Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS_PROBE_FINISHED_NXDOMAIN issue


  • This topic is locked This topic is locked
26 replies to this topic

#1 EtuBruce8

EtuBruce8

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 04 November 2015 - 07:56 AM

Hi,

 

I think I have some combination of these issues with my computer:

http://www.bleepingcomputer.com/forums/t/593591/dns-probe-finished-nxdomain-no-browers-work/

https://blog.malwarebytes.org/intelligence/2015/09/shopperz-alters-dnsapi-dll/

http://www.bleepingcomputer.com/forums/t/594584/my-dnsapidll-is-infected/

 

I have tried to implement the solution from the first link myself, but I couldn't make it work (I think because the dll I downloaded was not signed, so the dll I copied to SysWOW64 was not signed. I then tried to copy one that was signed from system32 and it hasn't worked).

 

It seems like you guys are able to solve this issue, so hopefully you can help me as well! As with other posts, I have posted the results of FRST64 Scan (all whitelist options and addition.txt) below.

 

Thank you for any assistance!

 

Chad

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Chad (administrator) on CHAD-PC (04-11-2015 07:54:12)
Running from E:\
Loaded Profiles: Chad (Available Profiles: Chad)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [gmsd_us_005010131] => [X]
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\MountPoints2: {8934c352-4d92-11e5-80f9-d4bed98f509b} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\MountPoints2: {e9636d32-fa45-11e4-8fc9-d4bed98f509b} - K:\SETUP.EXE
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\MountPoints2: {e9636d84-fa45-11e4-8fc9-d4bed98f509b} - L:\AutoRun.exe "1, EndNote X6, Thomson Reuters"
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\MountPoints2: {e9636ea2-fa45-11e4-8fc9-d4bed98f509b} - M:\ESRI.exe
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => No File
AppInit_DLLs:  KATRK64.DLL => C:\Windows\KATRK64.DLL [24696 2014-06-20] (Sassafras Software Inc.)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => No File
AppInit_DLLs-x32:  KATRACK.DLL => C:\Windows\KATRACK.DLL [19064 2014-06-20] (Sassafras Software Inc.)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 141.211.125.17 141.211.144.17
Tcpip\..\Interfaces\{D3F42230-7E69-4C89-AD20-CB65B13A368B}: [DhcpNameServer] 141.211.125.17 141.211.144.17
Tcpip\..\Interfaces\{E3601081-C1A3-4520-B2CC-EFF60C9B1079}: [DhcpNameServer] 141.211.125.17 141.211.144.17
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1989627190-358790448-4226124592-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\1wbryqx2.default
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF user.js: detected! => C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\1wbryqx2.default\user.js [2015-10-31]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Extension: Greasemonkey - C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\1wbryqx2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-09-08]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxps://mail.google.com/mail/?hl=en&shva=1#inbox
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-14]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-14]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-14]
CHR Extension: (Google Cast) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-07-09]
CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-05-28]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-07-17]
CHR Extension: (Ad-blocker for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2015-07-07]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2015-07-07]
CHR Extension: (Block site) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-17]
CHR Extension: (Gmail Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-05-14]
CHR Extension: (Tools for Google Maps™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljpanecjjlonmoiofelcmkkpojcalcb [2015-05-14]
CHR Extension: (Google Play Music) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-14]
CHR Extension: (Simple Notepad) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnkdbkeniegahdcjeeikjoaapakeomf [2015-05-14]
CHR Extension: (AdBlock) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-17]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-05-14]
CHR Extension: (LocalLinks) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllpkdkcdjndhggodimiphkghogcpida [2015-05-14]
CHR Extension: (Google Voice (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-05-14]
CHR Extension: (Take A Break) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcgkgmiedhpoalhpmalhjjcnhpkapgl [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-14]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-07-07]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-12]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-09-18]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-10-26]
CHR Extension: (Ad-blocker for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2015-07-21]
CHR Extension: (Block site) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-21]
CHR Extension: (Gmail Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-07-21]
CHR Extension: (Tools for Google Maps™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eljpanecjjlonmoiofelcmkkpojcalcb [2015-10-16]
CHR Extension: (Google Play Music) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Simple Notepad) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghnkdbkeniegahdcjeeikjoaapakeomf [2015-10-24]
CHR Extension: (AdBlock) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-13]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-07-21]
CHR Extension: (LocalLinks) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jllpkdkcdjndhggodimiphkghogcpida [2015-07-21]
CHR Extension: (Google Voice (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-07-21]
CHR Extension: (Take A Break) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfcgkgmiedhpoalhpmalhjjcnhpkapgl [2015-07-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-21]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-10-23]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKU\S-1-5-21-1989627190-358790448-4226124592-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe [1452408 2014-02-13] (Flexera Software LLC)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
S4 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\firebird\firebird_2_1\bin\fbguard.exe [81920 2009-07-22] (Firebird Project) [File not signed]
S4 FirebirdServerDefaultInstance; C:\Program Files (x86)\firebird\firebird_2_1\bin\fbserver.exe [2736128 2009-07-22] (Firebird Project) [File not signed]
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S4 KeyAccess; C:\Windows\keyacc32.exe [1428088 2014-06-20] (Sassafras Software Inc.)
S4 mpich2_smpd; C:\Program Files (x86)\MPICH2\bin\smpd.exe [483328 2011-09-01] (Argonne National Lab) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 2015-10-31] (Cherimoya Ltd)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-14] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-07-21] (Glarysoft Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-03 19:03 - 2015-11-04 07:54 - 00000000 ____D C:\FRST
2015-11-03 16:45 - 2014-02-04 14:25 - 00221184 ____N (Microsoft Corporation) C:\Users\Chad\Desktop\dnsapi.dll
2015-11-03 16:24 - 2015-11-02 13:09 - 22908888 _____ (Malwarebytes ) C:\Users\Chad\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-03 12:48 - 2015-11-03 17:47 - 00001410 _____ C:\Windows\setupact.log
2015-11-03 12:48 - 2015-11-03 12:48 - 00000000 _____ C:\Windows\setuperr.log
2015-11-02 15:16 - 2015-11-02 13:15 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-11-02 13:32 - 2015-11-02 15:17 - 00011035 _____ C:\zoek-results.log
2015-11-02 13:15 - 2015-11-02 15:00 - 00000000 ____D C:\zoek_backup
2015-11-02 13:15 - 2015-11-02 13:14 - 01309184 _____ C:\Users\Chad\Downloads\zoek.exe
2015-11-02 13:15 - 2015-11-02 13:14 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Chad\Downloads\mbam-clean-2.1.1.1001.exe
2015-11-02 13:10 - 2015-11-02 13:09 - 22908888 _____ (Malwarebytes ) C:\Users\Chad\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-02 12:56 - 2015-11-02 12:56 - 00000000 ____D C:\Users\Chad\AppData\Roaming\vlc
2015-11-01 02:01 - 2015-11-01 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-01 02:00 - 2015-11-01 02:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-31 08:25 - 2015-11-01 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-10-31 08:24 - 2015-11-01 21:03 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-10-31 08:24 - 2015-10-31 08:24 - 00004696 _____ C:\Windows\SysWOW64\Rasigusxu.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00003334 _____ C:\Windows\System32\Tasks\Uasee
2015-10-31 08:24 - 2015-10-31 08:24 - 00002416 _____ C:\Windows\SysWOW64\RasigusxuOff.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00002416 _____ C:\Windows\system32\RasigusxuOff.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Windows\system32\titt
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Users\Chad\AppData\Roaming\ortmp
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Users\Chad\AppData\Local\Tempfolder
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\uninst
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.6874
2015-10-31 08:24 - 2015-10-31 06:57 - 00353656 _____ C:\Windows\system32\Rasigusxu64.dll
2015-10-31 08:24 - 2015-10-31 06:57 - 00283512 _____ C:\Windows\SysWOW64\Rasigusxu.dll
2015-10-31 08:23 - 2015-11-04 06:28 - 00000340 ____H C:\Windows\Tasks\NAPGJIMGIVNXHFIB.job
2015-10-31 08:23 - 2015-11-03 17:47 - 00000328 _____ C:\Windows\Tasks\DGPUOYA1.job
2015-10-31 08:23 - 2015-10-31 08:23 - 00000000 ____D C:\ProgramData\Service1291
2015-10-31 08:12 - 2015-11-01 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-30 13:06 - 2015-10-31 08:24 - 00061344 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-10-30 10:36 - 2015-10-30 10:36 - 00000000 ____D C:\Users\Chad\AppData\Local\Foxit Reader
2015-10-29 09:40 - 2015-10-30 06:44 - 00000000 ____D C:\Users\Chad\.ssh
2015-10-28 15:07 - 2015-10-28 15:07 - 00000042 _____ C:\Users\Chad\.bash_profile
2015-10-28 15:04 - 2015-10-30 07:13 - 00000109 _____ C:\Users\Chad\.bashrc
2015-10-28 13:57 - 2015-10-30 10:53 - 00008603 _____ C:\Users\Chad\.viminfo
2015-10-26 13:00 - 2015-10-26 13:01 - 00000000 ____D C:\Users\Chad\Documents\RShiny
2015-10-26 12:31 - 2015-10-26 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-10-26 12:31 - 2015-10-26 12:31 - 00000000 ____D C:\ProgramData\Git
2015-10-26 12:30 - 2015-10-26 12:31 - 00000000 ____D C:\Program Files\Git
2015-10-26 12:30 - 2015-10-26 12:30 - 30507608 _____ (The Git Development Community ) C:\Users\Chad\Downloads\Git-2.6.2-64-bit.exe
