:35 - 2015-10-16 18:35 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00000000 ____D C:\Windows.old
2015-10-16 18:32 - 2015-10-16 18:32 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-16 18:32 - 2015-10-16 18:32 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-16 18:32 - 2015-10-16 18:32 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-16 18:30 - 2015-10-16 18:30 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-16 18:29 - 2015-10-16 18:29 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-16 18:29 - 2015-10-16 18:29 - 00000000 ____D C:\Program Files\MSBuild
2015-10-16 18:29 - 2015-10-16 18:29 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-16 18:29 - 2015-10-16 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-16 18:28 - 2015-06-17 22:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-10-16 18:28 - 2015-06-17 22:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-16 18:28 - 2015-06-17 22:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-10-16 18:28 - 2015-05-30 01:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-10-16 18:28 - 2015-05-30 01:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-16 18:28 - 2015-05-30 01:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-10-16 18:27 - 2015-10-16 18:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-10-16 18:27 - 2015-10-16 18:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-10-16 18:26 - 2015-10-16 18:26 - 18218800 _____ (Adobe Systems Inc.) C:\Users\casey_000\Downloads\AdobeAIRInstaller.exe
2015-10-16 18:25 - 2015-10-16 18:25 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-10-16 18:24 - 2015-10-16 18:25 - 13840464 _____ (Adobe Systems Inc.) C:\Users\casey_000\Downloads\Shockwave_Installer_Full.exe
2015-10-16 18:19 - 2015-10-16 20:19 - 00000000 ____D C:\Users\casey_000\AppData\Local\Google
2015-10-16 18:19 - 2015-10-16 18:31 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-16 18:19 - 2015-10-16 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-16 18:18 - 2015-10-18 18:48 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-16 18:18 - 2015-10-18 17:30 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-16 18:18 - 2015-10-16 18:25 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-16 18:18 - 2015-10-16 18:25 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-16 18:18 - 2015-10-16 18:18 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-16 18:17 - 2015-10-16 22:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-16 18:17 - 2015-10-16 18:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-16 18:17 - 2015-10-16 18:17 - 00002135 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-16 18:15 - 2015-10-16 22:30 - 00000000 ____D C:\ProgramData\Adobe
2015-10-16 18:14 - 2015-10-16 18:27 - 00000000 ____D C:\Users\casey_000\AppData\Local\Adobe
2015-10-16 18:14 - 2015-10-16 18:27 - 00000000 ____D C:\Users\Casey\AppData\Local\Adobe
2015-10-16 15:10 - 2015-10-16 22:30 - 00000000 ____D C:\Users\casey_000\AppData\Local\CrashDumps
2015-10-16 14:59 - 2015-10-16 14:59 - 11353649 _____ C:\Users\casey_000\Downloads\Waterfalls.themepack
2015-10-16 14:58 - 2015-10-16 14:58 - 00000020 ___SH C:\Users\Casey\ntuser.ini
2015-10-16 14:57 - 2015-10-16 22:14 - 00000000 ____D C:\Users\casey_000\AppData\Local\MicrosoftEdge
2015-10-16 14:55 - 2015-10-16 14:55 - 00000000 ____D C:\Users\casey_000\AppData\Local\NetworkTiles
2015-10-16 14:53 - 2015-10-16 15:01 - 00000000 ____D C:\Users\casey_000\AppData\Local\Comms
2015-10-16 14:53 - 2015-10-16 14:54 - 00002361 _____ C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-16 14:52 - 2015-10-16 14:52 - 00000000 ____D C:\Users\casey_000\AppData\Local\Publishers
2015-10-16 14:51 - 2015-10-16 14:51 - 00000020 ___SH C:\Users\casey_000\ntuser.ini
2015-10-16 14:51 - 2015-10-16 14:51 - 00000000 ____D C:\Users\casey_000\AppData\Local\TileDataLayer
2015-10-16 14:46 - 2015-10-18 18:52 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-16 14:46 - 2015-10-16 14:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-10-16 14:43 - 2015-10-16 14:43 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2015-10-16 14:43 - 2015-10-16 14:43 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2015-10-16 14:42 - 2015-10-16 14:42 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-16 14:41 - 2015-10-16 14:43 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-10-16 14:40 - 2015-10-18 14:33 - 00000000 ___RD C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-16 14:40 - 2015-10-16 20:43 - 00000000 ____D C:\Users\casey_000
2015-10-16 14:40 - 2015-10-16 14:58 - 00000000 ____D C:\Users\Casey
2015-10-16 14:40 - 2015-10-16 14:51 - 00000000 ___RD C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 __RSD C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 __RSD C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ___RD C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ___RD C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ___RD C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ___RD C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-16 14:39 - 2015-10-18 18:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-16 14:39 - 2015-10-16 14:41 - 00000000 ____D C:\Program Files\Intel
2015-10-16 14:39 - 2015-10-16 14:39 - 00000515 _____ C:\WINDOWS\Synaptics.PD.log
2015-10-16 14:39 - 2015-10-16 14:39 - 00000515 _____ C:\WINDOWS\Synaptics.log
2015-10-16 14:39 - 2015-10-16 14:39 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsHid_02_15_00.Wdf
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SdoV2_02_15_00.Wdf
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____D C:\Program Files\Synaptics
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____D C:\Program Files\Realtek
2015-10-16 14:39 - 2015-07-17 23:58 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-10-16 14:39 - 2015-07-17 23:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-10-16 14:37 - 2015-10-16 14:38 - 00030806 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-10-16 14:23 - 2015-10-16 14:46 - 00006611 _____ C:\WINDOWS\comsetup.log
2015-10-16 14:22 - 2015-10-16 14:46 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2015-10-16 14:22 - 2015-10-16 14:46 - 00013338 _____ C:\WINDOWS\diagerr.xml
2015-10-16 14:02 - 2015-10-16 14:46 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3872892580-1632997701-2637702364-1002
2015-10-16 13:59 - 2015-10-16 13:59 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Macromedia
2015-10-16 13:59 - 2015-10-16 13:59 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Intel Corporation
2015-10-16 13:59 - 2015-10-16 13:59 - 00000000 ____D C:\Users\casey_000\AppData\Local\GWX
2015-10-16 13:57 - 2015-10-16 14:55 - 00000000 ____D C:\Users\casey_000\OneDrive
2015-10-16 13:57 - 2015-10-16 14:52 - 00000000 ____D C:\Users\casey_000\AppData\Local\PackageStaging
2015-10-16 13:51 - 2015-10-18 14:23 - 00000000 ____D C:\Users\casey_000\AppData\Local\VirtualStore
2015-10-16 13:51 - 2015-10-17 13:15 - 00000000 ____D C:\Users\casey_000\AppData\Local\Packages
2015-10-16 13:51 - 2015-10-16 18:27 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Adobe
2015-10-16 13:51 - 2015-10-16 13:51 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Intel
2015-10-16 13:47 - 2015-10-18 18:39 - 00000000 ____D C:\Users\Casey\Desktop\backups
2015-10-14 19:19 - 2015-10-14 19:19 - 01705274 _____ C:\Users\Casey\Desktop\Remediate2015101419165430711000000.dat
2015-10-14 19:19 - 2015-10-14 19:19 - 00004608 _____ C:\Users\Casey\Desktop\Metadata.dat
2015-10-14 19:18 - 2015-10-16 13:36 - 01924825 _____ C:\Users\Casey\Desktop\Info20151014191654.xml
2015-10-14 03:28 - 2015-10-18 17:14 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-14 03:27 - 2015-10-14 03:28 - 01913095 _____ C:\Users\Casey\Desktop\Info20151014032637.xml
2015-10-14 03:23 - 2015-10-14 03:23 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Casey\Desktop\rkill64.exe
2015-10-14 03:09 - 2015-10-18 18:57 - 00000000 ____D C:\FRST
2015-10-14 02:41 - 2015-10-14 02:41 - 01682432 _____ C:\Users\Casey\Desktop\AdwCleaner.exe
2015-10-14 02:21 - 2015-10-14 02:21 - 00000709 _____ C:\Users\Casey\Desktop\'hosts'.txt
2015-10-14 02:12 - 2015-10-14 02:25 - 00007832 _____ C:\Users\Casey\Desktop\hijackthis.txt
2015-10-14 02:11 - 2015-10-18 18:28 - 00008719 _____ C:\Users\Casey\Desktop\hijackthis.log
2015-10-14 02:11 - 2015-10-14 02:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Casey\Desktop\HijackThis.exe
2015-10-14 01:50 - 2015-10-18 17:58 - 00004616 _____ C:\Users\Casey\Desktop\Rkill.txt
2015-10-14 01:49 - 2015-10-14 01:49 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Casey\Desktop\rkill.exe
2015-10-14 01:42 - 2015-10-14 01:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-14 01:42 - 2015-10-14 01:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-14 01:42 - 2015-10-14 01:42 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-14 01:42 - 2015-10-14 01:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-14 01:39 - 2015-10-18 18:44 - 00000000 ____D C:\AdwCleaner
2015-10-14 01:22 - 2015-10-14 01:22 - 00000196 _____ C:\Users\Casey\Desktop\shares1.txt
2015-10-14 01:22 - 2015-10-14 01:22 - 00000036 _____ C:\Users\Casey\Desktop\shares.txt
2015-10-14 01:20 - 2015-10-14 01:20 - 00000017 _____ C:\Users\Casey\AppData\Local\resmon.resmoncfg
2015-10-14 01:19 - 2015-10-18 14:29 - 00000000 ____D C:\Users\Casey\AppData\Local\CrashDumps
2015-10-14 00:25 - 2015-10-14 00:25 - 00000000 ____D C:\ESD
2015-10-14 00:16 - 2015-10-14 00:16 - 00000000 ___HD C:\$Windows.~WS
2015-10-13 02:50 - 2015-10-13 02:57 - 00000000 ____D C:\Users\Casey\AppData\Local\Mozilla
2015-10-13 02:50 - 2015-10-13 02:51 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Mozilla
2015-10-13 02:38 - 2015-10-13 02:38 - 00000000 ____D C:\ProgramData\OneKey Optimizer
2015-10-13 02:36 - 2014-06-10 12:54 - 00192624 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\esif_lf.sys
2015-10-13 02:36 - 2014-06-10 12:54 - 00035136 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_cpu.sys
2015-10-13 02:36 - 2014-06-10 12:54 - 00034072 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_pch.sys
2015-10-13 02:36 - 2013-06-18 06:34 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01011.dll
2015-10-13 02:27 - 2015-10-16 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2015-10-13 02:27 - 2015-10-13 02:27 - 00001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudio.lnk
2015-10-13 02:27 - 2015-10-13 02:27 - 00000000 ____D C:\Program Files\Waves
2015-10-13 02:27 - 2015-03-05 15:13 - 72113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-10-13 02:27 - 2015-03-05 15:13 - 12975360 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2015-10-13 02:27 - 2015-03-05 15:13 - 05234952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 04421976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-10-13 02:27 - 2015-03-05 15:13 - 03218800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 02909552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 02902040 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 02814832 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 02702040 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-10-13 02:27 - 2015-03-05 15:13 - 02162992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01952152 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-10-13 02:27 - 2015-03-05 15:13 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01709272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01499984 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01360640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01313904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01298136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01136728 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01104040 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00979280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00943784 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00856992 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00734376 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00501184 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00487360 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00415680 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00250536 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00096568 _____ C:\WINDOWS\system32\audioLibVc.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-10-13 02:27 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-10-13 02:27 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-10-13 02:27 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-10-13 02:27 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-10-13 02:27 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2015-10-13 02:27 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2015-10-13 02:27 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2015-10-13 02:27 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2015-10-13 02:27 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2015-10-13 02:24 - 2015-10-13 02:24 - 629145600 ___SH C:\WINDOWS\lenovo_fastboot.img
2015-10-13 02:24 - 2015-10-13 02:24 - 00001206 _____ C:\Users\Public\Desktop\OneKey Optimizer.Lnk
2015-10-13 02:23 - 2015-10-13 02:23 - 00035064 _____ (Lenovo Corporation) C:\WINDOWS\system32\Drivers\AcpiVpc.sys
2015-10-13 02:23 - 2015-01-27 15:34 - 00070168 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Fastboot.sys
2015-10-13 02:22 - 2015-10-13 02:22 - 02356592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\Users\Casey\Intel.sav
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Intel
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\ProgramData\Intel.sav
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-10-13 02:19 - 2015-10-13 02:22 - 00000000 ____D C:\Users\Casey\AppData\Local\Downloaded Installations
2015-10-13 02:19 - 2015-10-13 02:19 - 00000000 ____D C:\Program Files\DIFX
2015-10-13 02:06 - 2015-10-16 14:43 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-10-13 01:53 - 2015-10-13 02:30 - 00000425 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-10-13 01:18 - 2015-10-16 18:19 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-13 01:18 - 2015-10-13 01:18 - 00000000 ____D C:\Users\Casey\AppData\Local\Google
2015-10-13 01:17 - 2015-10-13 01:17 - 00000000 ____D C:\Users\Casey\AppData\Local\Apps\2.0
2015-10-13 01:07 - 2015-10-18 18:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2015-10-13 01:05 - 2015-10-16 14:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-10-13 01:05 - 2015-10-13 01:05 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-10-13 01:05 - 2015-10-13 01:05 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-10-13 01:05 - 2015-10-13 01:05 - 00002411 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-10-13 01:05 - 2015-10-13 01:05 - 00000000 ____D C:\Program Files (x86)\Norton Security
2015-10-12 23:36 - 2015-10-12 23:36 - 00000000 ____D C:\BIOS
2015-10-12 23:12 - 2015-10-12 23:12 - 00000000 ____D C:\Users\Casey\AppData\Roaming\InstallShield
2015-10-12 23:07 - 2015-10-12 23:07 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\Intel
2015-10-12 23:06 - 2015-10-12 23:06 - 00000000 ____D C:\Users\Casey\Intel
2015-10-12 22:49 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-12 21:01 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-10-12 19:17 - 2015-10-16 18:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-12 19:17 - 2015-10-16 18:26 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-12 19:04 - 2015-10-18 14:44 - 00000000 ____D C:\NPE
2015-10-12 19:03 - 2015-10-18 18:25 - 00000000 ____D C:\Users\Casey\AppData\Local\NPE
2015-10-12 19:03 - 2015-10-12 23:14 - 03088296 _____ (Symantec Corporation) C:\Users\Casey\Desktop\NPE.exe
2015-10-12 18:55 - 2015-10-12 18:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-10-12 18:51 - 2015-10-16 14:46 - 00003416 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-10-12 18:51 - 2015-10-13 01:05 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-10-12 18:50 - 2015-10-12 18:50 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2015-10-12 18:48 - 2015-10-13 01:07 - 00000000 ____D C:\ProgramData\Norton
2015-10-12 18:48 - 2015-10-12 18:48 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-10-12 18:47 - 2014-10-28 21:54 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfpCommon.dll
2015-10-12 18:46 - 2014-10-28 21:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfp.exe
2015-10-12 18:13 - 2015-10-12 18:20 - 05202968 _____ (Symantec Corporation) C:\Users\Public\Documents\NortonSymHelp.exe
2015-10-12 17:46 - 2015-10-16 14:43 - 00000000 ____D C:\WINDOWS\SysWOW64\reaper_data
2015-10-12 17:26 - 2015-10-16 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VRQ
2015-10-12 17:26 - 2015-10-12 17:27 - 00000000 ____D C:\Program Files (x86)\VRQ
2015-10-12 17:26 - 2015-10-12 17:26 - 00000000 ____D C:\ProgramData\Norton VRQ
2015-10-12 17:20 - 2015-10-13 01:31 - 00000000 ____D C:\Users\Casey\AppData\Local\LogMeIn Rescue Applet
2015-10-12 17:19 - 2015-10-18 14:35 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D4B09748-5B5D-42B7-9A1B-671D3234AB17}
2015-10-12 17:19 - 2015-10-12 21:03 - 00000000 __SHD C:\Users\Casey\AppData\LocalLow\EmieUserList
2015-10-12 17:19 - 2015-10-12 21:03 - 00000000 __SHD C:\Users\Casey\AppData\LocalLow\EmieSiteList
2015-10-12 17:19 - 2015-10-12 21:03 - 00000000 __SHD C:\Users\Casey\AppData\Local\EmieUserList
2015-10-12 17:19 - 2015-10-12 21:03 - 00000000 __SHD C:\Users\Casey\AppData\Local\EmieSiteList
2015-10-12 17:17 - 2015-10-16 14:46 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3872892580-1632997701-2637702364-1001
2015-10-12 17:17 - 2015-10-16 14:46 - 00003404 _____ C:\WINDOWS\System32\Tasks\LSInstallManager
2015-10-12 17:15 - 2015-10-12 17:15 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Macromedia
2015-10-12 17:14 - 2015-10-12 17:14 - 00000000 ____D C:\Users\Public\Pokki
2015-10-12 17:14 - 2015-10-12 17:14 - 00000000 ____D C:\Users\Casey\AppData\Local\Lenovo
2015-10-12 17:13 - 2015-10-12 17:42 - 00053755 _____ C:\Users\Public\Documents\TestPicksStart.txt
2015-10-12 17:13 - 2015-10-12 17:13 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Intel Corporation
2015-10-12 17:13 - 2015-10-12 17:13 - 00000000 ____D C:\Users\Casey\AppData\Local\GWX
2015-10-12 17:12 - 2015-10-18 16:59 - 00000000 ____D C:\Users\Casey\OneDrive
2015-10-12 17:12 - 2015-10-12 17:12 - 00000000 ____D C:\Users\Casey\AppData\Local\PackageStaging
2015-10-12 17:11 - 2015-10-18 15:21 - 00000000 ____D C:\Users\Casey\AppData\Local\Packages
2015-10-12 17:11 - 2015-10-14 02:11 - 00000000 ____D C:\Users\Casey\AppData\Local\VirtualStore
2015-10-12 17:11 - 2015-10-12 17:11 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Adobe
2015-10-12 17:08 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00774832 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00637616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-10-01 22:41 - 2015-10-01 22:41 - 00428736 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00279216 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo34-2.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00277696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00065728 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2015-10-01 22:41 - 2015-10-01 22:41 - 00065728 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-18 18:54 - 2014-12-22 19:27 - 00000000 ____D C:\ProgramData\Lenovo
2015-10-18 18:50 - 2014-12-22 19:23 - 00006469 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-10-18 18:48 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-18 18:48 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-18 17:13 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-18 17:03 - 2015-09-10 01:32 - 00010708 _____ C:\WINDOWS\PFRO.log
2015-10-18 15:32 - 2015-07-30 17:50 - 00020966 _____ C:\WINDOWS\setupact.log
2015-10-18 15:26 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-17 03:35 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-17 03:30 - 2015-07-30 18:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-17 03:30 - 2015-07-30 17:49 - 00201912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-16 18:37 - 2015-07-30 18:42 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-16 18:35 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-16 18:26 - 2015-07-30 18:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-16 14:55 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-16 14:47 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\rescache
2015-10-16 14:46 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\Registration
2015-10-16 14:46 - 2014-12-22 19:19 - 00003830 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-16 14:46 - 2014-12-22 19:19 - 00003588 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-16 14:45 - 2015-07-30 18:42 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-16 14:43 - 2015-07-30 18:43 - 00005306 _____ C:\WINDOWS\DtcInstall.log
2015-10-16 14:43 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-16 14:43 - 2014-12-22 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-10-16 14:43 - 2014-12-22 19:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-10-16 14:43 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-16 14:41 - 2014-12-22 19:27 - 00000000 ____D C:\WINDOWS\SysWOW64\Lenovo
2015-10-16 14:41 - 2014-12-22 19:27 - 00000000 ____D C:\WINDOWS\system32\Lenovo
2015-10-16 14:41 - 2014-12-22 19:18 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-16 14:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-10-16 14:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-10-16 14:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-10-16 14:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-10-16 14:40 - 2015-07-10 05:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-16 14:39 - 2015-07-30 17:50 - 00000049 _____ C:\WINDOWS\setuperr.log
2015-10-16 14:37 - 2015-07-10 05:47 - 00000000 __RHD C:\Users\Default
2015-10-16 14:23 - 2015-09-10 02:58 - 00000000 ___HD C:\$Windows.~BT
2015-10-14 19:29 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-13 02:52 - 2014-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-13 02:52 - 2014-12-22 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-13 02:50 - 2014-12-22 19:39 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-10-13 02:40 - 2014-12-22 19:10 - 00096790 _____ C:\WINDOWS\DPINST.LOG
2015-10-13 02:30 - 2014-12-22 19:21 - 00016162 _____ C:\WINDOWS\system32\results.xml
2015-10-13 02:29 - 2014-12-22 19:20 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2015-10-13 02:28 - 2014-12-22 19:24 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-10-13 02:23 - 2014-12-22 19:22 - 00000000 ____D C:\Program Files\Lenovo
2015-10-13 02:21 - 2014-12-22 19:18 - 00000000 ____D C:\ProgramData\Intel
2015-10-13 02:20 - 2014-12-22 19:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-13 02:06 - 2014-12-22 19:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-10-12 23:03 - 2014-12-22 19:23 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-12 18:23 - 2014-12-22 19:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-10-12 17:46 - 2014-12-22 19:38 - 00002560 _____ C:\WINDOWS\system32\VfService.trf
2015-10-12 17:43 - 2014-12-22 19:40 - 00000000 ____D C:\Program Files\Lenovo PhoneCompanion
2015-10-12 17:33 - 2014-12-22 19:37 - 00000000 ____D C:\ProgramData\TEMP
2015-10-12 17:32 - 2014-12-22 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Photo Master
2015-10-12 17:32 - 2014-12-22 19:40 - 00000000 ____D C:\ProgramData\CyberLink
2015-10-12 17:17 - 2014-12-22 19:38 - 00000000 ____D C:\ProgramData\McAfee
2015-10-12 17:12 - 2014-12-22 19:39 - 00000000 ____D C:\Users\Public\Documents\Lenovo
2015-10-02 13:36 - 2015-07-30 18:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 13:36 - 2015-07-30 18:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-10-18 16:48 - 2015-10-18 16:48 - 0180513 _____ () C:\Users\Casey\AppData\Local\ars.cache
2015-10-18 16:48 - 2015-10-18 16:48 - 0260483 _____ () C:\Users\Casey\AppData\Local\census.cache
2015-10-18 14:21 - 2015-10-18 14:21 - 0000036 _____ () C:\Users\Casey\AppData\Local\housecall.guid.cache
2015-10-14 01:20 - 2015-10-14 01:20 - 0000017 _____ () C:\Users\Casey\AppData\Local\resmon.resmoncfg
2015-10-18 14:24 - 2015-10-18 14:52 - 0000010 _____ () C:\Users\Casey\AppData\Local\sponge.last.runtime.cache
2015-10-16 14:39 - 2015-10-16 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Casey\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {9fff7d45-715b-11e5-826e-806e6f6e6963}
                        {c1dce4c8-75e9-11e5-82a3-90489afb25f1}
                        {c1dce4c9-75e9-11e5-82a3-90489afb25f1}
                        {c1dce4ca-75e9-11e5-82a3-90489afb25f1}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {59004cad-7433-11e5-8293-e3af2e49e19e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0
 
Firmware Application (101fffff)
-------------------------------
identifier              {624d3c21-8a37-11e4-83ea-806e6f6e6963}
description             EFI USB Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {624d3c22-8a37-11e4-83ea-806e6f6e6963}
description             EFI DVD/CDROM
 
Firmware Application (101fffff)
-------------------------------
identifier              {624d3c23-8a37-11e4-83ea-806e6f6e6963}
description             EFI Network
 
Firmware Application (101fffff)
-------------------------------
identifier              {9fff7d45-715b-11e5-826e-806e6f6e6963}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\LrsBootMgr.efi
description             Lenovo Recovery System
 
Firmware Application (101fffff)
-------------------------------
identifier              {c1dce4c8-75e9-11e5-82a3-90489afb25f1}
description             EFI USB Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {c1dce4c9-75e9-11e5-82a3-90489afb25f1}
description             EFI DVD/CDROM
 
Firmware Application (101fffff)
-------------------------------
identifier              {c1dce4ca-75e9-11e5-82a3-90489afb25f1}
description             EFI Network
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {59004caf-7433-11e5-8293-e3af2e49e19e}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {59004cad-7433-11e5-8293-e3af2e49e19e}
nx                      OptIn
bootmenupolicy          Standard
bootlog                 No
 
Windows Boot Loader
-------------------
identifier              {59004caf-7433-11e5-8293-e3af2e49e19e}
device                  ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{59004cb0-7433-11e5-8293-e3af2e49e19e}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{59004cb0-7433-11e5-8293-e3af2e49e19e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Setup
-------------
identifier              {7254a080-1510-4e85-ac0f-e7fb3d444736}
device                  ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{59004cac-7433-11e5-8293-e3af2e49e19e}
path                    \windows\system32\winload.efi
description             Windows Rollback
locale                  en-US
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{59004cac-7433-11e5-8293-e3af2e49e19e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {9a599ccc-8a2f-11e4-8254-00808d000035}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9a599ccd-8a2f-11e4-8254-00808d000035}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9a599ccd-8a2f-11e4-8254-00808d000035}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {212cf5c9-8a34-11e4-8a30-90489afb25f1}
device                  partition=C:
path                    \windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {9a599ccc-8a2f-11e4-8254-00808d000035}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {59004cad-7433-11e5-8293-e3af2e49e19e}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {59004caf-7433-11e5-8293-e3af2e49e19e}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {59004cac-7433-11e5-8293-e3af2e49e19e}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
Device options
--------------
identifier              {59004cb0-7433-11e5-8293-e3af2e49e19e}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume6
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {9a599ccd-8a2f-11e4-8254-00808d000035}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2015-10-16 14:37
 
==================== End of FRST.txt ============================


#4 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 18 October 2015 - 07:28 PM

Attached File  attach.txt   20.74KB   1 downloads



#5 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 18 October 2015 - 07:31 PM

Attached File  AdwCleanerS12.txt   646bytes   1 downloadsAttached File  mb results.txt   1.02KB   1 downloads

 

 

 

I had the paid version of Mbam previously but it wasnt detecting anything and all of the antivirus even after uninstalling was still hidden somewhere on my PC.  Even though I do not see Mbam anywhere it installed with my full subscription and I didnt enter any info.  



#6 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 18 October 2015 - 08:17 PM

Also I have a lot of bad digital signatures and some root signatures no good



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 AM

Posted 19 October 2015 - 07:55 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll No File
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Clean your Microsoft Edge cache.
How to clear cache and browsing history with Microsoft Edge
http://www.techulator.com/resources/14556-How-to-clear-cache-and-browsing-history-with-Microsoft-Edge.aspx

Restart the computer normally.

===

Please post the Addktion.txt file that was created by the Farbar tool.

What problem persists.

Edited by nasdaq, 19 October 2015 - 07:55 AM.


#8 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 19 October 2015 - 11:14 PM

I took a long time for my PC to restart and my previous post I had a lot of problems posting.  My computer made me do a system restore so I no longer have the addition.txt file.  After running the fix there is now an XML doc on my desktop named Info20151019234438  See below fixlog. Please let me know what else I need to do.  I was looking at the previous results and I don't have anything I have stored on my home network.  My USB recovery drive is no longer good and I have no CD/DVD drive so I am not sure why those are listed either. Just fyi because I don't know what it all means.  Oh and there are several users on files that I don't know what or who they are because I am the only person who uses my laptop.  I don't download anything or do any P2P or file sharing.  I rarely turn on my discovery setting but I do know there is a suspicious router that is unsecured that comes up in my Wi-Fi network list of available and I have also seen it in my file explorer under My Network/Network Infrastructure.  I have never connected to ANY other router so I am not sure why that is happening either.  Sorry for so much info but just sharing everything weird.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by Casey (2015-10-19 23:53:08) Run:1
Running from C:\Users\Casey\Desktop\hosts
Loaded Profiles: Casey (Available Profiles: Casey & casey_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll No File
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
wfpcapture => service removed successfully
EmptyTemp: => 132.4 MB temporary data Removed.
 

The system needed a reboot.
 