2015-10-15 03:05 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 03:05 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 03:05 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 03:05 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 03:05 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 03:05 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 03:05 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 06:39 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 06:39 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 06:39 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 06:39 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 06:39 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 06:39 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 06:39 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 06:39 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 06:39 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 06:39 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 06:39 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 06:39 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 06:39 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 06:39 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 06:39 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 06:39 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 06:39 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 06:39 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 06:39 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 06:39 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 06:39 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 06:39 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 06:39 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 06:39 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 06:39 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 06:39 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 06:39 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 06:39 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 06:39 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 06:39 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 06:39 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 06:39 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 06:39 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 06:39 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 06:39 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 06:39 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 06:39 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 06:39 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 06:39 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 06:39 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 06:39 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 06:39 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 06:39 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 06:39 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 06:39 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 06:39 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 06:39 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 06:39 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 06:39 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 06:39 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 06:39 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 06:39 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 06:39 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 06:39 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 06:39 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 06:39 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 06:39 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 06:39 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 06:39 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 06:39 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 06:39 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 06:39 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 06:39 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 06:39 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 06:39 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 06:39 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 06:39 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 06:39 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 06:39 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 06:39 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 06:39 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 06:39 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 06:39 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 06:39 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 06:39 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 06:39 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 06:39 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 06:39 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 06:39 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 06:39 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 06:39 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 06:39 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 06:39 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 06:39 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 06:39 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 06:39 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 06:39 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 06:39 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 06:39 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 06:39 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 06:39 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 06:39 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 06:39 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 06:39 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 06:39 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 06:39 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 06:39 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 06:39 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 06:39 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 06:39 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 06:39 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 06:39 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 06:39 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 06:39 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 06:39 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 06:39 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 06:39 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 06:39 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 06:39 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 06:39 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 06:39 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 06:39 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 06:39 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 06:39 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 06:39 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 06:39 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 06:39 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 06:39 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 06:39 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 06:39 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-12 14:58 - 2015-10-25 13:27 - 00000000 ____D C:\Users\Chad\Documents\0 - Research Images
2015-10-12 08:48 - 2015-10-12 08:48 - 00172389 _____ C:\Users\Chad\Downloads\spcs83.exe
2015-10-12 08:48 - 2015-10-12 08:48 - 00000570 _____ C:\Users\Chad\Downloads\test1.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-04 07:04 - 2015-05-14 09:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 04:40 - 2015-04-13 11:35 - 01792529 _____ C:\Windows\WindowsUpdate.log
2015-11-03 17:58 - 2009-07-13 23:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-03 17:58 - 2009-07-13 23:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-03 17:54 - 2015-07-17 09:50 - 00000544 _____ C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job
2015-11-03 17:54 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-03 17:47 - 2015-05-14 09:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-03 17:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-03 12:48 - 2015-10-03 16:14 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-11-02 15:42 - 2015-09-29 09:59 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeChat
2015-11-02 15:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-02 07:36 - 2015-04-13 08:59 - 00001415 _____ C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-30 11:00 - 2015-07-21 14:52 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-10-30 10:53 - 2015-04-13 08:58 - 00000000 ____D C:\Users\Chad
2015-10-30 08:01 - 2015-05-14 13:57 - 00000000 ____D C:\Users\Public\Documents\Lakes
2015-10-29 17:05 - 2015-06-04 09:18 - 00000000 ___RD C:\Users\Chad\Google Drive
2015-10-29 15:06 - 2015-07-21 13:20 - 00000000 ____D C:\Users\Chad\AppData\Local\Eclipse
2015-10-29 15:06 - 2015-07-21 13:18 - 00000000 ____D C:\Users\Chad\.p2
2015-10-29 15:06 - 2015-07-21 13:17 - 00000000 ____D C:\Program Files\eclipse
2015-10-29 10:41 - 2015-06-04 07:45 - 00007617 _____ C:\Users\Chad\AppData\Local\Resmon.ResmonCfg
2015-10-24 09:07 - 2015-08-06 08:58 - 00000000 ____D C:\Users\Chad\Documents\Outlook Files
2015-10-24 08:37 - 2015-06-03 12:58 - 00000000 ____D C:\Users\Chad\AppData\Roaming\EndNote
2015-10-23 16:18 - 2015-10-03 16:18 - 00003818 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-10-21 13:47 - 2015-05-14 13:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-10-21 13:45 - 2015-07-21 13:18 - 00000000 ____D C:\Users\Chad\.eclipse
2015-10-21 02:03 - 2015-08-04 12:18 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-17 01:04 - 2015-06-04 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-16 02:00 - 2015-05-28 06:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-16 02:00 - 2015-05-28 06:55 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 03:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-10-15 02:34 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Chad\AppData\Local\Spotify
2015-10-15 02:18 - 2015-05-14 08:39 - 00000000 ____D C:\Windows\system32\MRT
2015-10-15 02:12 - 2015-05-14 08:39 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-15 02:11 - 2015-05-14 09:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-15 02:10 - 2015-05-14 09:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 02:09 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2015-10-14 23:33 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Spotify
2015-10-13 09:03 - 2015-07-21 13:34 - 00000426 _____ C:\Windows\BRWMARK.INI
2015-10-13 07:22 - 2015-05-14 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2015-10-13 07:22 - 2015-05-14 10:13 - 00000000 ____D C:\Program Files\R
2015-10-12 07:32 - 2015-09-18 12:30 - 00000000 ____D C:\Users\Chad\Documents\0 - MI shapefiles
2015-10-12 07:31 - 2015-09-18 13:24 - 00000000 ____D C:\Users\Chad\Documents\0 - ARC_GIS_projects
2015-10-08 11:11 - 2015-09-08 14:11 - 00000000 ____D C:\Users\Chad\AppData\Roaming\UpdaterService
2015-10-06 12:02 - 2015-09-29 10:37 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Skype
2015-10-06 07:35 - 2015-10-03 16:14 - 00003490 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-10-06 07:34 - 2015-10-03 16:13 - 00000000 ____D C:\ProgramData\PCDr
 
==================== Files in the root of some directories =======
 
2015-06-04 07:45 - 2015-10-29 10:41 - 0007617 _____ () C:\Users\Chad\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-01 22:42
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Chad (2015-11-04 07:54:25)
Running from E:\
Windows 7 Enterprise Service Pack 1 (X64) (2015-04-13 13:58:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1989627190-358790448-4226124592-500 - Administrator - Disabled)
Chad (S-1-5-21-1989627190-358790448-4226124592-1000 - Administrator - Enabled) => C:\Users\Chad
Guest (S-1-5-21-1989627190-358790448-4226124592-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 License Manager (HKLM-x32\...\ArcGIS 10.2.2 License Manager) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 License Manager (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
calibre (HKLM-x32\...\{3D05DB7D-42E5-4C28-9390-7C8547B6F1BB}) (Version: 2.37.1 - Kovid Goyal)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Daniel's XL Toolbox 6.60 (HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1) (Version:  - Daniel Kraus)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell System Detect (HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\73f463568823ebbe) (Version: 6.2.0.5 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
EPA PMF 5.0 (HKLM-x32\...\{6984883C-062C-4BA6-B212-2DDC58EFF5C8}) (Version: 5.0 - Sonoma Technology, Inc.)
EPISUITE41 (HKLM-x32\...\{54A26C55-91F5-418B-AD32-16B6D77EF9E0}) (Version: 4.1.25 - SRC)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.5.1 - Epubor Inc.)
Excel Utilities 2.2 (HKLM-x32\...\Excel Utilities 2.2) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
FSS Google Books Downloader version 1.5.0.2 (HKLM-x32\...\FSS Google Books Downloader_is1) (Version: 1.5.0.2 - FreeSmartSoft)
Git version 2.6.2 (HKLM\...\Git_is1) (Version: 2.6.2 - The Git Development Community)
Glary Utilities 5.35 (HKLM-x32\...\Glary Utilities 5) (Version: 5.35.0.55 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
JetBrains PyCharm Community Edition 4.0.6 (HKLM-x32\...\PyCharm Community Edition 4.0.6) (Version: 139.1659 - JetBrains s.r.o.)
Lakes Environmental AERMOD View V.8.1.0 (HKLM-x32\...\{C6B7D0CB-3B81-4A60-9329-129242C72768}) (Version: 8.1.0 - Lakes Environmental Software)
Lakes Environmental WRPLOT View - Freeware V.7.0 (HKLM-x32\...\{93108128-6AF8-4B8F-A4F0-ED1C486AC70F}) (Version: 7.0.0 - Lakes Environmental Software)
MATLAB R2014b (HKLM\...\Matlab R2014b) (Version: 8.4 - The MathWorks, Inc.)
Message+ (HKLM-x32\...\{e81287bb-3cf1-409f-abb0-f046c5df16cc}) (Version: 1.0.16.0 - Verizon)
Message+ (x32 Version: 1.0.16.0 - Verizon) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MPICH2 (HKLM-x32\...\{F8EA2D94-BFA9-4D35-9CED-75E5D20D9618}) (Version: 1.4.1 - Argonne National Lab)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Python 2.7 pywin32-219 (HKLM\...\pywin32-py2.7) (Version:  - )
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
R for Windows 3.2.0 (HKLM\...\R for Windows 3.2.0_is1) (Version: 3.2.0 - R Core Team)
R for Windows 3.2.2 (HKLM\...\R for Windows 3.2.2_is1) (Version: 3.2.2 - R Core Team)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1103 - RStudio)
Rtools 3.3 (HKLM-x32\...\Rtools_is1) (Version:  - The R Foundation)
Sassafras K2 Client (HKLM-x32\...\{E23D1D2C-1762-11D5-A8D2-00C04FA35723}) (Version: 7.2 - Sassafras Software Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SigmaPlot 12.0 (HKLM-x32\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.0 - Systat Software, Inc.)
Silverfrost FTN95 (HKLM-x32\...\{8617DAC6-A4C0-40A2-8D82-D66D0013DC6A}) (Version: 7.10 - Silverfrost)
Skype™ 7.11 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.11.102 - Skype Technologies S.A.)
SpaceSoundPro Service (HKLM-x32\...\zz.6874.ssp) (Version: 1.0.0 - CSDI)
SPLView 1.0.2.3 (HKLM-x32\...\SPLView_is1) (Version: 1.0.2.3 - LVBPrint)
Spotify (HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WeChat (HKLM-x32\...\WeChat) (Version: 1.5.0.22 - 腾讯科技(深圳)有限公司)
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
28-10-2015 10:56:03 Scheduled Checkpoint
31-10-2015 10:36:16 Windows Update
01-11-2015 02:00:10 Windows Update
01-11-2015 21:53:55 Removed OnePCOptimizer.
02-11-2015 13:32:38 zoek.exe restore point
03-11-2015 18:08:25 Installed Microsoft Visual C++ 2005 Redistributable
04-11-2015 02:47:12 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-11-02 13:05 - 00000021 _RASH C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06564E77-4E55-4FE1-BF0F-75419C5A2DCB} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-09-28] (Glarysoft Ltd)
Task: {324766FB-04B0-4774-A45C-E85CF1E1DD6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {47C6850E-F547-4149-A76A-34647A4F3E9E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {495A6FCF-2980-483B-ABFE-18DF15E636D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
Task: {4B167397-AB24-4675-AAD1-6BE17DA90AEB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {5899E3EA-5154-4280-91EB-C229FD8ED744} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {6518084E-0697-4760-A380-B2D76D2DD493} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {77D5E25B-4F37-494A-8252-3FDCE08429EE} - System32\Tasks\FSSUpdaterService => C:\Users\Chad\AppData\Roaming\UpdaterService\FSSUpdaterService.exe [2015-08-25] () <==== ATTENTION
Task: {8080D1D1-5D74-4EEC-84CF-7CA525998AA2} - \NAPGJIMGIVNXHFIB -> No File <==== ATTENTION
Task: {8CF0250E-54FA-46C1-A0A4-A0F04DF03EC1} - System32\Tasks\Uasee => C:\PROGRA~1\SHOPPE~1\Ekerl.bat
Task: {920D8F7B-3186-4CD6-9885-758ACFD08715} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
Task: {932DD886-68E4-4524-B141-81B390EBB7F9} - \DGPUOYA1 -> No File <==== ATTENTION
Task: {BC84DEC2-8FA7-4AED-97A3-D7C3A8544930} - System32\Tasks\{1B811B57-533B-46B0-954A-F28524BD939F} => pcalua.exe -a "E:\xps drivers\CONEXANT_D400-USB-MODEM_RY5VP_A02_SETUP_ZPE.exe" -d "E:\xps drivers"
Task: {C6AD10A0-3114-46B5-80DF-2EEB58FA2DA4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D09AAEA6-8EC0-45BF-A851-E1D71FCE347A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {D789B57F-B5D0-4168-85C6-938F12087693} - System32\Tasks\MATLAB R2014b Startup Accelerator => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe [2014-07-26] ()
Task: {F80A662F-9D4F-43AC-B755-BBF0B5203A39} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-09-28] (Glarysoft Ltd)
Task: {FDA82F2D-FE46-420D-9D41-703DF9522804} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DGPUOYA1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\NAPGJIMGIVNXHFIB.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-09-28 00:44 - 2015-09-28 00:44 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\dell.com -> dell.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 141.211.125.17 - 141.211.144.17
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: ArcGIS License Manager => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: FirebirdGuardianDefaultInstance => 2
MSCONFIG\Services: FirebirdServerDefaultInstance => 3
MSCONFIG\Services: FlexNet Licensing Service => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: KeyAccess => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: mpich2_smpd => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: AutoStartVMA => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: KeyAccess => kass.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Chad\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{38A37ACA-D700-4A37-A732-DA2ADA44552E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{89722926-005A-4D83-BA12-88BAF3C9EB70}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B12CBBFF-87FF-48E6-A933-97114C5E7071}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{13B5FB73-7BBC-437F-BCA2-87FAB6BF1FF8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C457830-18C3-4DB5-809C-1522BC53FFF5}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [TCP Query User{35429167-39AE-4534-A14E-7D048F2A08C7}C:\program files (x86)\jetbrains\pycharm community edition 4.0.6\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 4.0.6\bin\pycharm.exe
FirewallRules: [UDP Query User{C0265FBA-88A3-4BB9-93A7-8BA6B3CC285F}C:\program files (x86)\jetbrains\pycharm community edition 4.0.6\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 4.0.6\bin\pycharm.exe
FirewallRules: [{471F8A18-F0A3-4DA0-B85D-F8583F209B55}] => (Allow) C:\Windows\keyacc32.exe
FirewallRules: [TCP Query User{B0C2B17C-43BD-4B82-A2AB-85B054DBCE4C}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{AA3C10F3-763E-4EBB-AA7F-2B032EBCB2EA}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [{C1991FEB-0DF2-477B-BF23-740E90D5F33D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{543B1294-7BDE-4837-9F2D-9B2CFC653174}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5500E80C-D0D5-4C9F-A22B-4FC89C037FA3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F896F0D7-E6B6-4F2F-A8B9-0765AA61F2D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B384D4BE-D92F-48ED-961D-1CD7F8631CDE}C:\users\chad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chad\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BAE1C629-5551-4C12-B96C-FBAC963D9284}C:\users\chad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chad\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1EFDB28F-D8AB-4A95-8AB0-1AF41AE7EA20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4820928D-A8D0-4B7D-8DE7-C2FDBE8414E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C875C925-E799-4558-8D79-6A911A57ED57}C:\program files (x86)\mpich2\bin\mpiexec.exe] => (Allow) C:\program files (x86)\mpich2\bin\mpiexec.exe
FirewallRules: [UDP Query User{C00722BB-1A74-40C5-A5BB-4BCAF8714C2F}C:\program files (x86)\mpich2\bin\mpiexec.exe] => (Allow) C:\program files (x86)\mpich2\bin\mpiexec.exe
FirewallRules: [TCP Query User{C5885B08-93C7-4DDA-AF68-429DC83A9C98}C:\program files (x86)\mpich2\bin\smpd.exe] => (Allow) C:\program files (x86)\mpich2\bin\smpd.exe
FirewallRules: [UDP Query User{E141BFEF-DD1F-437F-BD43-784A4CC9E95D}C:\program files (x86)\mpich2\bin\smpd.exe] => (Allow) C:\program files (x86)\mpich2\bin\smpd.exe
FirewallRules: [TCP Query User{47B3F127-57D6-4B19-9DA0-2EEA6978637C}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12060.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12060.exe
FirewallRules: [UDP Query User{DBC49728-F7C4-468B-86DD-557ACCB48FD1}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12060.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12060.exe
FirewallRules: [TCP Query User{D523B98F-46AF-4027-A77F-32FCF53C1A53}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12345.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12345.exe
FirewallRules: [UDP Query User{BABA4A4C-CD0A-4CD5-AD5C-D5D21CC18A36}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12345.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12345.exe
FirewallRules: [TCP Query User{D5403B7D-D91F-4955-94D7-CDDC7A871D2F}C:\program files (x86)\tencent\wechat\wechat.exe] => (Block) C:\program files (x86)\tencent\wechat\wechat.exe
FirewallRules: [UDP Query User{B9DF60C3-D20C-4364-9108-A5898333F399}C:\program files (x86)\tencent\wechat\wechat.exe] => (Block) C:\program files (x86)\tencent\wechat\wechat.exe
FirewallRules: [{EFEC2A6E-E3F0-459F-B066-315B8461C0CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{16B1AA15-FD21-409C-8D08-E18E21193049}C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe] => (Allow) C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe
FirewallRules: [UDP Query User{8804E440-22EA-41CB-93C9-DDF4FA5A16BD}C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe] => (Allow) C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe
FirewallRules: [{A4FFCF89-500E-41BE-B25E-834B22DE0FD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8CD29E5D-1E04-406B-B850-4C6A13F564BA}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes.exe
FirewallRules: [UDP Query User{17F81418-C15F-48A0-9B48-F79F063A5095}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: swsedrvr_vt_1_10_0_25
Description: swsedrvr_vt_1_10_0_25
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: swsedrvr_vt_1_10_0_25
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/03/2015 05:48:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2015 05:18:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2015 05:11:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2015 04:29:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2015 04:21:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2015 03:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/02/2015 03:23:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/02/2015 03:19:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/02/2015 01:07:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/02/2015 10:07:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/03/2015 11:34:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1205.
 