==== End of Fixlog 23:53:59 ====



#9 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 19 October 2015 - 11:22 PM

Attached File  Addition.txt   24.2KB   1 downloadsAttached File  Shortcut.txt   31.37KB   0 downloads

 

I ran the tool again so you have all.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by Casey (2015-10-20 00:15:48)
Running from C:\Users\Casey\Desktop\hosts
Windows 10 Home (X64) (2015-10-16 18:47:51)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-3872892580-1632997701-2637702364-500 - Administrator - Disabled)
Casey (S-1-5-21-3872892580-1632997701-2637702364-1001 - Administrator - Enabled) => C:\Users\Casey
casey_000 (S-1-5-21-3872892580-1632997701-2637702364-1002 - Limited - Enabled) => C:\Users\casey_000
DefaultAccount (S-1-5-21-3872892580-1632997701-2637702364-503 - Limited - Disabled)
Guest (S-1-5-21-3872892580-1632997701-2637702364-501 - Limited - Disabled)
jmpm1_000 (S-1-5-21-3872892580-1632997701-2637702364-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.35.223.2 - Broadcom Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10002.14 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{C9324B6F-FC2B-4CA0-8C42-793D7099BDA1}) (Version: 17.0.1422.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11057 - Realtek Semiconductor Corp.)
Lenovo Paper Display (HKLM-x32\...\InstallShield_{B5E4B638-FFF0-408F-9FB6-732CAFC73063}) (Version: 1.0.0.020 - Lenovo)
Lenovo Paper Display (x32 Version: 1.0.0.020 - Lenovo) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\...\cbe8636f7dd0cf1d) (Version: 1.5.1.0 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 1.5.0.26 - Lenovo)
LenovoUtility (x32 Version: 1.5.0.26 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5320.114 - Waves Audio Ltd.) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.4.24 - Symantec Corporation)
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.2.24.07 - Lenovo)
OneKey Optimizer (x32 Version: 1.2.24.07 - Lenovo) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.13 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VRQ 5.0.21.47 (HKLM-x32\...\VRQ_is1) (Version: 5.0.21.47 - Symantec Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) Paper Display  (06/21/2014 1.0.0.0) (HKLM\...\5ECF5D114CC46EABC43D0207157DEFB68E9A74FB) (Version: 06/21/2014 1.0.0.0 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Restore Points =========================
 
18-10-2015 22:48:34 VRQTool v5.0.21.47
19-10-2015 23:53:11 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14620DC6-C163-47C6-92CD-1BC24DE9F833} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {17F6C220-F6FF-4404-8FAC-6E102E1F1ACA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {30950ED6-4BF4-43FE-94EE-079012E0CF8D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {31F983D3-77CF-4E48-A911-E6F825184F78} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {366D919C-97C0-43C8-A907-BCBA4CBAA50D} - System32\Tasks\LSInstallManager => C:\ProgramData\Lenovo\Lenovo Settings\Lenovo.Settings.InstallManagerINST\DependencyInstaller.exe [2014-05-19] (Lenovo Group Limited)
Task: {366F4C9E-2E63-4C5D-97A9-6085C6F85F54} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {3AF3DD52-EF11-41CD-A49A-6536CA6A26E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {42891C3F-177C-49B8-AE11-2FB6C12ECFC9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {476B8911-5CDA-42DF-9530-A0DB13AEC4B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4D2001F6-6A50-473D-8321-D8D79E9B000D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {63ABE324-3C36-43AE-817B-CEC24CAB59A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {92B6A549-3157-4495-BAD3-E3EB3FB80565} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {99C1415D-408B-4EF8-8EC3-8864B44EFBE2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {A0E08CC3-DC75-4960-94A8-BE353C5B01C0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA9A365F-9F8B-4EF8-85DC-66AFCC00A382} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B4FCAFA6-7107-461A-89DB-E58FF5E0CC58} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-09] (Microsoft Corporation)
Task: {B7930712-E0E8-4B4E-A34C-6E7BD13479AE} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3872892580-1632997701-2637702364-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {BCC6C505-6F9B-4B00-8025-EF3C9734FF8D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C5175083-6200-4323-A9D3-8A1E49EEC953} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CEC67DDA-34C9-43BD-86F3-58CF1665ADD8} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {D45D2D8A-6422-4F0B-B740-E7EC1702EF45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {DAA00904-35C6-4E72-86B9-FD5A498B2796} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {DAE438A3-B374-48F1-9399-5BD1937C1ADC} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {E51BB984-EBE6-4758-B87C-37433E4CE0C6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EA316F9C-1B1B-4ABE-B7AE-0ED9A6630A13} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-16] (Microsoft Corporation)
Task: {F5B64ADA-B149-47E7-8084-D3D40824D56B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-09 23:26 - 2015-07-09 23:26 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-10-19 23:56 - 2015-10-19 23:56 - 00178696 _____ () C:\WINDOWS\TEMP\DPTF\dptf_wwanproxy.dll
2015-10-19 23:56 - 2015-10-19 23:56 - 00048040 _____ () C:\WINDOWS\TEMP\DPTF\dptf_pnmwlanproxy.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-13 02:24 - 2015-01-27 15:34 - 00016920 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbServicePS.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-13 02:23 - 2015-03-30 15:04 - 00037672 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2015-10-13 02:23 - 2015-03-30 15:04 - 00166696 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 23:13 - 2015-09-10 01:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-10-13 02:23 - 2015-03-30 15:04 - 00043304 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\EnglishRes.dll
2015-10-13 02:22 - 2015-10-13 02:22 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-10-13 02:24 - 2015-01-27 15:34 - 00159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2015-10-13 02:23 - 2015-03-30 15:05 - 00036136 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2014-07-03 10:45 - 2014-07-03 10:45 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
AlternateDataStreams: C:\Users\Casey\OneDrive:ms-properties
AlternateDataStreams: C:\Users\casey_000\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "RtHDVBg_BYPASS_AUDIO_EFFECT_WHEN_POWERSAVING"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKLM\...\StartupApproved\Run: => "OneKeyOptimizer"
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/19/2015 11:57:08 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicereg session lock = failed w/err 0x00000000
 
Error: (10/19/2015 11:57:08 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicesession change id =  failed w/err 0x00000001
 
Error: (10/19/2015 11:56:48 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013
 
Error: (10/19/2015 11:56:47 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013
 
Error: (10/19/2015 11:56:47 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceget IsPDenable flag =  failed w/err 0x00000000
 
Error: (10/19/2015 11:53:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/19/2015 11:53:10 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 

Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {91c743ac-e6a2-46a9-b9f3-f4699d05cf0a}
 
Error: (10/19/2015 11:48:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxMail.exe, version: 16.0.6306.4225, time stamp: 0x5614c4d1
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1440
Faulting application start time: 0xHxMail.exe0
Faulting application path: HxMail.exe1
Faulting module path: HxMail.exe2
Report Id: HxMail.exe3
Faulting package full name: HxMail.exe4
Faulting package-relative application ID: HxMail.exe5
 
Error: (10/19/2015 11:44:27 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicereg session lock = failed w/err 0x00000000
 
Error: (10/19/2015 11:44:27 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicesession change id =  failed w/err 0x00000001
 

System errors:
=============
Error: (10/19/2015 11:58:42 PM) (Source: DCOM) (EventID: 10016) (User: CASEY)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}CASEYCaseyS-1-5-21-3872892580-1632997701-2637702364-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
 
Error: (10/19/2015 11:56:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (10/19/2015 11:56:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (10/19/2015 11:54:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (10/19/2015 11:54:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
 
Error: (10/19/2015 11:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 11:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 11:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 11:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 11:53:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).
 

==================== Memory info ===========================
 
Processor: Intel® Core™ M-5Y71 CPU @ 1.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8107.08 MB
Available physical RAM: 5163.67 MB
Total Virtual: 10027.08 MB
Available Virtual: 7051.07 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:195.7 GB) (Free:135.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7A64C8D8)
 
Partition: GPT.
 
==================== End of Addition.txt ============================



#10 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 19 October 2015 - 11:30 PM

Attached File  Addition.txt   24.2KB   1 downloadsAttached File  Shortcut.txt   31.37KB   0 downloads

 

I ran the tool again so you have all.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by Casey (2015-10-20 00:15:48)
Running from C:\Users\Casey\Desktop\hosts
Windows 10 Home (X64) (2015-10-16 18:47:51)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-3872892580-1632997701-2637702364-500 - Administrator - Disabled)
Casey (S-1-5-21-3872892580-1632997701-2637702364-1001 - Administrator - Enabled) => C:\Users\Casey
casey_000 (S-1-5-21-3872892580-1632997701-2637702364-1002 - Limited - Enabled) => C:\Users\casey_000
DefaultAccount (S-1-5-21-3872892580-1632997701-2637702364-503 - Limited - Disabled)
Guest (S-1-5-21-3872892580-1632997701-2637702364-501 - Limited - Disabled)
jmpm1_000 (S-1-5-21-3872892580-1632997701-2637702364-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.35.223.2 - Broadcom Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10002.14 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{C9324B6F-FC2B-4CA0-8C42-793D7099BDA1}) (Version: 17.0.1422.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11057 - Realtek Semiconductor Corp.)
Lenovo Paper Display (HKLM-x32\...\InstallShield_{B5E4B638-FFF0-408F-9FB6-732CAFC73063}) (Version: 1.0.0.020 - Lenovo)
Lenovo Paper Display (x32 Version: 1.0.0.020 - Lenovo) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\...\cbe8636f7dd0cf1d) (Version: 1.5.1.0 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 1.5.0.26 - Lenovo)
LenovoUtility (x32 Version: 1.5.0.26 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5320.114 - Waves Audio Ltd.) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.4.24 - Symantec Corporation)
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.2.24.07 - Lenovo)
OneKey Optimizer (x32 Version: 1.2.24.07 - Lenovo) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.13 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VRQ 5.0.21.47 (HKLM-x32\...\VRQ_is1) (Version: 5.0.21.47 - Symantec Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) Paper Display  (06/21/2014 1.0.0.0) (HKLM\...\5ECF5D114CC46EABC43D0207157DEFB68E9A74FB) (Version: 06/21/2014 1.0.0.0 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Restore Points =========================
 
18-10-2015 22:48:34 VRQTool v5.0.21.47
19-10-2015 23:53:11 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14620DC6-C163-47C6-92CD-1BC24DE9F833} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {17F6C220-F6FF-4404-8FAC-6E102E1F1ACA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {30950ED6-4BF4-43FE-94EE-079012E0CF8D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {31F983D3-77CF-4E48-A911-E6F825184F78} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {366D919C-97C0-43C8-A907-BCBA4CBAA50D} - System32\Tasks\LSInstallManager => C:\ProgramData\Lenovo\Lenovo Settings\Lenovo.Settings.InstallManagerINST\DependencyInstaller.exe [2014-05-19] (Lenovo Group Limited)
Task: {366F4C9E-2E63-4C5D-97A9-6085C6F85F54} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {3AF3DD52-EF11-41CD-A49A-6536CA6A26E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {42891C3F-177C-49B8-AE11-2FB6C12ECFC9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {476B8911-5CDA-42DF-9530-A0DB13AEC4B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4D2001F6-6A50-473D-8321-D8D79E9B000D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {63ABE324-3C36-43AE-817B-CEC24CAB59A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {92B6A549-3157-4495-BAD3-E3EB3FB80565} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {99C1415D-408B-4EF8-8EC3-8864B44EFBE2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {A0E08CC3-DC75-4960-94A8-BE353C5B01C0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA9A365F-9F8B-4EF8-85DC-66AFCC00A382} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B4FCAFA6-7107-461A-89DB-E58FF5E0CC58} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-09] (Microsoft Corporation)
Task: {B7930712-E0E8-4B4E-A34C-6E7BD13479AE} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3872892580-1632997701-2637702364-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {BCC6C505-6F9B-4B00-8025-EF3C9734FF8D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C5175083-6200-4323-A9D3-8A1E49EEC953} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CEC67DDA-34C9-43BD-86F3-58CF1665ADD8} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {D45D2D8A-6422-4F0B-B740-E7EC1702EF45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {DAA00904-35C6-4E72-86B9-FD5A498B2796} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {DAE438A3-B374-48F1-9399-5BD1937C1ADC} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {E51BB984-EBE6-4758-B87C-37433E4CE0C6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EA316F9C-1B1B-4ABE-B7AE-0ED9A6630A13} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-16] (Microsoft Corporation)
Task: {F5B64ADA-B149-47E7-8084-D3D40824D56B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-09 23:26 - 2015-07-09 23:26 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-10-19 23:56 - 2015-10-19 23:56 - 00178696 _____ () C:\WINDOWS\TEMP\DPTF\dptf_wwanproxy.dll
2015-10-19 23:56 - 2015-10-19 23:56 - 00048040 _____ () C:\WINDOWS\TEMP\DPTF\dptf_pnmwlanproxy.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-13 02:24 - 2015-01-27 15:34 - 00016920 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbServicePS.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-13 02:23 - 2015-03-30 15:04 - 00037672 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2015-10-13 02:23 - 2015-03-30 15:04 - 00166696 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 23:13 - 2015-09-10 01:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-10-13 02:23 - 2015-03-30 15:04 - 00043304 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\EnglishRes.dll
2015-10-13 02:22 - 2015-10-13 02:22 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-10-13 02:24 - 2015-01-27 15:34 - 00159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2015-10-13 02:23 - 2015-03-30 15:05 - 00036136 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2014-07-03 10:45 - 2014-07-03 10:45 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
AlternateDataStreams: C:\Users\Casey\OneDrive:ms-properties
AlternateDataStreams: C:\Users\casey_000\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "RtHDVBg_BYPASS_AUDIO_EFFECT_WHEN_POWERSAVING"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKLM\...\StartupApproved\Run: => "OneKeyOptimizer"
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/19/2015 11:57:08 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicereg session lock = failed w/err 0x00000000
 
Error: (10/19/2015 11:57:08 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicesession change id =  failed w/err 0x00000001
 
Error: (10/19/2015 11:56:48 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013
 
Error: (10/19/2015 11:56:47 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013
 
Error: (10/19/2015 11:56:47 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceget IsPDenable flag =  failed w/err 0x00000000
 
Error: (10/19/2015 11:53:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/19/2015 11:53:10 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 

Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {91c743ac-e6a2-46a9-b9f3-f4699d05cf0a}
 
Error: (10/19/2015 11:48:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxMail.exe, version: 16.0.6306.4225, time stamp: 0x5614c4d1
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1440
Faulting application start time: 0xHxMail.exe0
Faulting application path: HxMail.exe1
Faulting module path: HxMail.exe2
Report Id: HxMail.exe3
Faulting package full name: HxMail.exe4
Faulting package-relative application ID: HxMail.exe5
 
Error: (10/19/2015 11:44:27 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicereg session lock = failed w/err 0x00000000
 
Error: (10/19/2015 11:44:27 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicesession change id =  failed w/err 0x00000001
 

System errors:
=============
Error: (10/19/2015 11:58:42 PM) (Source: DCOM) (EventID: 10016) (User: CASEY)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}CASEYCaseyS-1-5-21-3872892580-1632997701-2637702364-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
 
Error: (10/19/2015 11:56:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (10/19/2015 11:56:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (10/19/2015 11:54:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (10/19/2015 11:54:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
 
Error: (10/19/2015 11:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 11:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 11:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 11:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 11:53:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).
 

==================== Memory info ===========================
 
Processor: Intel® Core™ M-5Y71 CPU @ 1.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8107.08 MB
Available physical RAM: 5163.67 MB
Total Virtual: 10027.08 MB
Available Virtual: 7051.07 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:195.7 GB) (Free:135.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7A64C8D8)
 
Partition: GPT.
 