Error: (11/03/2015 11:34:38 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (11/03/2015 11:34:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1205.
 
Error: (11/03/2015 11:34:34 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (11/03/2015 11:34:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1205.
 
Error: (11/03/2015 11:34:33 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (11/03/2015 11:34:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1205.
 
Error: (11/03/2015 11:34:32 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (11/03/2015 11:34:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1205.
 
Error: (11/03/2015 11:34:31 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-29 13:40:47.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-29 13:14:45.281
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 20:43:33.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 20:13:59.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 20:07:53.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 19:51:54.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-27 13:23:11.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-27 13:06:09.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 14:38:32.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 14:16:44.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8174.41 MB
Available physical RAM: 5775.13 MB
Total Virtual: 16347.03 MB
Available Virtual: 14539.21 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:771.75 GB) (Free:546.45 GB) NTFS
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:15.23 GB) (Free:14.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D6AB8AC0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=771.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=146.5 GB) - (Type=05)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 08 November 2015 - 06:17 PM

Hi,

I will be helping you out with this issue. I just need some time to look through your logs and I will post some instructions for you to follow tomorrow :)

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 EtuBruce8

EtuBruce8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 09 November 2015 - 08:27 AM

Great thanks!



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 09 November 2015 - 01:32 PM

Hi EtuBruce8,
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Glary Utilities 5.35
SpaceSoundPro Service

Additional instructions can be found here if needed.
 
--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 EtuBruce8

EtuBruce8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 09 November 2015 - 03:28 PM

Hi xXToffeeXx
 
1) I was able to uninstall Glary Utilities 5.3.5
2) I was not able to uninstall SpaceSoundPro. When I clicked "Uninstall", a popup appeared (attached)

3) Below are the contents of the logfile after I ran AdwCleaner. I don't need to save any of these programs.

 

I did not perform any other action following the "SCAN" on AdwCleaner.

 

Thanks!

 

# AdwCleaner v5.019 - Logfile created 09/11/2015 at 15:18:48

# Updated 08/11/2015 by Xplode
# Database : 2015-11-08.2 [Local]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Chad - CHAD-PC
# Running from : C:\Users\Chad\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : cherimoya
Service Found : swsedrvr_vt_1_10_0_25
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\SpaceSondPro
Folder Found : C:\Program Files (x86)\SpaceSondPro_v53.6874
Folder Found : C:\ProgramData\Service1291
Folder Found : C:\Users\Chad\AppData\Roaming\updaterservice
Folder Found : C:\Users\Chad\AppData\Roaming\tencent
Folder Found : C:\Users\Chad\AppData\Roaming\ortmp
 
***** [ Files ] *****
 
File Found : C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\1wbryqx2.default\user.js
File Found : C:\Windows\SysNative\drivers\cherimoya.sys
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : FSSUpdaterService
Task Found : SmartWeb Upgrade Trigger Task
 
***** [ Registry ] *****
 
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_005010131]
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zz.6874.ssp
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKCU\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
Key Found : HKCU\Software\AppDataLow\Software\SmartWeb
Key Found : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\FlashBeat
Key Found : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\SpaceSondPro
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
Key Found : [x64] HKLM\SOFTWARE\FlashBeat
Key Found : HKU\.DEFAULT\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
Key Found : HKU\S-1-5-19\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
Key Found : HKU\S-1-5-20\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
Key Found : HKU\S-1-5-21-1989627190-358790448-4226124592-1000_Classes\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\FlashBeat\FlashBeat32.dll KATRACK.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\FlashBeat\FlashBeat64.dll KATRK64.DLL
 
***** [ Web browsers ] *****
 
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3361 bytes] ##########

Attached Files


Edited by EtuBruce8, 09 November 2015 - 03:29 PM.


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 11 November 2015 - 01:41 PM

Hi EtuBruce8,
 
Thank you for letting me know, we can just clean everything there :)
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


Edited by xXToffeeXx, 11 November 2015 - 01:41 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 EtuBruce8

EtuBruce8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 11 November 2015 - 02:45 PM

Hi xxToffeeXx,

 

Here are the 3 outputs! First is Adw log, then FRST scan, then Additions

 

I am also now getting a message when I boot up windows saying my version of windows in not genuine.

 

Thanks!

 

 

 

 

# AdwCleaner v5.019 - Logfile created 11/11/2015 at 14:34:08
# Updated 08/11/2015 by Xplode
# Database : 2015-11-08.2 [Local]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Chad - CHAD-PC
# Running from : C:\Users\Chad\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : cherimoya
[-] Service Deleted : swsedrvr_vt_1_10_0_25
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v53.6874
[-] Folder Deleted : C:\ProgramData\Service1291
[-] Folder Deleted : C:\Users\Chad\AppData\Roaming\updaterservice
[-] Folder Deleted : C:\Users\Chad\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Chad\AppData\Roaming\ortmp
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\1wbryqx2.default\user.js
[-] File Deleted : C:\Windows\SysNative\drivers\cherimoya.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : FSSUpdaterService
[-] Task Deleted : SmartWeb Upgrade Trigger Task
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_005010131]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zz.6874.ssp
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : HKU\.DEFAULT\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
[-] Key Deleted : HKU\S-1-5-19\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
[-] Key Deleted : HKU\S-1-5-20\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
[-] Key Deleted : HKU\S-1-5-21-1989627190-358790448-4226124592-1000_Classes\Software\{5524B61C-A217-4287-9F56-9A96ABB485C1}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3585 bytes] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Chad (administrator) on CHAD-PC (11-11-2015 14:37:30)
Running from E:\
Loaded Profiles: Chad (Available Profiles: Chad)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\MountPoints2: {8934c352-4d92-11e5-80f9-d4bed98f509b} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\MountPoints2: {e9636d32-fa45-11e4-8fc9-d4bed98f509b} - K:\SETUP.EXE
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\MountPoints2: {e9636d84-fa45-11e4-8fc9-d4bed98f509b} - L:\AutoRun.exe "1, EndNote X6, Thomson Reuters"
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\MountPoints2: {e9636ea2-fa45-11e4-8fc9-d4bed98f509b} - M:\ESRI.exe
AppInit_DLLs: KATRK64.DLL => C:\Windows\KATRK64.DLL [24696 2014-06-20] (Sassafras Software Inc.)
AppInit_DLLs-x32: KATRACK.DLL => C:\Windows\KATRACK.DLL [19064 2014-06-20] (Sassafras Software Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 141.211.125.17 141.211.144.17
Tcpip\..\Interfaces\{D3F42230-7E69-4C89-AD20-CB65B13A368B}: [DhcpNameServer] 141.211.125.17 141.211.144.17
Tcpip\..\Interfaces\{E3601081-C1A3-4520-B2CC-EFF60C9B1079}: [DhcpNameServer] 141.211.125.17 141.211.144.17
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1989627190-358790448-4226124592-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\1wbryqx2.default
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Extension: Greasemonkey - C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\1wbryqx2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-09-08]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxps://mail.google.com/mail/?hl=en&shva=1#inbox
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-14]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-14]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-14]
CHR Extension: (Google Cast) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-07-09]
CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-05-28]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-07-17]
CHR Extension: (Ad-blocker for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2015-07-07]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2015-07-07]
CHR Extension: (Block site) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-17]
CHR Extension: (Gmail Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-05-14]
CHR Extension: (Tools for Google Maps™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljpanecjjlonmoiofelcmkkpojcalcb [2015-05-14]
CHR Extension: (Google Play Music) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-14]
CHR Extension: (Simple Notepad) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnkdbkeniegahdcjeeikjoaapakeomf [2015-05-14]
CHR Extension: (AdBlock) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-17]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-05-14]
CHR Extension: (LocalLinks) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllpkdkcdjndhggodimiphkghogcpida [2015-05-14]
CHR Extension: (Google Voice (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-05-14]
CHR Extension: (Take A Break) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcgkgmiedhpoalhpmalhjjcnhpkapgl [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-14]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-07-07]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-12]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-09-18]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-10-26]
CHR Extension: (Ad-blocker for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2015-07-21]
CHR Extension: (Block site) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-21]
CHR Extension: (Gmail Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-07-21]
CHR Extension: (Tools for Google Maps™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eljpanecjjlonmoiofelcmkkpojcalcb [2015-10-16]
CHR Extension: (Google Play Music) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Simple Notepad) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghnkdbkeniegahdcjeeikjoaapakeomf [2015-10-24]
CHR Extension: (AdBlock) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-13]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-07-21]
CHR Extension: (LocalLinks) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jllpkdkcdjndhggodimiphkghogcpida [2015-07-21]
CHR Extension: (Google Voice (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-07-21]
CHR Extension: (Take A Break) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfcgkgmiedhpoalhpmalhjjcnhpkapgl [2015-07-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-21]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-10-23]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKU\S-1-5-21-1989627190-358790448-4226124592-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe [1452408 2014-02-13] (Flexera Software LLC)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
S4 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\firebird\firebird_2_1\bin\fbguard.exe [81920 2009-07-22] (Firebird Project) [File not signed]
S4 FirebirdServerDefaultInstance; C:\Program Files (x86)\firebird\firebird_2_1\bin\fbserver.exe [2736128 2009-07-22] (Firebird Project) [File not signed]
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S4 KeyAccess; C:\Windows\keyacc32.exe [1428088 2014-06-20] (Sassafras Software Inc.)
S4 mpich2_smpd; C:\Program Files (x86)\MPICH2\bin\smpd.exe [483328 2011-09-01] (Argonne National Lab) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-14] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-10 14:50 - 2015-11-10 14:50 - 00001044 _____ C:\Windows\PFRO.log
2015-11-09 15:18 - 2015-11-11 14:34 - 00000000 ____D C:\AdwCleaner
2015-11-09 15:18 - 2015-11-09 15:17 - 01712128 _____ C:\Users\Chad\Desktop\AdwCleaner.exe
2015-11-03 19:03 - 2015-11-11 14:37 - 00000000 ____D C:\FRST
2015-11-03 16:45 - 2014-02-04 14:25 - 00221184 ____N (Microsoft Corporation) C:\Users\Chad\Desktop\dnsapi.dll
2015-11-03 16:24 - 2015-11-02 13:09 - 22908888 _____ (Malwarebytes ) C:\Users\Chad\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-03 12:48 - 2015-11-11 14:35 - 00001634 _____ C:\Windows\setupact.log
2015-11-03 12:48 - 2015-11-03 12:48 - 00000000 _____ C:\Windows\setuperr.log
2015-11-02 15:16 - 2015-11-02 13:15 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-11-02 13:32 - 2015-11-02 15:17 - 00011035 _____ C:\zoek-results.log
2015-11-02 13:15 - 2015-11-02 15:00 - 00000000 ____D C:\zoek_backup
2015-11-02 13:15 - 2015-11-02 13:14 - 01309184 _____ C:\Users\Chad\Downloads\zoek.exe
2015-11-02 13:15 - 2015-11-02 13:14 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Chad\Downloads\mbam-clean-2.1.1.1001.exe
2015-11-02 13:10 - 2015-11-02 13:09 - 22908888 _____ (Malwarebytes ) C:\Users\Chad\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-02 12:56 - 2015-11-02 12:56 - 00000000 ____D C:\Users\Chad\AppData\Roaming\vlc
2015-11-01 02:01 - 2015-11-01 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-01 02:00 - 2015-11-01 02:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-31 08:25 - 2015-11-01 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-10-31 08:24 - 2015-10-31 08:24 - 00004696 _____ C:\Windows\SysWOW64\Rasigusxu.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00003334 _____ C:\Windows\System32\Tasks\Uasee
2015-10-31 08:24 - 2015-10-31 08:24 - 00002416 _____ C:\Windows\SysWOW64\RasigusxuOff.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00002416 _____ C:\Windows\system32\RasigusxuOff.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Windows\system32\titt
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Users\Chad\AppData\Local\Tempfolder
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\uninst
2015-10-31 08:24 - 2015-10-31 06:57 - 00353656 _____ C:\Windows\system32\Rasigusxu64.dll
2015-10-31 08:24 - 2015-10-31 06:57 - 00283512 _____ C:\Windows\SysWOW64\Rasigusxu.dll
2015-10-31 08:23 - 2015-11-11 14:35 - 00000340 ____H C:\Windows\Tasks\NAPGJIMGIVNXHFIB.job
2015-10-31 08:23 - 2015-11-11 14:35 - 00000328 _____ C:\Windows\Tasks\DGPUOYA1.job
2015-10-31 08:12 - 2015-11-01 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-30 10:36 - 2015-10-30 10:36 - 00000000 ____D C:\Users\Chad\AppData\Local\Foxit Reader
2015-10-29 09:40 - 2015-10-30 06:44 - 00000000 ____D C:\Users\Chad\.ssh
2015-10-28 15:07 - 2015-10-28 15:07 - 00000042 _____ C:\Users\Chad\.bash_profile
2015-10-28 15:04 - 2015-10-30 07:13 - 00000109 _____ C:\Users\Chad\.bashrc
2015-10-28 13:57 - 2015-10-30 10:53 - 00008603 _____ C:\Users\Chad\.viminfo
2015-10-26 13:00 - 2015-10-26 13:01 - 00000000 ____D C:\Users\Chad\Documents\RShiny
2015-10-26 12:31 - 2015-10-26 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-10-26 12:31 - 2015-10-26 12:31 - 00000000 ____D C:\ProgramData\Git
2015-10-26 12:30 - 2015-10-26 12:31 - 00000000 ____D C:\Program Files\Git
2015-10-26 12:30 - 2015-10-26 12:30 - 30507608 _____ (The Git Development Community ) C:\Users\Chad\Downloads\Git-2.6.2-64-bit.exe