==================== End of Addition.txt ============================



#11 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 19 October 2015 - 11:37 PM

Also I do not stream anything.  I do not use One drive for anything and disable it always because I dont want anything synced.  I actually was alerted by Kaspersky which I previously installed that my computer tried to connect to another device on another network which was my own but it was the 2.4 and i keep  my laptop on the 5 and anyway the mac address for a brand new cell phone i just bought that I have never put anything on my laptop or logged into anything that I log into on my laptop.  Why my laptop was trying to connect to my cell phone I have no idea.  I have to constantly turn blue tooth off on my laptop because I do not and have never used.  Also the media I have to change because it defaults to auto run everything.  I dont know where have of the Lenovo crap came from.  I did try to update my drivers when I thought it was fixed but ti wasnt.  The initial install of Norton found a Trojan named AU_  and there was more but I dont remember.  It froze on the removal but in the history it showed it was removed.  All of my folders are set to share and are public no matter how many times I click dont share.  I am not touching anyhting else unless it comes from you.  Just more info :)



#12 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 19 October 2015 - 11:38 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by Casey (administrator) on CASEY (20-10-2015 00:15:06)
Running from C:\Users\Casey\Desktop\hosts
Loaded Profiles: Casey (Available Profiles: Casey & casey_000)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FBService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Users\Casey\AppData\Local\Apps\2.0\M6AML78D.V6W\Q3YRXLCR.M5Q\lsb...tion_91a10ba61c75c82d_0001.0005_a24d0d716055ed94\LSB.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_BYPASS_AUDIO_EFFECT_WHEN_POWERSAVING] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-03-05] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-01] (Synaptics Incorporated)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [10828056 2015-10-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [605992 2015-03-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [609200 2015-03-01] (Waves Audio Ltd.)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [31232 2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9bde7ac4-539f-42dd-bb13-ce374a7d4011}: [DhcpNameServer] 150.213.1.3
Tcpip\..\Interfaces\{fe7b55ed-f092-44bf-862e-a4b8d72cc32c}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3872892580-1632997701-2637702364-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll No File
 
FireFox:
========
FF ProfilePath: C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\b4pfr7co.default
FF NetworkProxy: "type", 4
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-07-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-07-03] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\b4pfr7co.default\Extensions\firefox@zenmate.com.xpi [2015-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFPlgn [2015-10-19]
 
Chrome:
=======
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR Profile: C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-13]
CHR Extension: (Google Docs) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-13]
CHR Extension: (Google Drive) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-13]
CHR Extension: (YouTube) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-13]
CHR Extension: (Google Search) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-13]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-10-13]
CHR Extension: (Google Sheets) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-13]
CHR Extension: (Norton Safe) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-13]
CHR Extension: (Gmail) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-13]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S4 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
R2 esifsvc; C:\windows\SysWOW64\esif_uf.exe [953352 2014-06-10] (Intel Corporation)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191000 2015-01-27] (Lenovo) [File not signed]
S4 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-07-03] (Intel Corporation)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2742568 2015-03-31] (Lenovo(beijing) Limited)
R2 LenovoSetSvr; C:\Program Files\Lenovo\LenovoUtility\LenovoSetSvr.exe [369944 2015-10-13] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [359208 2015-03-30] (Lenovo(beijing) Limited)
R2 PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe [173336 2014-08-11] (Lenovo)
S4 PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe [25368 2014-08-11] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S4 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-09-03] (Lenovo)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7578328 2014-12-22] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151008.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-09] (Microsoft Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [35136 2014-06-10] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [34072 2014-06-10] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-20] (Symantec Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [192624 2014-06-10] (Intel Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2015-01-27] (Windows ® Win 7 DDK provider) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151016.001\IDSvia64.sys [767216 2015-10-09] (Symantec Corporation)
S3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151018.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151018.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [7239384 2014-08-29] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-09-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605040.018\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [65728 2015-10-01] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys 22CE801AD25C51E2553F41A076BB0CB2
C:\Windows\System32\drivers\3ware.sys 2C49A2441EBB24C6ACFB524C1459115F
C:\Windows\System32\drivers\ACPI.sys B87D3D07FE6F15328C6860D542F0E2BD
C:\Windows\System32\Drivers\acpiex.sys 1E3C4EDBB7F3F668B7205E351010BB79
C:\Windows\System32\drivers\acpipagr.sys 13B1C26AEDCB40082CDD97506F968129
C:\Windows\System32\drivers\acpipmi.sys B3D64FF927D611721DA73A61BF3A18B3
C:\Windows\System32\drivers\acpitime.sys 19F793B2203D94AC1F8AEDB08B494E2E
C:\Windows\System32\drivers\AcpiVpc.sys E5D1706CE2BFC9127655B194839BEDB5
C:\Windows\System32\drivers\ADP80XX.SYS 2A24E10C1A1DE0E0035E353EED494A1C
C:\Windows\system32\drivers\afd.sys 6C12C7E01A4F64E0AA9C88AF66955CC9
C:\Windows\System32\drivers\agp440.sys EF09D07626820F7F89519514C17FE768
C:\Windows\System32\DRIVERS\ahcache.sys 8A289EF0721F95267BF2404BABEE146D
C:\Windows\System32\drivers\amdk8.sys 6763084E8322A4876D1613854640F914
C:\Windows\System32\drivers\amdppm.sys DE29D8AB57AD67D4940CAB4A48B3E230
C:\Windows\System32\drivers\amdsata.sys 4C1F9BBAF5CCD76D4642F3B92B97B454
C:\Windows\System32\drivers\amdsbs.sys F8195C1A15955180DD663E7FF4C2F6DD
C:\Windows\System32\drivers\amdxata.sys DD2F5BBCFAC4D8E48DB1A95A7EEBFF08
C:\Windows\system32\drivers\appid.sys 46AAF119090573A80D603745582229ED
C:\Windows\System32\drivers\arcsas.sys 0756EECAC010BE449D07502DF27E7701
C:\Windows\System32\drivers\asyncmac.sys A5792F971EFE86B7F56EE7299ED1082B
C:\Windows\System32\drivers\atapi.sys 8921DF6060DB5C7700AA48CB12E9EA08
C:\Windows\System32\drivers\bxvbda.sys 00D64E82900E4EC9062805ED87C2D75A
C:\Windows\System32\drivers\BasicDisplay.sys 5164A66EC1565711A7B4CF2F143B4979
C:\Windows\System32\drivers\BasicRender.sys F4C58BBF2972BD84C73F6A14CA35AC4E
C:\Windows\system32\drivers\bcbtums.sys 6FED40EC0DB11DF1B2AD08621FBDDED6
C:\Windows\system32\DRIVERS\bcmwl63a.sys C9D56F984B66C110954CD23982DF29F8
C:\Windows\System32\drivers\bcmfn2.sys 25349D0B334E528667980948ED107D89
C:\Windows\System32\Drivers\Beep.sys 1E8A9267F8886803AAE02982FC1B5BC4
C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151008.001\BHDrvx64.sys 9CF4428D09C73B6F633AF9E58B835689
C:\Windows\System32\DRIVERS\bowser.sys C9FD65687EF89715999C582D3E568812
C:\Windows\System32\drivers\BthAvrcpTg.sys F8DD3B0EAC1EF1D087AE47E5819540AC
C:\Windows\System32\drivers\BthEnum.sys 74C9D52F3F594529465E18B2BFF80487
C:\Windows\System32\drivers\bthhfenum.sys 647E2A425AD43637EAA01096A58B7089
C:\Windows\System32\drivers\BthHFHid.sys B95040CAD3434D9EE003065363A0FAFF
C:\Windows\system32\DRIVERS\BthLEEnum.sys 986F756D10B5A2B3971A03BD6308B94F
C:\Windows\System32\drivers\bthmodem.sys 29AEE352AED4FCD2191436D263D75347
C:\Windows\System32\drivers\bthpan.sys 38C97371F058E889F730BF35530732F4
C:\Windows\System32\Drivers\BTHport.sys FCC211B0F46D831506D0D76539203899
C:\Windows\System32\Drivers\BTHUSB.sys 5866AE46EEF644E6DE5C95942AE419D7
C:\Windows\system32\DRIVERS\btwampfl.sys 8B8B304DF17084338326BC4ACC2716C5
C:\Windows\System32\drivers\buttonconverter.sys 854AF190F55E6D70EC65A85798F896E2
C:\Windows\System32\drivers\capimg.sys A10A1E05A943B10ECE5D57D131B7404D
C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys 5A1C7DBDDB001BC6F1D1720E655445E2
C:\Windows\System32\DRIVERS\cdfs.sys F2829DC6D292DCAC5029893BB2E9FEE3
C:\Windows\System32\drivers\cdrom.sys CA160E02F35A61C6F5C681FB4669C519
C:\Windows\System32\drivers\circlass.sys 60D7D304DF75DFF6A46CF633F583B592
C:\Windows\System32\drivers\CLFS.sys FF9D4BCE19E5D36CB3A845A3286DA6C3
C:\Windows\System32\drivers\CmBatt.sys 8EBA63416EC166EBA6EF6D34A505D8C8
C:\Windows\System32\Drivers\cng.sys 3B64DA873CEA5BEC42570BFF1054A014
C:\Windows\System32\DRIVERS\cnghwassist.sys 5EEA0856000F81B3D709BC81B3AA1EF2
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys 74CD3BF688E2B408227FE012A2F2D8ED
C:\Windows\System32\drivers\condrv.sys D38774D1D383A2CDB9A4F64B7206913B
C:\Windows\System32\drivers\dam.sys F038EAF73AAB72A4A89185A5A7B9FD75
C:\Windows\System32\Drivers\dfsc.sys 25435407D97419627F4B10653433BF2B
C:\Windows\System32\drivers\disk.sys FDCD449AE9E75D7690593D16ADAF4DB4
C:\Windows\System32\drivers\dmvsc.sys F10A8F6D036CEDD14A5471782C52F041
C:\Windows\System32\drivers\dptf_cpu.sys 7C1A276BE7C932996E793426D75624C2
C:\Windows\System32\drivers\dptf_pch.sys 2FE664B44EDC33F428649581FA003D06
C:\Windows\system32\drivers\drmkaud.sys 45771610FF181434073B5A0A00F20F8D
C:\Windows\System32\drivers\dxgkrnl.sys 89C9C3745F270EF93988DA57BC6AA62B
C:\Windows\System32\drivers\evbda.sys 3070013B01EDA42C7EB67D731340C396
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys D3E6B497A7A5B6B361B4E575C90256B2
C:\Windows\System32\drivers\EhStorClass.sys 59EE187E333EE9914DD9BEA5F4E0D85D
C:\Windows\System32\drivers\EhStorTcgDrv.sys 9297F1CC486F24BDFD2874156AC5430F
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 9F027B93978539BA087851C31D572E39
C:\Windows\System32\drivers\errdev.sys F7FCCA6300485EF60CEA6D991D6C8C78
C:\Windows\System32\drivers\esif_lf.sys DB3C9C8C044F4203221DC944AB539603
C:\Windows\System32\Drivers\exfat.sys DCCDC3F35F0618692117DF90800A4284
C:\Windows\System32\DRIVERS\Fastboot.sys E922EA9246FE2EDE19CCBD7D0060CB33
C:\Windows\System32\Drivers\fastfat.sys 5A1C6AFFF6946C5C21A27AE05084C0D1
C:\Windows\System32\drivers\fdc.sys 583EB1C7690E361213BBD0472155128B
C:\Windows\System32\drivers\filecrypt.sys CDFD81CACE0E11596A3BB61EC4CF6467
C:\Windows\System32\drivers\fileinfo.sys 3F02FEDAE894CBF4BAADDF8C8E1D53A8
C:\Windows\System32\drivers\filetrace.sys 2824933386E30DE5BA089DF539CE19A3
C:\Windows\System32\drivers\flpydisk.sys 6A598249640F8BEDD79EC73917E1664F
C:\Windows\System32\drivers\fltmgr.sys 44B6A6832134DF651E887E941478CA35
C:\Windows\System32\drivers\FsDepends.sys 3F3B9E8CECD5604BC7746EF3A852EB67
C:\Windows\System32\Drivers\Fs_Rec.sys A60583221C7BB7CEC35C63285A297BE1
C:\Windows\System32\DRIVERS\fvevol.sys 58013A50225174EEF1410E37795D7908
C:\Windows\System32\drivers\gagp30kx.sys 0DAAE3EFCE00133AB3E383A36C47CDAF
C:\Windows\System32\drivers\vmgencounter.sys F59155B95D01C08F9ED774B626B504A1
C:\Windows\System32\drivers\genericusbfn.sys AE24452F55C6F1784CBD7489D0CDDB02
C:\Windows\System32\Drivers\msgpioclx.sys 96F0D3A583A91B634EE2AC2507356EDC
C:\Windows\System32\drivers\gpuenergydrv.sys BA2455D93BD57989A04FE4094AA6F941
C:\Windows\System32\drivers\HDAudBus.sys C277A49F8A8295840DEBC9240B75A282
C:\Windows\System32\drivers\HidBatt.sys D5A57EF4822A0388352FFF9F5CD53495
C:\Windows\System32\drivers\hidbth.sys 39575B53EB80C77FF2A3F1449D00B7F5
C:\Windows\System32\drivers\hidi2c.sys 35C3B602664116E737FF729F9A7156AD
C:\Windows\System32\drivers\hidinterrupt.sys C4ABE526BBF2A18E8AF70177FBAD9C6E
C:\Windows\System32\drivers\hidir.sys 348416C7D7EB05BC3099FE2F2B27985C
C:\Windows\System32\drivers\hidusb.sys 01F732724AF6EFE69886DA95A4E51820
C:\Windows\System32\drivers\HpSAMD.sys 3844CE7DD23530CAD59D8CABA57CCB05
C:\Windows\System32\drivers\HTTP.sys CA6EADBB8731CA27BDA4037BF290AC14
C:\Windows\System32\drivers\hwpolicy.sys 8841D927EB1F7FFC8B1805BC0CF190ED
C:\Windows\System32\drivers\hyperkbd.sys 53436C3835E80F4421652A67F44D6313
C:\Windows\system32\DRIVERS\HyperVideo.sys B2DC6C2F313EBB967B556B4E73A75451
C:\Windows\System32\drivers\i8042prt.sys D4CDEE4A62BDFFF6E8558A9552148EA7
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys F1DF87463AC308047B089E9F0456B4C8
C:\Windows\System32\drivers\iaStorA.sys 9863EC0FB887C0AD0C3A20AC3BF91629
C:\Windows\System32\drivers\iaStorAV.sys 9FDD4763A115D04F565C38183DE4646F
C:\Windows\System32\drivers\iaStorV.sys 4E69EE8F8E5DA036535D433C544AF9E2
C:\Windows\System32\drivers\ibbus.sys 15C59DF20F74A0C2C764B991FED7F4A5
C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151016.001\IDSvia64.sys 55780CBB981F19CF97B455A3546F1C7C
C:\Windows\system32\DRIVERS\igdkmd64.sys 6FFC445E0D38C3C880125F2C201C9BC6
C:\Windows\system32\drivers\RTKVHD64.sys 1E1E28EEFAB3F61F7159FB5AD3A269A8
C:\Windows\system32\DRIVERS\IntcDAud.sys EA26AE512C63026756D2ACA0711BA7E5
C:\Windows\System32\drivers\intelide.sys 498759139F71142888CF7EFA1ABE18C8
C:\Windows\System32\drivers\intelpep.sys DC270DDCDDC2EF65D484A65CC5166222
C:\Windows\System32\drivers\intelppm.sys B4D9C777762B1F7356958B9C0AA93BEB
C:\Windows\System32\drivers\ioqos.sys 22BD83268B80A8C89AAC0BDF46E4EB5D
C:\Windows\System32\DRIVERS\ipfltdrv.sys A49E47A6E1429123F46A7CA9C05AEFC1
C:\Windows\System32\drivers\IPMIDrv.sys E0C276985AF968CE295B8E09C121321F
C:\Windows\System32\drivers\ipnat.sys 5D3744E6FDEC1A6FB3FA9B1DD4AF0694
C:\Windows\System32\drivers\irenum.sys B18202D72C0EF4B53CEC6F59E3E1B955
C:\Windows\System32\drivers\isapnp.sys CD04CBCCCB4C0E4BB06B98E0F45C888A
C:\Windows\System32\drivers\msiscsi.sys 5D90E942C94B20E0F321015C0ABF3EEA
C:\Windows\System32\drivers\iwdbus.sys F1D3A377ED9BA1CA449824C41CAF104C
C:\Windows\System32\drivers\kbdclass.sys 4192DFE6CA143C0AD8AF42C51A82BECA
C:\Windows\System32\drivers\kbdhid.sys B63C0DB341DCB46CF7AA259333A737DD
C:\Windows\System32\drivers\kdnic.sys 53C79A7FABDAAFD11EAB31963FB2CED7
C:\Windows\System32\drivers\KMDFVirtualMouse.sys 23E3E79A244E63F416A89640359C78B3
C:\Windows\System32\Drivers\ksecdd.sys 1E99B26BDB9B9C9BC775ED4543558560
C:\Windows\System32\Drivers\ksecpkg.sys 6198A79011C67497B324798B3D4272CE
C:\Windows\system32\drivers\ksthunk.sys 503597D9B72DBD9998F722F12A51ACFC
C:\Windows\System32\drivers\lltdio.sys DB789F57CE94C827FBFF709CA5ABD29E
C:\Windows\System32\drivers\lsi_sas.sys 3BB39166E446D456C277C17DFEA3DAC6
C:\Windows\System32\drivers\lsi_sas2i.sys 25CF625E46307A5D6674C8DFA1A289AA
C:\Windows\System32\drivers\lsi_sas3i.sys 722C52B12EA4C198D56994934C9DDAB6
C:\Windows\System32\drivers\lsi_sss.sys 3371FF1D5D745C3306C6A2C4E99C25A9
C:\Windows\system32\drivers\luafv.sys C692B9C0352315417CF49FFA664957A3
C:\WINDOWS\system32\drivers\mbamchameleon.sys 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849
C:\WINDOWS\system32\drivers\mbam.sys CFBC6C6D8A492697CABD1D353EE64933
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\WINDOWS\system32\drivers\mwac.sys 08DECFCB9BA97786165A69AB1015BC30
C:\Windows\System32\drivers\megasas.sys B2ED9A7A5587A128A0EFD0DBE7662E95
C:\Windows\System32\drivers\megasr.sys 083F71488E6780A67290273180256EA5
C:\Windows\system32\DRIVERS\TeeDriverx64.sys 1BC9159CF58BABD89419072EA180A8F6
C:\Windows\System32\drivers\mlx4_bus.sys 5907A10D46747A2B6DBFD6A198254DC2
C:\Windows\system32\drivers\mmcss.sys 91ED6F0EDF4158D63C52194F17D4F42E
C:\Windows\System32\drivers\modem.sys 2C4CC9F6ADBED5A6D131FDB97A78FF68
C:\Windows\System32\drivers\monitor.sys D8DB13529C8AD6FBAF8E2F382024374F
C:\Windows\System32\drivers\mouclass.sys 2DAAF1EE1C30F2FCF59851A64ADA0422
C:\Windows\System32\drivers\mouhid.sys D30FE074503283829ED194BCAE6239C3
C:\Windows\System32\drivers\mountmgr.sys D5EC9413527B286CFEEB0294C53ABB95
C:\Windows\System32\drivers\mpsdrv.sys 989A1BBD9C49B107B4A47D06E6827A69
C:\Windows\system32\drivers\mrxdav.sys C1E74DD1D84861D8F12FF8BC0BA11975
C:\Windows\System32\DRIVERS\mrxsmb.sys 1DF2C5FD2710A13B07E663A12F0E0EEA
C:\Windows\System32\DRIVERS\mrxsmb10.sys 185932B1149BD707F8A13174CDAB365B
C:\Windows\System32\DRIVERS\mrxsmb20.sys 99E24D4DBACBC569833B9A67710D65E7
C:\Windows\System32\drivers\bridge.sys 6F8BE4FB6262012E61BBADB5444628DC
C:\Windows\System32\Drivers\Msfs.sys 7C55F1751CAC199680D4489D1EE46544
C:\Windows\System32\drivers\msgpiowin32.sys 988588C16A53C2581488C15FF18934BF
C:\Windows\System32\drivers\mshidkmdf.sys 09622DBC24D0178F15DB8461BB6970DF
C:\Windows\System32\drivers\mshidumdf.sys 34BB07495C0159BE4189841E16F3BC2F
C:\Windows\System32\drivers\msisadrv.sys 7BF3F0DA362C053918F5F2EC43CE39E2
C:\Windows\system32\drivers\MSKSSRV.sys B2D0FD21FE67D6434769CC6F7A7883CA
C:\Windows\System32\drivers\mslldp.sys FB3801F176376286A3F8F20FFB8CDC53
C:\Windows\system32\drivers\MSPCLOCK.sys 8CBDF0E7A6CD824352F37A682A33DF7E
C:\Windows\system32\drivers\MSPQM.sys 33E5B6261D69ACD4948A5C64B9D8F29F
C:\Windows\System32\Drivers\MsRPC.sys 557DF8C0DBBBF518AC395C6EB1B179AE
C:\Windows\System32\drivers\mssmbios.sys 0A29AFA668F5DD50482A98ECE70C77A7
C:\Windows\system32\drivers\MSTEE.sys 30CE30877FD5BFADE74FA27D7829BF89
C:\Windows\System32\drivers\MTConfig.sys 13D88C0B8A2FA001CD72D454955A6974
C:\Windows\System32\Drivers\mup.sys 00C7F0F06A0A48B9CDB6B3AC3BE288F0
C:\Windows\System32\drivers\mvumis.sys 8E237527CA260C71D39ED4081BDF3419
C:\Windows\System32\DRIVERS\nwifi.sys 48D0587A8302FD3302CFE6F59F7345B0
C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151018.001\ENG64.SYS 5A4EC58A5F2E63DB2092B343CF1B2834
C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151018.001\EX64.SYS 526EA496D7F06B3746775046B33027C1
C:\Windows\System32\drivers\ndfltr.sys CF8296427834CF8BBB3EE1444C17362D
C:\Windows\System32\drivers\ndis.sys 616F40B897DA651221F86A1741E9609B
C:\Windows\System32\drivers\ndiscap.sys A0719D1EBA971DFC5DF5F7CC010385F8
C:\Windows\System32\drivers\NdisImPlatform.sys 0C557932CCCC65AEB37326DD36504527
C:\Windows\System32\DRIVERS\ndistapi.sys 56F9345D1945826135FBAB7589592B1F
C:\Windows\System32\drivers\ndisuio.sys AADFC340939D99E5D756E713E1D452EB
C:\Windows\System32\drivers\NdisVirtualBus.sys 312DFD787D99D3BF1427B0388BC04F71
C:\Windows\System32\drivers\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
C:\Windows\System32\DRIVERS\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
C:\Windows\System32\DRIVERS\NDProxy.sys 6E98F16983C4AE8703FF9F90AB4B31DD
C:\Windows\System32\drivers\Ndu.sys F1B7CC77F412C8D45B2DDCF76EDA4F9D
C:\Windows\System32\drivers\netbios.sys 824FDC990A3F79069BE468A132EB6888
C:\Windows\System32\DRIVERS\netbt.sys F0D791348AD254360CC3C3E501CCB745
C:\Windows\System32\drivers\netvsc.sys 46E862DA2CF8F351375EF537276B69B5
C:\Windows\System32\Drivers\Npfs.sys 41557BE174E9EC6AC703A8A4ADBC6650
C:\Windows\System32\drivers\npsvctrig.sys AC3F70FCFBCE97AA2F12BA43EE13B86E
C:\Windows\System32\drivers\nsiproxy.sys 66A98C407085B8920DF1E6D722F1ADB8
C:\Windows\System32\Drivers\NTFS.sys 466EC5659C02ED53DBD47DC1BC2B8086
C:\Windows\System32\Drivers\Null.sys 383E546EF4982262A0EF6CC2B6E9D525
C:\Windows\System32\drivers\nvraid.sys 466F875F1D4C6ABB46AF28007009237C
C:\Windows\System32\drivers\nvstor.sys 76F19EAE7A52CBAF7B8EC428BE6E0DA0
C:\Windows\System32\drivers\nv_agp.sys 0D0CB77D74B38E0EC62341C19E469D8D
C:\Windows\System32\drivers\parport.sys 38F1AE32339731F6E5A7281AE8042545
C:\Windows\System32\drivers\partmgr.sys 707889D2F95AAE8C9DD254D8767AD908
C:\Windows\System32\drivers\pci.sys 2834089EA4E550FF3B96E61FB4AA34ED
C:\Windows\System32\drivers\pciide.sys 3D587E4295B11B8480F7ACB09A89D718
C:\Windows\System32\drivers\pcmcia.sys B8F07002B5F1DA23CFF979C2806B09F3
C:\Windows\System32\drivers\pcw.sys FF588077D0C6AC2EA3FCBF1903CE08D0
C:\Windows\System32\drivers\pdc.sys 70469C8AC4AD367295E70CFDD81B754C
C:\Windows\System32\drivers\peauth.sys 688F47C342E1BBC87A48AB71D316233E
C:\Windows\System32\drivers\percsas2i.sys 189265498945593D5256CFF7FEBB9665
C:\Windows\System32\drivers\percsas3i.sys 9B86965114F6831A5130EFE6657B17D9
C:\Windows\System32\drivers\raspptp.sys 1433EB7908E5E1E20FFD50E4126C3484
C:\Windows\System32\drivers\processr.sys 22DE54C3974E4FD98F61D095C22C59B7
C:\Windows\System32\drivers\pacer.sys EDD52C352CBAAAD13FD7BD5DCEA309B3
C:\Windows\system32\drivers\qwavedrv.sys 51590F442C6E5D43244BA30DDB0CE79D
C:\Windows\System32\DRIVERS\rasacd.sys E951E70019865B06126AF850BCCA2026
C:\Windows\System32\drivers\AgileVpn.sys 0BF8607133AE264BC3C41A5BAA5FFB7B
C:\Windows\System32\drivers\rasl2tp.sys CA60F6C03611AF1710BC903ED9F566FB
C:\Windows\System32\drivers\raspppoe.sys E5FA41160F5A3D78D8F7765E5C5F6BB0
C:\Windows\System32\drivers\rassstp.sys DF0834AE921E633E05D1FDC55C318957
C:\Windows\System32\DRIVERS\rdbss.sys FC9B7AC6E2B837EF7CD6C64F7068D41D
C:\Windows\System32\drivers\rdpbus.sys FB7375657F8A5932C35EAA45E9B4B416
C:\Windows\System32\drivers\rdpdr.sys A32AED8C644734B283A7C9D08D76064D
C:\Windows\System32\drivers\rdpvideominiport.sys 37CC7E41243EFBB4FBC0510E5CA32A02
C:\Windows\System32\drivers\rdyboost.sys DAF957B25A35757E9D814611FAE8FE3B
C:\Windows\System32\Drivers\ReFSv1.sys 2C72E029C153D25325CA182A669E4ADE
C:\Windows\System32\drivers\rfcomm.sys 67E83C0C9A2B5ACEE9EF690E6B7E9189
C:\Windows\System32\drivers\rspndr.sys DC66C1D262D64E30A30B68E9F21AC74B
C:\Windows\system32\DRIVERS\rtsuvc.sys 6AB980A12B0B00420B6DA074CD26E198
C:\Windows\System32\drivers\vms3cap.sys 88F7703F2A4677C828124AE2110D3EBC
C:\Windows\System32\drivers\sbp2port.sys B467E932FE4E16E201DC7E56870CB559
C:\Windows\System32\DRIVERS\scfilter.sys 31DDA0716EC265CA57DAF9D2295FD76F
C:\Windows\System32\drivers\sdbus.sys 004C66464D8FE76D5DA78BE6777D61AF
C:\Windows\System32\drivers\sdstor.sys F4BF50A7D16A97A887BFA0F193693C42
C:\Windows\system32\DRIVERS\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
C:\Windows\System32\drivers\SerCx.sys 9DB0BBE3ABE1F49651AE51EC5BCABE58