2015-10-15 03:05 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 03:05 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 03:05 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 03:05 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 03:05 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 03:05 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 03:05 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 06:39 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 06:39 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 06:39 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 06:39 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 06:39 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 06:39 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 06:39 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 06:39 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 06:39 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 06:39 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 06:39 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 06:39 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 06:39 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 06:39 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 06:39 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 06:39 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 06:39 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 06:39 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 06:39 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 06:39 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 06:39 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 06:39 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 06:39 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 06:39 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 06:39 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 06:39 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 06:39 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 06:39 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 06:39 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 06:39 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 06:39 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 06:39 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 06:39 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 06:39 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 06:39 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 06:39 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 06:39 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 06:39 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 06:39 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 06:39 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 06:39 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 06:39 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 06:39 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 06:39 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 06:39 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 06:39 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 06:39 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 06:39 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 06:39 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 06:39 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 06:39 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 06:39 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 06:39 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 06:39 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 06:39 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 06:39 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 06:39 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 06:39 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 06:39 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 06:39 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 06:39 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 06:39 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 06:39 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 06:39 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 06:39 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 06:39 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 06:39 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 06:39 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 06:39 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 06:39 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 06:39 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 06:39 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 06:39 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 06:39 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 06:39 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 06:39 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 06:39 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 06:39 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 06:39 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 06:39 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 06:39 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 06:39 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 06:39 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 06:39 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 06:39 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 06:39 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 06:39 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 06:39 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 06:39 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 06:39 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 06:39 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 06:39 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 06:39 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 06:39 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 06:39 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 06:39 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 06:39 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 06:39 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 06:39 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 06:39 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 06:39 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 06:39 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 06:39 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 06:39 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 06:39 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 06:39 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 06:39 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 06:39 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 06:39 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 06:39 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 06:39 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 06:39 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 06:39 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 06:39 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 06:39 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 06:39 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 06:39 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 06:39 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 06:39 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 06:39 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 06:39 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 06:39 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 06:39 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 06:39 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 06:39 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 06:39 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 06:39 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-12 14:58 - 2015-10-25 13:27 - 00000000 ____D C:\Users\Chad\Documents\0 - Research Images
2015-10-12 08:48 - 2015-10-12 08:48 - 00172389 _____ C:\Users\Chad\Downloads\spcs83.exe
2015-10-12 08:48 - 2015-10-12 08:48 - 00000570 _____ C:\Users\Chad\Downloads\test1.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-11 14:36 - 2015-04-13 11:35 - 01994731 _____ C:\Windows\WindowsUpdate.log
2015-11-11 14:35 - 2015-07-17 09:50 - 00000544 _____ C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job
2015-11-11 14:35 - 2015-05-14 09:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-11 14:35 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-11 14:34 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-11 14:34 - 2009-07-13 23:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-11 14:34 - 2009-07-13 23:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-10 14:05 - 2015-05-14 09:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-10 12:48 - 2015-10-03 16:14 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-11-09 15:14 - 2015-09-09 06:31 - 00000000 ____D C:\ProgramData\GlarySoft
2015-11-09 15:14 - 2015-07-21 14:52 - 00000000 ____D C:\Users\Chad\AppData\Roaming\GlarySoft
2015-11-04 08:33 - 2015-06-02 12:02 - 00000000 ____D C:\Users\Chad\Documents\Lakes
2015-11-04 08:33 - 2015-05-14 13:57 - 00000000 ____D C:\Users\Public\Documents\Lakes
2015-11-02 15:42 - 2015-09-29 09:59 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeChat
2015-11-02 15:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-02 07:36 - 2015-04-13 08:59 - 00001415 _____ C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-30 10:53 - 2015-04-13 08:58 - 00000000 ____D C:\Users\Chad
2015-10-29 17:05 - 2015-06-04 09:18 - 00000000 ___RD C:\Users\Chad\Google Drive
2015-10-29 15:06 - 2015-07-21 13:20 - 00000000 ____D C:\Users\Chad\AppData\Local\Eclipse
2015-10-29 15:06 - 2015-07-21 13:18 - 00000000 ____D C:\Users\Chad\.p2
2015-10-29 15:06 - 2015-07-21 13:17 - 00000000 ____D C:\Program Files\eclipse
2015-10-29 10:41 - 2015-06-04 07:45 - 00007617 _____ C:\Users\Chad\AppData\Local\Resmon.ResmonCfg
2015-10-24 09:07 - 2015-08-06 08:58 - 00000000 ____D C:\Users\Chad\Documents\Outlook Files
2015-10-24 08:37 - 2015-06-03 12:58 - 00000000 ____D C:\Users\Chad\AppData\Roaming\EndNote
2015-10-23 16:18 - 2015-10-03 16:18 - 00003818 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-10-21 13:47 - 2015-05-14 13:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-10-21 13:45 - 2015-07-21 13:18 - 00000000 ____D C:\Users\Chad\.eclipse
2015-10-21 02:03 - 2015-08-04 12:18 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-17 01:04 - 2015-06-04 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-16 02:00 - 2015-05-28 06:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-16 02:00 - 2015-05-28 06:55 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 03:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-10-15 02:34 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Chad\AppData\Local\Spotify
2015-10-15 02:18 - 2015-05-14 08:39 - 00000000 ____D C:\Windows\system32\MRT
2015-10-15 02:12 - 2015-05-14 08:39 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-15 02:11 - 2015-05-14 09:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-15 02:10 - 2015-05-14 09:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 02:09 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2015-10-14 23:33 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Spotify
2015-10-13 09:03 - 2015-07-21 13:34 - 00000426 _____ C:\Windows\BRWMARK.INI
2015-10-13 07:22 - 2015-05-14 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2015-10-13 07:22 - 2015-05-14 10:13 - 00000000 ____D C:\Program Files\R
2015-10-12 07:32 - 2015-09-18 12:30 - 00000000 ____D C:\Users\Chad\Documents\0 - MI shapefiles
2015-10-12 07:31 - 2015-09-18 13:24 - 00000000 ____D C:\Users\Chad\Documents\0 - ARC_GIS_projects
 
==================== Files in the root of some directories =======
 
2015-06-04 07:45 - 2015-10-29 10:41 - 0007617 _____ () C:\Users\Chad\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Chad\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-10 00:26
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Chad (2015-11-11 14:38:49)
Running from E:\
Windows 7 Enterprise Service Pack 1 (X64) (2015-04-13 13:58:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1989627190-358790448-4226124592-500 - Administrator - Disabled)
Chad (S-1-5-21-1989627190-358790448-4226124592-1000 - Administrator - Enabled) => C:\Users\Chad
Guest (S-1-5-21-1989627190-358790448-4226124592-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 License Manager (HKLM-x32\...\ArcGIS 10.2.2 License Manager) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 License Manager (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
calibre (HKLM-x32\...\{3D05DB7D-42E5-4C28-9390-7C8547B6F1BB}) (Version: 2.37.1 - Kovid Goyal)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Daniel's XL Toolbox 6.60 (HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1) (Version:  - Daniel Kraus)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell System Detect (HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\73f463568823ebbe) (Version: 6.2.0.5 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
EPA PMF 5.0 (HKLM-x32\...\{6984883C-062C-4BA6-B212-2DDC58EFF5C8}) (Version: 5.0 - Sonoma Technology, Inc.)
EPISUITE41 (HKLM-x32\...\{54A26C55-91F5-418B-AD32-16B6D77EF9E0}) (Version: 4.1.25 - SRC)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.5.1 - Epubor Inc.)
Excel Utilities 2.2 (HKLM-x32\...\Excel Utilities 2.2) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
FSS Google Books Downloader version 1.5.0.2 (HKLM-x32\...\FSS Google Books Downloader_is1) (Version: 1.5.0.2 - FreeSmartSoft)
Git version 2.6.2 (HKLM\...\Git_is1) (Version: 2.6.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
JetBrains PyCharm Community Edition 4.0.6 (HKLM-x32\...\PyCharm Community Edition 4.0.6) (Version: 139.1659 - JetBrains s.r.o.)
Lakes Environmental AERMOD View V.8.1.0 (HKLM-x32\...\{C6B7D0CB-3B81-4A60-9329-129242C72768}) (Version: 8.1.0 - Lakes Environmental Software)
Lakes Environmental WRPLOT View - Freeware V.7.0 (HKLM-x32\...\{93108128-6AF8-4B8F-A4F0-ED1C486AC70F}) (Version: 7.0.0 - Lakes Environmental Software)
MATLAB R2014b (HKLM\...\Matlab R2014b) (Version: 8.4 - The MathWorks, Inc.)
Message+ (HKLM-x32\...\{e81287bb-3cf1-409f-abb0-f046c5df16cc}) (Version: 1.0.16.0 - Verizon)
Message+ (x32 Version: 1.0.16.0 - Verizon) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MPICH2 (HKLM-x32\...\{F8EA2D94-BFA9-4D35-9CED-75E5D20D9618}) (Version: 1.4.1 - Argonne National Lab)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Python 2.7 pywin32-219 (HKLM\...\pywin32-py2.7) (Version:  - )
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
R for Windows 3.2.0 (HKLM\...\R for Windows 3.2.0_is1) (Version: 3.2.0 - R Core Team)
R for Windows 3.2.2 (HKLM\...\R for Windows 3.2.2_is1) (Version: 3.2.2 - R Core Team)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1103 - RStudio)
Rtools 3.3 (HKLM-x32\...\Rtools_is1) (Version:  - The R Foundation)
Sassafras K2 Client (HKLM-x32\...\{E23D1D2C-1762-11D5-A8D2-00C04FA35723}) (Version: 7.2 - Sassafras Software Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SigmaPlot 12.0 (HKLM-x32\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.0 - Systat Software, Inc.)
Silverfrost FTN95 (HKLM-x32\...\{8617DAC6-A4C0-40A2-8D82-D66D0013DC6A}) (Version: 7.10 - Silverfrost)
Skype™ 7.11 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.11.102 - Skype Technologies S.A.)
SPLView 1.0.2.3 (HKLM-x32\...\SPLView_is1) (Version: 1.0.2.3 - LVBPrint)
Spotify (HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WeChat (HKLM-x32\...\WeChat) (Version: 1.5.0.22 - 腾讯科技(深圳)有限公司)
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
28-10-2015 10:56:03 Scheduled Checkpoint
31-10-2015 10:36:16 Windows Update
01-11-2015 02:00:10 Windows Update
01-11-2015 21:53:55 Removed OnePCOptimizer.
02-11-2015 13:32:38 zoek.exe restore point
03-11-2015 18:08:25 Installed Microsoft Visual C++ 2005 Redistributable
04-11-2015 02:47:12 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-11-02 13:05 - 00000021 _RASH C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {324766FB-04B0-4774-A45C-E85CF1E1DD6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {47C6850E-F547-4149-A76A-34647A4F3E9E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {495A6FCF-2980-483B-ABFE-18DF15E636D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
Task: {4B167397-AB24-4675-AAD1-6BE17DA90AEB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {5899E3EA-5154-4280-91EB-C229FD8ED744} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {6518084E-0697-4760-A380-B2D76D2DD493} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8080D1D1-5D74-4EEC-84CF-7CA525998AA2} - \NAPGJIMGIVNXHFIB -> No File <==== ATTENTION
Task: {8CF0250E-54FA-46C1-A0A4-A0F04DF03EC1} - System32\Tasks\Uasee => C:\PROGRA~1\SHOPPE~1\Ekerl.bat
Task: {920D8F7B-3186-4CD6-9885-758ACFD08715} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
Task: {932DD886-68E4-4524-B141-81B390EBB7F9} - \DGPUOYA1 -> No File <==== ATTENTION
Task: {BC84DEC2-8FA7-4AED-97A3-D7C3A8544930} - System32\Tasks\{1B811B57-533B-46B0-954A-F28524BD939F} => pcalua.exe -a "E:\xps drivers\CONEXANT_D400-USB-MODEM_RY5VP_A02_SETUP_ZPE.exe" -d "E:\xps drivers"
Task: {C6AD10A0-3114-46B5-80DF-2EEB58FA2DA4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D09AAEA6-8EC0-45BF-A851-E1D71FCE347A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {D789B57F-B5D0-4168-85C6-938F12087693} - System32\Tasks\MATLAB R2014b Startup Accelerator => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe [2014-07-26] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DGPUOYA1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\NAPGJIMGIVNXHFIB.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-17 09:33 - 2014-07-26 03:03 - 00045056 _____ () C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-06-08 14:06 - 2015-06-08 14:06 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-05-15 09:24 - 2015-05-15 09:24 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1989627190-358790448-4226124592-1000\...\dell.com -> dell.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1989627190-358790448-4226124592-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: ArcGIS License Manager => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: FirebirdGuardianDefaultInstance => 2
MSCONFIG\Services: FirebirdServerDefaultInstance => 3
MSCONFIG\Services: FlexNet Licensing Service => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: KeyAccess => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: mpich2_smpd => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: AutoStartVMA => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: KeyAccess => kass.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Chad\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{38A37ACA-D700-4A37-A732-DA2ADA44552E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{89722926-005A-4D83-BA12-88BAF3C9EB70}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B12CBBFF-87FF-48E6-A933-97114C5E7071}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{13B5FB73-7BBC-437F-BCA2-87FAB6BF1FF8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C457830-18C3-4DB5-809C-1522BC53FFF5}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [TCP Query User{35429167-39AE-4534-A14E-7D048F2A08C7}C:\program files (x86)\jetbrains\pycharm community edition 4.0.6\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 4.0.6\bin\pycharm.exe
FirewallRules: [UDP Query User{C0265FBA-88A3-4BB9-93A7-8BA6B3CC285F}C:\program files (x86)\jetbrains\pycharm community edition 4.0.6\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 4.0.6\bin\pycharm.exe
FirewallRules: [{471F8A18-F0A3-4DA0-B85D-F8583F209B55}] => (Allow) C:\Windows\keyacc32.exe
FirewallRules: [TCP Query User{B0C2B17C-43BD-4B82-A2AB-85B054DBCE4C}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{AA3C10F3-763E-4EBB-AA7F-2B032EBCB2EA}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [{C1991FEB-0DF2-477B-BF23-740E90D5F33D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{543B1294-7BDE-4837-9F2D-9B2CFC653174}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5500E80C-D0D5-4C9F-A22B-4FC89C037FA3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F896F0D7-E6B6-4F2F-A8B9-0765AA61F2D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B384D4BE-D92F-48ED-961D-1CD7F8631CDE}C:\users\chad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chad\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BAE1C629-5551-4C12-B96C-FBAC963D9284}C:\users\chad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chad\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1EFDB28F-D8AB-4A95-8AB0-1AF41AE7EA20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4820928D-A8D0-4B7D-8DE7-C2FDBE8414E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C875C925-E799-4558-8D79-6A911A57ED57}C:\program files (x86)\mpich2\bin\mpiexec.exe] => (Allow) C:\program files (x86)\mpich2\bin\mpiexec.exe
FirewallRules: [UDP Query User{C00722BB-1A74-40C5-A5BB-4BCAF8714C2F}C:\program files (x86)\mpich2\bin\mpiexec.exe] => (Allow) C:\program files (x86)\mpich2\bin\mpiexec.exe
FirewallRules: [TCP Query User{C5885B08-93C7-4DDA-AF68-429DC83A9C98}C:\program files (x86)\mpich2\bin\smpd.exe] => (Allow) C:\program files (x86)\mpich2\bin\smpd.exe
FirewallRules: [UDP Query User{E141BFEF-DD1F-437F-BD43-784A4CC9E95D}C:\program files (x86)\mpich2\bin\smpd.exe] => (Allow) C:\program files (x86)\mpich2\bin\smpd.exe
FirewallRules: [TCP Query User{47B3F127-57D6-4B19-9DA0-2EEA6978637C}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12060.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12060.exe
FirewallRules: [UDP Query User{DBC49728-F7C4-468B-86DD-557ACCB48FD1}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12060.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12060.exe
FirewallRules: [TCP Query User{D523B98F-46AF-4027-A77F-32FCF53C1A53}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12345.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12345.exe
FirewallRules: [UDP Query User{BABA4A4C-CD0A-4CD5-AD5C-D5D21CC18A36}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12345.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes_12345.exe
FirewallRules: [TCP Query User{D5403B7D-D91F-4955-94D7-CDDC7A871D2F}C:\program files (x86)\tencent\wechat\wechat.exe] => (Block) C:\program files (x86)\tencent\wechat\wechat.exe
FirewallRules: [UDP Query User{B9DF60C3-D20C-4364-9108-A5898333F399}C:\program files (x86)\tencent\wechat\wechat.exe] => (Block) C:\program files (x86)\tencent\wechat\wechat.exe
FirewallRules: [{EFEC2A6E-E3F0-459F-B066-315B8461C0CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{16B1AA15-FD21-409C-8D08-E18E21193049}C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe] => (Allow) C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe
FirewallRules: [UDP Query User{8804E440-22EA-41CB-93C9-DDF4FA5A16BD}C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe] => (Allow) C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe
FirewallRules: [{A4FFCF89-500E-41BE-B25E-834B22DE0FD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8CD29E5D-1E04-406B-B850-4C6A13F564BA}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes.exe
FirewallRules: [UDP Query User{17F81418-C15F-48A0-9B48-F79F063A5095}C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes.exe] => (Allow) C:\program files (x86)\lakes\aermod view\models\aermod_mpi_lakes.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2015 02:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2015 02:31:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/09/2015 08:06:59 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x80070005
Partial Pkey=HVTHH
ACID=?
Detailed Error[?]
 