C:\Windows\System32\drivers\SerCx2.sys C4AF79C37334D995D95C22C14FDBF7FD
C:\Windows\System32\drivers\serenum.sys FC541A272F47BE03E67A9FCB87FA8C3E
C:\Windows\System32\drivers\serial.sys 2A5F5F95FCA123DCBF53B5F603B64789
C:\Windows\System32\drivers\sermouse.sys C8738887228B7BFA3B1A906816A8BB12
C:\Windows\System32\drivers\sfloppy.sys 67832B68752CDF7FDE56949E4A2E70BF
C:\Windows\System32\drivers\SiSRaid2.sys ED058030296CF9B79C8D48BF43724323
C:\Windows\System32\drivers\sisraid4.sys 633D3D1581E9DCCD5A2D8F039104C9A5
C:\Windows\System32\drivers\spaceport.sys 187B4AD4446C59F8FCC4A10F473EE3D1
C:\Windows\System32\drivers\SpbCx.sys 2799FCA215919FDC9A87C5FCAB530828
C:\Windows\system32\drivers\NSx64\1605040.018\SRTSP64.SYS BFA32A566B958EF5A1D6383F3CB03AA2
C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS BA2ABBEA69BD1866C973DE11CB0CE9F8
C:\Windows\System32\DRIVERS\srv.sys AA1F23501511EFE9CF9771F6B20E8D45
C:\Windows\System32\DRIVERS\srv2.sys F5B169EDF9D5E3C7200D89D30E065D13
C:\Windows\System32\DRIVERS\srvnet.sys 2E142E027F0AA698BA4DCE49CBDB43CD
C:\Windows\System32\drivers\stexstor.sys DDE064A4298FD1FBF804D3ED691E7EDB
C:\Windows\System32\drivers\storahci.sys 32C95F44108C3E7DB58F773346E3C9D0
C:\Windows\System32\drivers\vmstorfl.sys 8883C8CE4942A99B84E1CC6EFA19738E
C:\Windows\System32\drivers\stornvme.sys AE7B7E1E95BFB9340B1956C98CA52C81
C:\Windows\System32\drivers\storqosflt.sys 63513EF3121689B3A59BD217618A2E42
C:\Windows\System32\drivers\storufs.sys 000F5CFCEF0F06DC8FD1D2F568E48AE4
C:\Windows\System32\drivers\storvsc.sys 7415087F9006D6818F85F3CBD79B1A50
C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys 802278EE4ACCE9EA1F1481DF20EB1667
C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS C9EC22D5B3C6B32A7C8B4A73870A7379
C:\Windows\System32\drivers\NSx64\1605040.018\SymELAM.sys 1DE0CBF15AC67AE0E5B456ADEFB89493
C:\windows\system32\Drivers\SYMEVENT64x86.SYS 6DF8F618B93C821630C9BAA8DA3FAAAF
C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS 0891E59A27208B9B727BAB863B853E80
C:\Windows\system32\drivers\NSx64\1605040.018\SYMNETS.SYS 751C968945EFD42469FE52D6CE384196
C:\Windows\system32\DRIVERS\SynRMIHID.sys 6DCCAF437637DFBEAE8F632C9AF2D793
C:\Windows\System32\drivers\Synth3dVsc.sys 12D0CB1DCAE6725B6CA54CC2038C4C8C
C:\Windows\system32\DRIVERS\SynTP.sys 3FCFE5221C6FE16BA7C57AA3B324EF8B
C:\Windows\System32\drivers\tcpip.sys 7EBD20284AC9BF9F0A020B86769BB074
C:\Windows\System32\drivers\tcpip.sys 7EBD20284AC9BF9F0A020B86769BB074
C:\Windows\System32\drivers\tcpipreg.sys D378A1AF58AFA84BB6AC753F2C1BE9F4
C:\Windows\system32\DRIVERS\tdx.sys 28E1E63A1AC65E17B3194238FA2CF3BF
C:\Windows\System32\drivers\terminpt.sys CCDBD2817C10A4F631280CBB3AE44FFB
C:\Windows\system32\drivers\tpm.sys F4AEDABC8F3A9D632F8206D0C7F8CA09
C:\Windows\System32\drivers\TsUsbFlt.sys 676C801CAA61AADD0C918CC536A74B78
C:\Windows\System32\drivers\TsUsbGD.sys 2BB6CC0DD1CEE86330743B56FA9FE91F
C:\Windows\System32\drivers\tunnel.sys 14B46248612DF1B1A695040FFFBCFAFC
C:\Windows\System32\drivers\uagp35.sys D0BE5EA1652D55029C9A898FB8ACFCE0
C:\Windows\System32\drivers\uaspstor.sys 13C15E4B238895FE4731DB1D612EEB5F
C:\Windows\System32\Drivers\UcmCx.sys BEBB8B55C5F99B69EEE39A9D7BADB21E
C:\Windows\System32\drivers\UcmUcsi.sys DE3EDAF609D00EA2E54986E6459796A6
C:\Windows\System32\drivers\ucx01000.sys FB1C1D8B96A482F3581338D6752E1D6C
C:\Windows\System32\drivers\udecx.sys 4E1543ACE2F6E2846713E5123D9D4159
C:\Windows\System32\DRIVERS\udfs.sys CDCA9CC1D8293E75218D8FF85F2337A4
C:\Windows\System32\drivers\UEFI.sys BC683E19307C533C7161DB7A58051347
C:\Windows\System32\drivers\ufx01000.sys D14B42C26DE402F316D49667D15446F0
C:\Windows\System32\drivers\UfxChipidea.sys 192470BE4321791FBB25F379D0141D6F
C:\Windows\System32\drivers\ufxsynopsys.sys F7BD838E84E6B286DBCE068EFB8C0800
C:\Windows\System32\drivers\uliagpkx.sys A25842AC180F0E8B02380ECB8ADA1AF5
C:\Windows\System32\drivers\umbus.sys 21088F43172525C7E02D335A3327F46C
C:\Windows\System32\drivers\umpass.sys 294A291B5D48FE8F38DD94B7272442C5
C:\Windows\System32\drivers\urschipidea.sys A7A52EDDC3FAF183D6AC4774690ADF13
C:\Windows\System32\drivers\urscx01000.sys 2EEA0897DD9E30E958B508D557F0B5E4
C:\Windows\System32\drivers\urssynopsys.sys DC54D775A3A61E4CDE871B4E38A1459A
C:\Windows\System32\drivers\usbccgp.sys 18B63A0980F4AA1E6D7879B253980E37
C:\Windows\System32\drivers\usbcir.sys 1C60A1A3C8E1E819E16F12BAEB1C83F8
C:\Windows\System32\drivers\usbehci.sys 9A3E39F85DC6E3B9F792F1095ACFF788
C:\Windows\System32\drivers\usbhub.sys 0A368247A900656CC0678117DFC3A87C
C:\Windows\System32\drivers\UsbHub3.sys C08449092043601887A1743350888635
C:\Windows\System32\drivers\usbohci.sys 72EA850B59F40C25A4FEDDA5FE84EFEB
C:\Windows\System32\drivers\usbprint.sys 47B2B2DE152E25546944049CA1170BB1
C:\Windows\System32\drivers\usbser.sys 1F72E1A7E1858B7B3FF81522FCEBDE95
C:\Windows\System32\drivers\USBSTOR.SYS CD35467670DF1E6FBF36DA308F0C872B
C:\Windows\System32\drivers\usbuhci.sys DFA92EA105DD1073B43FB210EEB03DD4
C:\Windows\System32\drivers\USBXHCI.SYS C67A03F54A1EA683F4880A481EE5FF6C
C:\Windows\System32\drivers\vdrvroot.sys 26223003DDFB347B5CF3EC0B56DB066B
C:\Windows\System32\drivers\VerifierExt.sys A417284BC6B5C2EEF63F2C5154473530
C:\Windows\System32\drivers\vhdmp.sys 4C39C05A72EB14C0567501C7E087E564
C:\Windows\System32\drivers\vhf.sys C42206A15078596FDE8E89BB629DE342
C:\Windows\System32\drivers\vmbus.sys 248D9F911A5C94CF8477125DD0C3A291
C:\Windows\System32\drivers\VMBusHID.sys 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E
C:\Windows\System32\drivers\volmgr.sys 91F165C5D71D9DCB18D4661CF10D1084
C:\Windows\System32\drivers\volmgrx.sys 17042748AC05862A0283D32575220080
C:\Windows\System32\drivers\volsnap.sys 823A237D871CD652C6BFD47BECB6810A
C:\Windows\System32\drivers\vpci.sys 78727FA284C2095EED660D71CD3C9AEF
C:\Windows\System32\drivers\vsmraid.sys 2415961D561E02F5E46B7C1C687A6788
C:\Windows\System32\drivers\vstxraid.sys 6AE9A843AE979F2DCCA5A25C07C7A5F8
C:\Windows\System32\drivers\vwifibus.sys BD232C761C59FA8D8EF626CA630E2D2E
C:\Windows\System32\drivers\vwififlt.sys 3039687AB65CEE26CF478C1F42FFCD7D
C:\Windows\System32\drivers\vwifimp.sys 37C868DDE3103130B00AD1313DAB5ACB
C:\Windows\System32\drivers\wacompen.sys FC40A7527D39F06D032A6553D22E4BF6
C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
C:\Windows\system32\drivers\WdBoot.sys C8BA574B3BA6AE88741AC86B1FE3C1DC
C:\Windows\System32\drivers\Wdf01000.sys 927AD29D7F91B9A0C5294932374DA15E
C:\Windows\system32\drivers\WdFilter.sys C5BB7C612B4C852836BEA39593BA5F46
C:\Windows\System32\DRIVERS\wdiwifi.sys 9B2039C5673EEBF1D4E34ABC0AFB88C7
C:\Windows\System32\Drivers\WdNisDrv.sys BD193A7BD34B2E829FAF56306FEE3B09
C:\Windows\System32\drivers\wfplwfs.sys DBF5255B759212E5217A2748567A0B5C
C:\Windows\System32\drivers\wimmount.sys 4375BCBA419D19695CF566082CEF27D3
C:\Windows\System32\drivers\WindowsTrustedRT.sys 037BC6DE5F58D4A74A5BB0C12DCECDCA
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 70BCD70BD53F2FE660ED94B025A043EB
C:\Windows\System32\drivers\winmad.sys 7792AE5403BF8975B6460DFC3428D129
C:\Windows\System32\drivers\WinUSB.SYS 811F30EB6EE8318C4171CB95AE30B9BD
C:\Windows\System32\drivers\winverbs.sys DF00381AB8665D48DE3FF794BC6760AB
C:\Windows\System32\drivers\wmiacpi.sys 623ED8E10DFEEAB7AE2CD11A0451DB79
C:\Windows\System32\Drivers\Wof.sys 78CA1FF6FE37EEFAFF99DD1C956AF60A
C:\Windows\System32\DRIVERS\wpcfltr.sys 388F2A3C771B8BEE76FD1AAF9614D08E
C:\Windows\System32\drivers\WpdUpFltr.sys 37DCE976B3935380F2F6E39ABB6BF40D
C:\Windows\system32\drivers\ws2ifsl.sys 3CD22DD5A790CF7C24D65455E565EA83
C:\Windows\System32\drivers\WSDPrint.sys E392DFAF6D0DEFC812ECC727A61F91C5
C:\Windows\system32\DRIVERS\WSDScan.sys 0902C63D8C836EA4D0876FCD8D627701
C:\Windows\System32\drivers\WudfPf.sys 835F60262E7E310080EA05F6752BF248
C:\Windows\System32\drivers\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
C:\Windows\system32\DRIVERS\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
C:\Windows\System32\drivers\xboxgip.sys 30021D1E0407B71E8D5D4F8DAE4E656A
C:\Windows\System32\drivers\xinputhid.sys 6851673B90D8CB332439E0339F81A6B6
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-19 23:57 - 2015-10-19 23:57 - 00016148 _____ C:\WINDOWS\system32\CASEY_Casey_HistoryPrediction.bin
2015-10-19 23:46 - 2015-10-19 23:46 - 01251228 _____ C:\Users\Casey\Desktop\Info20151019234438.xml
2015-10-18 23:33 - 2015-10-18 23:33 - 00000000 ____D C:\Users\Casey\AppData\Local\NetworkTiles
2015-10-18 19:31 - 2015-10-18 19:31 - 22908888 _____ (Malwarebytes ) C:\Users\Casey\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-18 19:31 - 2015-10-18 19:31 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-18 19:31 - 2015-10-18 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-18 19:31 - 2015-10-18 19:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-18 19:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-18 19:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-18 19:00 - 2015-10-18 19:00 - 00688992 ____R (Swearware) C:\Users\Casey\Downloads\dds.scr
2015-10-18 18:58 - 2015-10-18 18:58 - 00031657 _____ C:\Users\Casey\Downloads\Shortcut.txt
2015-10-18 18:57 - 2015-10-18 18:58 - 00132816 _____ C:\Users\Casey\Downloads\FRST.txt
2015-10-18 18:57 - 2015-10-18 18:58 - 00022745 _____ C:\Users\Casey\Downloads\Addition.txt
2015-10-18 17:51 - 2015-10-18 18:44 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-18 17:22 - 2015-10-18 18:46 - 00000000 ____D C:\WINDOWS\pss
2015-10-18 16:56 - 2015-10-18 16:56 - 00000000 ____D C:\Users\Casey\Downloads\log
2015-10-18 16:49 - 2015-10-18 16:57 - 00000000 ____D C:\Users\Casey\Downloads\TMRBLog
2015-10-18 16:49 - 2015-10-18 16:49 - 14861360 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\svchost64.exe.exe
2015-10-18 16:49 - 2015-10-18 16:49 - 00000000 ____D C:\WINDOWS\system32\log
2015-10-18 16:48 - 2015-10-18 16:48 - 00260483 _____ C:\Users\Casey\AppData\Local\census.cache
2015-10-18 16:48 - 2015-10-18 16:48 - 00180513 _____ C:\Users\Casey\AppData\Local\ars.cache
2015-10-18 16:35 - 2015-10-18 16:35 - 09739456 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\attk_far_gui_x64.exe
2015-10-18 16:35 - 2015-10-18 16:35 - 00000000 ____D C:\WINDOWS\system32\TrendMicro AntiThreat Toolkit
2015-10-18 16:19 - 2015-10-18 16:46 - 00000334 _____ C:\Users\Casey\Downloads\Result.txt
2015-10-18 16:17 - 2015-10-18 16:35 - 00000324 _____ C:\WINDOWS\system32\Result.txt
2015-10-18 16:16 - 2015-10-18 16:16 - 09739456 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\svchost.exe.exe
2015-10-18 16:07 - 2015-10-18 16:07 - 00000000 ____D C:\TMRescueDisk
2015-10-18 16:06 - 2015-10-18 16:07 - 73956728 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\RescueDisk.exe
2015-10-18 14:51 - 2015-10-18 14:51 - 02494944 _____ (Trend Micro Inc.) C:\Users\Casey\Downloads\HousecallLauncher64.exe
2015-10-18 14:49 - 2015-10-18 18:50 - 00000000 ____D C:\Users\Casey\AppData\Local\MicrosoftEdge
2015-10-18 14:35 - 2015-10-18 14:35 - 00002349 _____ C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-18 14:34 - 2015-10-19 23:58 - 00000000 ____D C:\Users\Casey\AppData\Local\Deployment
2015-10-18 14:34 - 2015-10-18 14:34 - 00000000 ____D C:\Users\Casey\AppData\Local\Publishers
2015-10-18 14:33 - 2015-10-18 19:10 - 00000000 ____D C:\Users\Casey\AppData\Local\Comms
2015-10-18 14:33 - 2015-10-18 14:33 - 00000000 ____D C:\Users\Casey\AppData\Local\TileDataLayer
2015-10-18 14:29 - 2015-10-18 14:29 - 00016148 _____ C:\WINDOWS\system32\CASEY_casey_000_HistoryPrediction.bin
2015-10-18 14:24 - 2015-10-18 14:52 - 00000010 _____ C:\Users\Casey\AppData\Local\sponge.last.runtime.cache
2015-10-18 14:23 - 2015-10-18 14:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\casey_000\Downloads\HijackThis (1).exe
2015-10-18 14:23 - 2015-10-18 14:23 - 00009642 _____ C:\Users\casey_000\Downloads\hijackthis.log
2015-10-18 14:21 - 2015-10-18 14:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\casey_000\Downloads\HijackThis.exe
2015-10-18 14:21 - 2015-10-18 14:21 - 00000036 _____ C:\Users\Casey\AppData\Local\housecall.guid.cache
2015-10-18 14:21 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-10-18 14:20 - 2015-10-18 14:20 - 02494560 _____ (Trend Micro Inc.) C:\Users\casey_000\Downloads\HousecallLauncher64.exe
2015-10-18 14:19 - 2015-10-18 14:19 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\casey_000\Downloads\RUBottedSetup.exe
2015-10-16 20:43 - 2015-10-16 20:43 - 04564250 _____ C:\Users\casey_000\Desktop\net-internals-log.json
2015-10-16 20:21 - 2015-10-19 04:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-16 20:21 - 2015-10-19 04:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-16 20:21 - 2015-10-16 20:28 - 00000000 ____D C:\Users\casey_000\AppData\Local\Mozilla
2015-10-16 20:21 - 2015-10-16 20:21 - 00001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-16 20:21 - 2015-10-16 20:21 - 00001231 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-16 20:21 - 2015-10-16 20:21 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Mozilla
2015-10-16 20:16 - 2015-10-19 04:42 - 00000000 ____D C:\Users\casey_000\AppData\Local\Mixesoft
2015-10-16 19:57 - 2015-10-16 19:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-16 19:13 - 2015-10-16 20:28 - 00000000 ____D C:\Users\casey_000\Desktop\remove
2015-10-16 18:37 - 2015-10-16 14:47 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-16 18:37 - 2015-10-16 14:40 - 00000000 __SHD C:\Recovery
2015-10-16 18:35 - 2015-10-16 18:35 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-16 18:35 - 2015-10-16 18:35 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-16 18:35 - 2015-10-16 18:35 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-16 18:35 - 2015-10-16 18:35 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-16 18:35 - 2015-10-16 18:35 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-16 18:35 - 2015-10-16 18:35 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-16 18:35 - 2015-10-16 18:35 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-16 18:35 - 2015-10-16 18:35 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-16 18:35 - 2015-10-16 18:35 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-16 18:35 - 2015-10-16 18:35 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-16 18:35 - 2015-10-16 18:35 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-16 18:35 - 2015-10-16 18:35 - 00000000 ____D C:\Windows.old
2015-10-16 18:32 - 2015-10-16 18:32 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-16 18:32 - 2015-10-16 18:32 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-16 18:32 - 2015-10-16 18:32 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-16 18:32 - 2015-10-16 18:32 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-16 18:32 - 2015-10-16 18:32 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-16 18:32 - 2015-10-16 18:32 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-16 18:30 - 2015-10-16 18:30 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-16 18:29 - 2015-10-16 18:29 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-16 18:29 - 2015-10-16 18:29 - 00000000 ____D C:\Program Files\MSBuild
2015-10-16 18:29 - 2015-10-16 18:29 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-16 18:29 - 2015-10-16 18:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-16 18:28 - 2015-06-17 22:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-10-16 18:28 - 2015-06-17 22:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-16 18:28 - 2015-06-17 22:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-10-16 18:28 - 2015-05-30 01:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-10-16 18:28 - 2015-05-30 01:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-16 18:28 - 2015-05-30 01:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-10-16 18:27 - 2015-10-16 18:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-10-16 18:27 - 2015-10-16 18:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-10-16 18:26 - 2015-10-16 18:26 - 18218800 _____ (Adobe Systems Inc.) C:\Users\casey_000\Downloads\AdobeAIRInstaller.exe
2015-10-16 18:25 - 2015-10-16 18:25 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-10-16 18:24 - 2015-10-16 18:25 - 13840464 _____ (Adobe Systems Inc.) C:\Users\casey_000\Downloads\Shockwave_Installer_Full.exe
2015-10-16 18:19 - 2015-10-16 20:19 - 00000000 ____D C:\Users\casey_000\AppData\Local\Google
2015-10-16 18:19 - 2015-10-16 18:31 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-16 18:19 - 2015-10-16 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-16 18:18 - 2015-10-19 23:57 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-16 18:18 - 2015-10-18 20:30 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-16 18:18 - 2015-10-16 18:25 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-16 18:18 - 2015-10-16 18:25 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-16 18:18 - 2015-10-16 18:18 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-16 18:17 - 2015-10-16 22:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-16 18:17 - 2015-10-16 18:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-16 18:17 - 2015-10-16 18:17 - 00002135 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-16 18:15 - 2015-10-16 22:30 - 00000000 ____D C:\ProgramData\Adobe
2015-10-16 18:14 - 2015-10-16 18:27 - 00000000 ____D C:\Users\casey_000\AppData\Local\Adobe
2015-10-16 18:14 - 2015-10-16 18:27 - 00000000 ____D C:\Users\Casey\AppData\Local\Adobe
2015-10-16 15:10 - 2015-10-16 22:30 - 00000000 ____D C:\Users\casey_000\AppData\Local\CrashDumps
2015-10-16 14:59 - 2015-10-16 14:59 - 11353649 _____ C:\Users\casey_000\Downloads\Waterfalls.themepack
2015-10-16 14:58 - 2015-10-16 14:58 - 00000020 ___SH C:\Users\Casey\ntuser.ini
2015-10-16 14:57 - 2015-10-16 22:14 - 00000000 ____D C:\Users\casey_000\AppData\Local\MicrosoftEdge
2015-10-16 14:55 - 2015-10-16 14:55 - 00000000 ____D C:\Users\casey_000\AppData\Local\NetworkTiles
2015-10-16 14:53 - 2015-10-16 15:01 - 00000000 ____D C:\Users\casey_000\AppData\Local\Comms
2015-10-16 14:53 - 2015-10-16 14:54 - 00002361 _____ C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-16 14:52 - 2015-10-16 14:52 - 00000000 ____D C:\Users\casey_000\AppData\Local\Publishers
2015-10-16 14:51 - 2015-10-16 14:51 - 00000020 ___SH C:\Users\casey_000\ntuser.ini
2015-10-16 14:51 - 2015-10-16 14:51 - 00000000 ____D C:\Users\casey_000\AppData\Local\TileDataLayer
2015-10-16 14:46 - 2015-10-20 00:01 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-16 14:46 - 2015-10-16 14:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-10-16 14:43 - 2015-10-16 14:43 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki
2015-10-16 14:43 - 2015-10-16 14:43 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki
2015-10-16 14:42 - 2015-10-16 14:42 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-16 14:41 - 2015-10-16 14:43 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-10-16 14:40 - 2015-10-19 23:51 - 00000000 ____D C:\Users\casey_000
2015-10-16 14:40 - 2015-10-19 23:42 - 00000000 ____D C:\Users\Casey
2015-10-16 14:40 - 2015-10-18 14:33 - 00000000 ___RD C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-16 14:40 - 2015-10-16 14:51 - 00000000 ___RD C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 __RSD C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 __RSD C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ___RD C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ___RD C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ___RD C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ___RD C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-16 14:40 - 2015-07-30 18:42 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-16 14:39 - 2015-10-19 23:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-16 14:39 - 2015-10-19 04:42 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-16 14:39 - 2015-10-16 14:41 - 00000000 ____D C:\Program Files\Intel
2015-10-16 14:39 - 2015-10-16 14:39 - 00000515 _____ C:\WINDOWS\Synaptics.PD.log
2015-10-16 14:39 - 2015-10-16 14:39 - 00000515 _____ C:\WINDOWS\Synaptics.log
2015-10-16 14:39 - 2015-10-16 14:39 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsHid_02_15_00.Wdf
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SdoV2_02_15_00.Wdf
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____D C:\Program Files\Synaptics
2015-10-16 14:39 - 2015-10-16 14:39 - 00000000 ____D C:\Program Files\Realtek
2015-10-16 14:39 - 2015-07-17 23:58 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-10-16 14:39 - 2015-07-17 23:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-10-16 14:37 - 2015-10-16 14:38 - 00030806 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-10-16 14:23 - 2015-10-16 14:46 - 00006611 _____ C:\WINDOWS\comsetup.log
2015-10-16 14:22 - 2015-10-16 14:46 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2015-10-16 14:22 - 2015-10-16 14:46 - 00013338 _____ C:\WINDOWS\diagerr.xml
2015-10-16 14:02 - 2015-10-16 14:46 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3872892580-1632997701-2637702364-1002
2015-10-16 13:59 - 2015-10-16 13:59 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Macromedia
2015-10-16 13:59 - 2015-10-16 13:59 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Intel Corporation
2015-10-16 13:59 - 2015-10-16 13:59 - 00000000 ____D C:\Users\casey_000\AppData\Local\GWX
2015-10-16 13:57 - 2015-10-16 14:55 - 00000000 ____D C:\Users\casey_000\OneDrive
2015-10-16 13:57 - 2015-10-16 14:52 - 00000000 ____D C:\Users\casey_000\AppData\Local\PackageStaging
2015-10-16 13:51 - 2015-10-18 14:23 - 00000000 ____D C:\Users\casey_000\AppData\Local\VirtualStore
2015-10-16 13:51 - 2015-10-17 13:15 - 00000000 ____D C:\Users\casey_000\AppData\Local\Packages
2015-10-16 13:51 - 2015-10-16 18:27 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Adobe
2015-10-16 13:51 - 2015-10-16 13:51 - 00000000 ____D C:\Users\casey_000\AppData\Roaming\Intel
2015-10-16 13:47 - 2015-10-19 04:42 - 00000000 ____D C:\Users\Casey\Desktop\backups
2015-10-14 03:28 - 2015-10-19 23:58 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-14 03:23 - 2015-10-14 03:23 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Casey\Desktop\rkill64.exe
2015-10-14 03:09 - 2015-10-20 00:15 - 00000000 ____D C:\FRST
2015-10-14 02:41 - 2015-10-14 02:41 - 01682432 _____ C:\Users\Casey\Desktop\AdwCleaner.exe
2015-10-14 01:49 - 2015-10-14 01:49 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Casey\Desktop\rkill.exe
2015-10-14 01:42 - 2015-10-19 23:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-14 01:42 - 2015-10-18 19:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-14 01:42 - 2015-10-14 01:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-14 01:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-14 01:20 - 2015-10-14 01:20 - 00000017 _____ C:\Users\Casey\AppData\Local\resmon.resmoncfg
2015-10-14 01:19 - 2015-10-19 23:48 - 00000000 ____D C:\Users\Casey\AppData\Local\CrashDumps
2015-10-14 00:25 - 2015-10-14 00:25 - 00000000 ____D C:\ESD
2015-10-14 00:16 - 2015-10-14 00:16 - 00000000 ___HD C:\$Windows.~WS
2015-10-13 02:50 - 2015-10-13 02:57 - 00000000 ____D C:\Users\Casey\AppData\Local\Mozilla
2015-10-13 02:50 - 2015-10-13 02:51 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Mozilla
2015-10-13 02:38 - 2015-10-19 04:42 - 00000000 ____D C:\ProgramData\OneKey Optimizer
2015-10-13 02:36 - 2014-06-10 12:54 - 00192624 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\esif_lf.sys
2015-10-13 02:36 - 2014-06-10 12:54 - 00035136 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_cpu.sys
2015-10-13 02:36 - 2014-06-10 12:54 - 00034072 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_pch.sys
2015-10-13 02:36 - 2013-06-18 06:34 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01011.dll
2015-10-13 02:27 - 2015-10-16 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2015-10-13 02:27 - 2015-10-13 02:27 - 00001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudio.lnk
2015-10-13 02:27 - 2015-10-13 02:27 - 00000000 ____D C:\Program Files\Waves
2015-10-13 02:27 - 2015-03-05 15:13 - 72113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-10-13 02:27 - 2015-03-05 15:13 - 12975360 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2015-10-13 02:27 - 2015-03-05 15:13 - 05234952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 04421976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-10-13 02:27 - 2015-03-05 15:13 - 03218800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 02909552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 02902040 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 02814832 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 02702040 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-10-13 02:27 - 2015-03-05 15:13 - 02162992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01952152 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-10-13 02:27 - 2015-03-05 15:13 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01709272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01499984 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01360640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01313904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01298136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01136728 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 01104040 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00979280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00943784 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00856992 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00734376 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00501184 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00487360 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00415680 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00250536 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00096568 _____ C:\WINDOWS\system32\audioLibVc.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2015-10-13 02:27 - 2015-03-05 15:13 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-10-13 02:27 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-10-13 02:27 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-10-13 02:27 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-10-13 02:27 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-10-13 02:27 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2015-10-13 02:27 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2015-10-13 02:27 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2015-10-13 02:27 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2015-10-13 02:27 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2015-10-13 02:24 - 2015-10-13 02:24 - 629145600 ___SH C:\WINDOWS\lenovo_fastboot.img
2015-10-13 02:24 - 2015-10-13 02:24 - 00001206 _____ C:\Users\Public\Desktop\OneKey Optimizer.Lnk
2015-10-13 02:23 - 2015-10-13 02:23 - 00035064 _____ (Lenovo Corporation) C:\WINDOWS\system32\Drivers\AcpiVpc.sys
2015-10-13 02:23 - 2015-01-27 15:34 - 00070168 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Fastboot.sys
2015-10-13 02:22 - 2015-10-13 02:22 - 02356592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\Users\Casey\Intel.sav
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Intel
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\ProgramData\Intel.sav
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-10-13 02:21 - 2015-10-13 02:21 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-10-13 02:19 - 2015-10-13 02:22 - 00000000 ____D C:\Users\Casey\AppData\Local\Downloaded Installations
2015-10-13 02:19 - 2015-10-13 02:19 - 00000000 ____D C:\Program Files\DIFX
2015-10-13 02:06 - 2015-10-16 14:43 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-10-13 01:53 - 2015-10-13 02:30 - 00000425 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-10-13 01:18 - 2015-10-16 18:19 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-13 01:18 - 2015-10-13 01:18 - 00000000 ____D C:\Users\Casey\AppData\Local\Google
2015-10-13 01:17 - 2015-10-13 01:17 - 00000000 ____D C:\Users\Casey\AppData\Local\Apps\2.0
2015-10-13 01:07 - 2015-10-20 00:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2015-10-13 01:05 - 2015-10-16 14:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-10-13 01:05 - 2015-10-13 01:05 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-10-13 01:05 - 2015-10-13 01:05 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-10-13 01:05 - 2015-10-13 01:05 - 00002411 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-10-13 01:05 - 2015-10-13 01:05 - 00000000 ____D C:\Program Files (x86)\Norton Security
2015-10-12 23:36 - 2015-10-12 23:36 - 00000000 ____D C:\BIOS
2015-10-12 23:12 - 2015-10-12 23:12 - 00000000 ____D C:\Users\Casey\AppData\Roaming\InstallShield
2015-10-12 23:07 - 2015-10-12 23:07 - 00000000 ____D C:\Users\Casey\AppData\LocalLow\Intel
2015-10-12 23:06 - 2015-10-12 23:06 - 00000000 ____D C:\Users\Casey\Intel
2015-10-12 22:49 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-12 22:48 - 2015-08-22 09:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-12 21:01 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-10-12 19:17 - 2015-10-16 18:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-12 19:17 - 2015-10-16 18:26 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-12 19:04 - 2015-10-19 23:44 - 00000000 ____D C:\NPE
2015-10-12 19:03 - 2015-10-19 23:50 - 00000000 ____D C:\Users\Casey\AppData\Local\NPE
2015-10-12 19:03 - 2015-10-12 23:14 - 03088296 _____ (Symantec Corporation) C:\Users\Casey\Desktop\NPE.exe
2015-10-12 18:55 - 2015-10-12 18:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-10-12 18:51 - 2015-10-16 14:46 - 00003416 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-10-12 18:51 - 2015-10-13 01:05 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-10-12 18:50 - 2015-10-12 18:50 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2015-10-12 18:48 - 2015-10-13 01:07 - 00000000 ____D C:\ProgramData\Norton
2015-10-12 18:48 - 2015-10-12 18:48 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-10-12 18:47 - 2014-10-28 21:54 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfpCommon.dll
2015-10-12 18:46 - 2014-10-28 21:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfp.exe
2015-10-12 18:13 - 2015-10-12 18:20 - 05202968 _____ (Symantec Corporation) C:\Users\Public\Documents\NortonSymHelp.exe
2015-10-12 17:46 - 2015-10-16 14:43 - 00000000 ____D C:\WINDOWS\SysWOW64\reaper_data
2015-10-12 17:26 - 2015-10-16 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VRQ
2015-10-12 17:26 - 2015-10-12 17:27 - 00000000 ____D C:\Program Files (x86)\VRQ
2015-10-12 17:26 - 2015-10-12 17:26 - 00000000 ____D C:\ProgramData\Norton VRQ
2015-10-12 17:20 - 2015-10-13 01:31 - 00000000 ____D C:\Users\Casey\AppData\Local\LogMeIn Rescue Applet
2015-10-12 17:19 - 2015-10-20 00:02 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D4B09748-5B5D-42B7-9A1B-671D3234AB17}
2015-10-12 17:19 - 2015-10-12 21:03 - 00000000 __SHD C:\Users\Casey\AppData\LocalLow\EmieUserList
2015-10-12 17:19 - 2015-10-12 21:03 - 00000000 __SHD C:\Users\Casey\AppData\LocalLow\EmieSiteList
2015-10-12 17:19 - 2015-10-12 21:03 - 00000000 __SHD C:\Users\Casey\AppData\Local\EmieUserList
2015-10-12 17:19 - 2015-10-12 21:03 - 00000000 __SHD C:\Users\Casey\AppData\Local\EmieSiteList
2015-10-12 17:17 - 2015-10-16 14:46 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3872892580-1632997701-2637702364-1001
2015-10-12 17:17 - 2015-10-16 14:46 - 00003404 _____ C:\WINDOWS\System32\Tasks\LSInstallManager
2015-10-12 17:15 - 2015-10-12 17:15 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Macromedia
2015-10-12 17:14 - 2015-10-12 17:14 - 00000000 ____D C:\Users\Public\Pokki
2015-10-12 17:14 - 2015-10-12 17:14 - 00000000 ____D C:\Users\Casey\AppData\Local\Lenovo
2015-10-12 17:13 - 2015-10-12 17:42 - 00053755 _____ C:\Users\Public\Documents\TestPicksStart.txt
2015-10-12 17:13 - 2015-10-12 17:13 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Intel Corporation
2015-10-12 17:13 - 2015-10-12 17:13 - 00000000 ____D C:\Users\Casey\AppData\Local\GWX
2015-10-12 17:12 - 2015-10-18 16:59 - 00000000 ____D C:\Users\Casey\OneDrive
2015-10-12 17:12 - 2015-10-12 17:12 - 00000000 ____D C:\Users\Casey\AppData\Local\PackageStaging
2015-10-12 17:11 - 2015-10-19 04:41 - 00000000 ____D C:\Users\Casey\AppData\Local\Packages
2015-10-12 17:11 - 2015-10-14 02:11 - 00000000 ____D C:\Users\Casey\AppData\Local\VirtualStore
2015-10-12 17:11 - 2015-10-12 17:11 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Adobe
2015-10-12 17:08 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00774832 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00637616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-10-01 22:41 - 2015-10-01 22:41 - 00428736 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00279216 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo34-2.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00277696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-10-01 22:41 - 2015-10-01 22:41 - 00065728 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2015-10-01 22:41 - 2015-10-01 22:41 - 00065728 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-20 00:07 - 2014-12-22 19:27 - 00000000 ____D C:\ProgramData\Lenovo
2015-10-19 23:58 - 2014-12-22 19:23 - 00006469 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-10-19 23:56 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-19 23:56 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-19 23:56 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-19 23:48 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-19 23:47 - 2015-07-30 18:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-19 04:42 - 2014-12-22 19:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-10-19 04:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\registration
2015-10-19 04:41 - 2014-12-22 19:35 - 00000000 ____D C:\Program Files (x86)\Nitro
2015-10-19 04:41 - 2014-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-18 23:55 - 2015-07-30 17:50 - 00021044 _____ C:\WINDOWS\setupact.log
2015-10-18 23:52 - 2015-09-10 01:32 - 00063292 _____ C:\WINDOWS\PFRO.log
2015-10-18 22:53 - 2014-12-22 19:10 - 00106988 _____ C:\WINDOWS\DPINST.LOG
2015-10-18 22:48 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-17 03:35 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-17 03:30 - 2015-07-30 18:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-17 03:30 - 2015-07-30 17:49 - 00201912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-16 18:37 - 2015-07-30 18:42 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-16 18:35 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-16 18:33 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-16 14:55 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-16 14:47 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\rescache
2015-10-16 14:46 - 2014-12-22 19:19 - 00003830 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-16 14:46 - 2014-12-22 19:19 - 00003588 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-16 14:45 - 2015-07-30 18:42 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-16 14:43 - 2015-07-30 18:43 - 00005306 _____ C:\WINDOWS\DtcInstall.log
2015-10-16 14:43 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-16 14:43 - 2014-12-22 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-10-16 14:43 - 2014-12-22 19:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-10-16 14:43 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-16 14:41 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-16 14:41 - 2014-12-22 19:27 - 00000000 ____D C:\WINDOWS\SysWOW64\Lenovo
2015-10-16 14:41 - 2014-12-22 19:27 - 00000000 ____D C:\WINDOWS\system32\Lenovo
2015-10-16 14:41 - 2014-12-22 19:18 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-16 14:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-10-16 14:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-10-16 14:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-10-16 14:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-10-16 14:40 - 2015-07-10 05:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-16 14:39 - 2015-07-30 17:50 - 00000049 _____ C:\WINDOWS\setuperr.log
2015-10-16 14:37 - 2015-07-10 05:47 - 00000000 __RHD C:\Users\Default
2015-10-16 14:23 - 2015-09-10 02:58 - 00000000 ___HD C:\$Windows.~BT
2015-10-14 19:29 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-13 02:52 - 2014-12-22 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-13 02:50 - 2014-12-22 19:39 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-10-13 02:30 - 2014-12-22 19:21 - 00016162 _____ C:\WINDOWS\system32\results.xml
2015-10-13 02:29 - 2014-12-22 19:20 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2015-10-13 02:28 - 2014-12-22 19:24 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-10-13 02:23 - 2014-12-22 19:22 - 00000000 ____D C:\Program Files\Lenovo
2015-10-13 02:21 - 2014-12-22 19:18 - 00000000 ____D C:\ProgramData\Intel
2015-10-13 02:20 - 2014-12-22 19:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-12 23:03 - 2014-12-22 19:23 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-12 18:23 - 2014-12-22 19:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-10-12 17:46 - 2014-12-22 19:38 - 00002560 _____ C:\WINDOWS\system32\VfService.trf
2015-10-12 17:43 - 2014-12-22 19:40 - 00000000 ____D C:\Program Files\Lenovo PhoneCompanion
2015-10-12 17:33 - 2014-12-22 19:37 - 00000000 ____D C:\ProgramData\TEMP
2015-10-12 17:32 - 2014-12-22 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Photo Master
2015-10-12 17:32 - 2014-12-22 19:40 - 00000000 ____D C:\ProgramData\CyberLink
2015-10-12 17:17 - 2014-12-22 19:38 - 00000000 ____D C:\ProgramData\McAfee
2015-10-12 17:12 - 2014-12-22 19:39 - 00000000 ____D C:\Users\Public\Documents\Lenovo
2015-10-02 13:36 - 2015-07-30 18:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 13:36 - 2015-07-30 18:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-10-18 16:48 - 2015-10-18 16:48 - 0180513 _____ () C:\Users\Casey\AppData\Local\ars.cache
2015-10-18 16:48 - 2015-10-18 16:48 - 0260483 _____ () C:\Users\Casey\AppData\Local\census.cache
2015-10-18 14:21 - 2015-10-18 14:21 - 0000036 _____ () C:\Users\Casey\AppData\Local\housecall.guid.cache
2015-10-14 01:20 - 2015-10-14 01:20 - 0000017 _____ () C:\Users\Casey\AppData\Local\resmon.resmoncfg
2015-10-18 14:24 - 2015-10-18 14:52 - 0000010 _____ () C:\Users\Casey\AppData\Local\sponge.last.runtime.cache
2015-10-16 14:39 - 2015-10-16 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {9fff7d45-715b-11e5-826e-806e6f6e6963}
                        {c1dce4c8-75e9-11e5-82a3-90489afb25f1}
                        {c1dce4c9-75e9-11e5-82a3-90489afb25f1}
                        {c1dce4ca-75e9-11e5-82a3-90489afb25f1}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {59004cad-7433-11e5-8293-e3af2e49e19e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0
 
Firmware Application (101fffff)
-------------------------------
identifier              {9fff7d45-715b-11e5-826e-806e6f6e6963}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\LrsBootMgr.efi
description             Lenovo Recovery System
 
Firmware Application (101fffff)
-------------------------------
identifier              {c1dce4c8-75e9-11e5-82a3-90489afb25f1}
description             EFI USB Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {c1dce4c9-75e9-11e5-82a3-90489afb25f1}
description             EFI DVD/CDROM
 
Firmware Application (101fffff)
-------------------------------
identifier              {c1dce4ca-75e9-11e5-82a3-90489afb25f1}
description             EFI Network
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {59004caf-7433-11e5-8293-e3af2e49e19e}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {59004cad-7433-11e5-8293-e3af2e49e19e}
nx                      OptIn
bootmenupolicy          Standard
bootlog                 No
 
Windows Boot Loader
-------------------
identifier              {59004caf-7433-11e5-8293-e3af2e49e19e}
device                  ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{59004cb0-7433-11e5-8293-e3af2e49e19e}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{59004cb0-7433-11e5-8293-e3af2e49e19e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Setup
-------------
identifier              {7254a080-1510-4e85-ac0f-e7fb3d444736}
device                  ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{59004cac-7433-11e5-8293-e3af2e49e19e}
path                    \windows\system32\winload.efi
description             Windows Rollback
locale                  en-US
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{59004cac-7433-11e5-8293-e3af2e49e19e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {9a599ccc-8a2f-11e4-8254-00808d000035}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9a599ccd-8a2f-11e4-8254-00808d000035}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9a599ccd-8a2f-11e4-8254-00808d000035}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {212cf5c9-8a34-11e4-8a30-90489afb25f1}
device                  partition=C:
path                    \windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {9a599ccc-8a2f-11e4-8254-00808d000035}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {59004cad-7433-11e5-8293-e3af2e49e19e}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {59004caf-7433-11e5-8293-e3af2e49e19e}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {59004cac-7433-11e5-8293-e3af2e49e19e}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
Device options
--------------
identifier              {59004cb0-7433-11e5-8293-e3af2e49e19e}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume6
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {9a599ccd-8a2f-11e4-8254-00808d000035}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2015-10-16 14:37
 
==================== End of FRST.txt ============================


#13 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 19 October 2015 - 11:39 PM

Users shortcut scan result (x64) Version:18-10-2015
Ran by Casey (2015-10-20 00:16:30)
Running from C:\Users\Casey\Desktop\hosts
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Casey\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Casey\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Casey\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Casey\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Casey\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Casey ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk -> C:\Windows\Installer\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}\Professional.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudio.lnk -> C:\Program Files\Waves\MaxxAudio\MaxxAudioControl64.exe (Waves Audio Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VRQ\Uninstall VRQ.lnk -> C:\ProgramData\Norton VRQ\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek\Realtek HD Audio Manager.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\OneKey Optimizer.Lnk -> C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe (Lenovo(beijing) Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\User Manuals.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\Links\Desktop.lnk -> C:\Users\Casey\Desktop ()
Shortcut: C:\Users\Casey\Links\Downloads.lnk -> C:\Users\Casey\Downloads ()
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Casey\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\SendTo\VRQAddFiles.lnk -> C:\Program Files (x86)\VRQ\VRQAddFiles.exe (Symantec Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UserGuide.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo)
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\Links\Desktop.lnk -> C:\Users\casey_000\Desktop ()
Shortcut: C:\Users\casey_000\Links\Downloads.lnk -> C:\Users\casey_000\Downloads ()
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\casey_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UserGuide.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo)
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Casey\Documents ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Casey\Pictures ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\OneKey Optimizer.Lnk -> C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe (Lenovo(beijing) Limited)
 
 
 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VRQ\VRQ for QA.lnk -> C:\Program Files (x86)\VRQ\VRQTool.exe (Symantec Corporation) -> /env=qa /noConfigCache /pupsQA /pupsVerbose
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security\Norton Security.lnk -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\uiStub.exe (Symantec Corporation) -> /win8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Update Manager\Intel® Update Manager.lnk -> C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe () -> --showui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Casey\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\casey_000\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\casey_000\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Norton Security.LNK -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\uiStub.exe (Symantec Corporation) -> /win8
 

InternetURL: C:\Users\Casey\Favorites\AmazonBrowserBar.url -> hxxp://www.amazon.com/gp/BIT/AmazonBrowserBar/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
InternetURL: C:\Users\Casey\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Casey\Favorites\Lenovo\Lenovo Support.url -> hxxp://support.lenovo.com/
InternetURL: C:\Users\Casey\Favorites\Lenovo\Lenovo.url -> hxxp://www.lenovo.com/
InternetURL: C:\Users\casey_000\Favorites\AmazonBrowserBar.url -> hxxp://www.amazon.com/gp/BIT/AmazonBrowserBar/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
InternetURL: C:\Users\casey_000\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\casey_000\Favorites\Speakeasy Speed Test - Powered by MegaPath.url -> hxxp://www.speakeasy.net/speedtest/
InternetURL: C:\Users\casey_000\Favorites\Lenovo\Lenovo Support.url -> hxxp://support.lenovo.com/
InternetURL: C:\Users\casey_000\Favorites\Lenovo\Lenovo.url -> hxxp://www.lenovo.com/
InternetURL: C:\Users\Default\Favorites\AmazonBrowserBar.url -> hxxp://www.amazon.com/gp/BIT/AmazonBrowserBar/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo Support.url -> hxxp://support.lenovo.com/
InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo.url -> hxxp://www.lenovo.com/
 
==================== End of Shortcut.txt =============================


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 AM

Posted 20 October 2015 - 07:29 AM


This is an IP server in Switzerland, can you relate to it?

Tcpip\..\Interfaces\{9bde7ac4-539f-42dd-bb13-ce374a7d4011}: [DhcpNameServer] 150.213.1.3



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll No File
Task: {14620DC6-C163-47C6-92CD-1BC24DE9F833} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3AF3DD52-EF11-41CD-A49A-6536CA6A26E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {42891C3F-177C-49B8-AE11-2FB6C12ECFC9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {476B8911-5CDA-42DF-9530-A0DB13AEC4B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {63ABE324-3C36-43AE-817B-CEC24CAB59A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A0E08CC3-DC75-4960-94A8-BE353C5B01C0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA9A365F-9F8B-4EF8-85DC-66AFCC00A382} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BCC6C505-6F9B-4B00-8025-EF3C9734FF8D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C5175083-6200-4323-A9D3-8A1E49EEC953} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E51BB984-EBE6-4758-B87C-37433E4CE0C6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F5B64ADA-B149-47E7-8084-D3D40824D56B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
AlternateDataStreams: C:\Users\Casey\OneDrive:ms-properties
AlternateDataStreams: C:\Users\casey_000\OneDrive:ms-properties

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#15 someonehelpplease

someonehelpplease
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 21 October 2015 - 01:20 AM

No I cannot relate to that.  Have no idea what or why that IP would be there.  I am posting both farbar fix logs and the Zoek log.  A minute after running the script in Zoek I received a popup that the program DaSa1 has stopped working and had to close.  I don't know what that program is or if it is internal. Screen flickered a couple times while continuing to run and then had to reboot.   Computer still flickers and on my Wi-Fi list of networks all of them are checked to connect automatically even though I uncheck them it reverts back.  Not sure if that is normal but I do not wish to connect to any other networks automatically but my own.  Attaching logs in the order ran.  Hopefully you can shed some light on how my laptop got this way? 

 

It was a lot easier posting and adding my attachments this time.

 

Attached File  Fixlog.txt   7.72KB   1 downloadsAttached File  Fixlog.txt   6.08KB   0 downloadsAttached File  zoek-results.txt   6.94KB   1 downloads






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users