Error: (11/09/2015 08:06:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2015 08:37:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpiexec.exe, version: 1.0.0.1, time stamp: 0x4e5fea50
Faulting module name: mpiexec.exe, version: 1.0.0.1, time stamp: 0x4e5fea50
Exception code: 0xc0000005
Fault offset: 0x00014e57
Faulting process id: 0xe88
Faulting application start time: 0xmpiexec.exe0
Faulting application path: mpiexec.exe1
Faulting module path: mpiexec.exe2
Report Id: mpiexec.exe3
 
Error: (11/04/2015 08:36:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpiexec.exe, version: 1.0.0.1, time stamp: 0x4e5fea50
Faulting module name: mpiexec.exe, version: 1.0.0.1, time stamp: 0x4e5fea50
Exception code: 0xc0000005
Fault offset: 0x00014e57
Faulting process id: 0xfdc
Faulting application start time: 0xmpiexec.exe0
Faulting application path: mpiexec.exe1
Faulting module path: mpiexec.exe2
Report Id: mpiexec.exe3
 
Error: (11/03/2015 05:48:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2015 05:18:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2015 05:11:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2015 04:29:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/11/2015 02:36:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%5
 
Error: (11/11/2015 02:36:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
%%5
 
Error: (11/11/2015 02:36:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%5
 
Error: (11/11/2015 02:36:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
%%5
 
Error: (11/11/2015 02:36:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%5
 
Error: (11/11/2015 02:36:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
%%5
 
Error: (11/11/2015 02:36:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%5
 
Error: (11/11/2015 02:36:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
%%5
 
Error: (11/11/2015 02:35:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%5
 
Error: (11/11/2015 02:35:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
%%5
 
 
CodeIntegrity:
===================================
  Date: 2015-11-05 12:11:47.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-29 13:40:47.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-29 13:14:45.281
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 20:43:33.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 20:13:59.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 20:07:53.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 19:51:54.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-27 13:23:11.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-27 13:06:09.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 14:38:32.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8174.41 MB
Available physical RAM: 5889.41 MB
Total Virtual: 16347.03 MB
Available Virtual: 14326.65 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:771.75 GB) (Free:545.34 GB) NTFS
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:15.23 GB) (Free:14.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D6AB8AC0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=771.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=146.5 GB) - (Type=05)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 15.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 12 November 2015 - 01:55 PM

Hi EtuBruce8,
 

I am also now getting a message when I boot up windows saying my version of windows in not genuine.

Can you have a look on your computer, do you see sticker which looks like this?
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
2015-10-31 08:24 - 2015-10-31 08:24 - 00004696 _____ C:\Windows\SysWOW64\Rasigusxu.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00003334 _____ C:\Windows\System32\Tasks\Uasee
2015-10-31 08:24 - 2015-10-31 08:24 - 00002416 _____ C:\Windows\SysWOW64\RasigusxuOff.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00002416 _____ C:\Windows\system32\RasigusxuOff.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Windows\system32\titt
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Users\Chad\AppData\Local\Tempfolder
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\uninst
2015-10-31 08:24 - 2015-10-31 06:57 - 00353656 _____ C:\Windows\system32\Rasigusxu64.dll
2015-10-31 08:24 - 2015-10-31 06:57 - 00283512 _____ C:\Windows\SysWOW64\Rasigusxu.dll
2015-10-31 08:23 - 2015-11-11 14:35 - 00000340 ____H C:\Windows\Tasks\NAPGJIMGIVNXHFIB.job
2015-10-31 08:23 - 2015-11-11 14:35 - 00000328 _____ C:\Windows\Tasks\DGPUOYA1.job
Task: {8080D1D1-5D74-4EEC-84CF-7CA525998AA2} - \NAPGJIMGIVNXHFIB -> No File <==== ATTENTION
Task: {932DD886-68E4-4524-B141-81B390EBB7F9} - \DGPUOYA1 -> No File <==== ATTENTION
C:\PROGRA~1\SHOPPE~1
C:\ProgramData\FlashBeat
C:\ProgramData\Service1291
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 EtuBruce8

EtuBruce8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 12 November 2015 - 05:23 PM

Hi xxToffeeXx,

 

Yes, my machine has that sticker. Should I message it to you?

 

Here is the output from the Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Chad (2015-11-12 17:22:00) Run:3
Running from C:\Users\Chad\Desktop
Loaded Profiles: Chad (Available Profiles: Chad)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2015-10-31 08:24 - 2015-10-31 08:24 - 00004696 _____ C:\Windows\SysWOW64\Rasigusxu.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00003334 _____ C:\Windows\System32\Tasks\Uasee
2015-10-31 08:24 - 2015-10-31 08:24 - 00002416 _____ C:\Windows\SysWOW64\RasigusxuOff.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00002416 _____ C:\Windows\system32\RasigusxuOff.ini
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Windows\system32\titt
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\Users\Chad\AppData\Local\Tempfolder
2015-10-31 08:24 - 2015-10-31 08:24 - 00000000 ____D C:\uninst
2015-10-31 08:24 - 2015-10-31 06:57 - 00353656 _____ C:\Windows\system32\Rasigusxu64.dll
2015-10-31 08:24 - 2015-10-31 06:57 - 00283512 _____ C:\Windows\SysWOW64\Rasigusxu.dll
2015-10-31 08:23 - 2015-11-11 14:35 - 00000340 ____H C:\Windows\Tasks\NAPGJIMGIVNXHFIB.job
2015-10-31 08:23 - 2015-11-11 14:35 - 00000328 _____ C:\Windows\Tasks\DGPUOYA1.job
Task: {8080D1D1-5D74-4EEC-84CF-7CA525998AA2} - \NAPGJIMGIVNXHFIB -> No File <==== ATTENTION
Task: {932DD886-68E4-4524-B141-81B390EBB7F9} - \DGPUOYA1 -> No File <==== ATTENTION
C:\PROGRA~1\SHOPPE~1
C:\ProgramData\FlashBeat
C:\ProgramData\Service1291
*****************
 
C:\Windows\SysWOW64\Rasigusxu.ini => moved successfully
C:\Windows\System32\Tasks\Uasee => moved successfully
C:\Windows\SysWOW64\RasigusxuOff.ini => moved successfully
C:\Windows\system32\RasigusxuOff.ini => moved successfully
C:\Windows\system32\titt => moved successfully
C:\Users\Chad\AppData\Local\Tempfolder => moved successfully
C:\uninst => moved successfully
C:\Windows\system32\Rasigusxu64.dll => moved successfully
C:\Windows\SysWOW64\Rasigusxu.dll => moved successfully
C:\Windows\Tasks\NAPGJIMGIVNXHFIB.job => moved successfully
C:\Windows\Tasks\DGPUOYA1.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8080D1D1-5D74-4EEC-84CF-7CA525998AA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8080D1D1-5D74-4EEC-84CF-7CA525998AA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NAPGJIMGIVNXHFIB" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{932DD886-68E4-4524-B141-81B390EBB7F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{932DD886-68E4-4524-B141-81B390EBB7F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DGPUOYA1" => key removed successfully
"C:\PROGRA~1\SHOPPE~1" => not found.
"C:\ProgramData\FlashBeat" => not found.
"C:\ProgramData\Service1291" => not found.
 
==== End of Fixlog 17:22:00 ====


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 14 November 2015 - 03:09 PM

Hi EtuBruce8,

 

Please note down the product key from that sticker, and then follow these instructions to activate windows.

 

Reboot and let me know if the "windows is not active" message still appears.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 EtuBruce8

EtuBruce8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 16 November 2015 - 08:20 AM

Hello,

 

I still cannot get on the internet to solve this, although the message on Chrome is different now. It says DNS PROBLEM NO INTERNET

The internet connection is not showing up on the taskbar as well (it says Network - No Internet)

I tried restarting under Normal startup (from msconfig)

I tried doing ipconfig /release but cmd returns that the RPC in unavailable

I checked the ethernet cable and the port, they are not the problem.

 

Thanks for your continued advice here!



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 17 November 2015 - 09:24 AM

Hi EtuBruce8,
 
Looks like it is not a malware issue, I have a couple of things we can try.
 
Please download this program on another computer and transfer it via USB or CD to the computer with the problem. Right click on the application and select Run as administrator. Click on Advanced Repair and follow the prompts. Once the application is done, please reboot the computer.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 EtuBruce8

EtuBruce8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 17 November 2015 - 10:07 AM

Hi,

 

Tried it, no luck. 

 

Is it possible the problem is due to what I did earlier when I was trying to fix this?

I have tried to implement the solution from the first link myself, but I couldn't make it work (I think because the dll I downloaded was not signed, so the dll I copied to SysWOW64 was not signed. I then tried to copy one that was signed from system32 and it hasn't worked).

 

Essentially, I downloaded an unsigned dnsapi.dll, which I copied into SysWOW64.  This did not fix my problem

I then copied the dnsapi.dll from system32 to SysWOW64.  This also did not work.

So now, the dnsapi.dll in system32 and SysWOW64 are the same.

I have the dnsapi that was in SysWOW64 previously.  Should I copy that back and see what happens?



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 17 November 2015 - 11:26 AM

Hi EtuBruce8,
 
Ah yes, that may be part of the problem. Thank you for telling me about that
 
Let's have a look at the copies of dnsapi.dll on the system:

We need to search for a file with FRST:

  • Double-click on FRST.exe/FRST64.exe on your desktop to open it, in the search box, type the following: dnsapi.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 EtuBruce8

EtuBruce8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 17 November 2015 - 03:16 PM

Here it is!

 

Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Chad (2015-11-17 15:12:13)
Running from C:\Users\Chad\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2015-05-14 07:51][2011-03-03 00:12] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2015-05-14 07:51][2011-03-03 00:38] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2010-11-20 22:24][2010-11-20 22:24] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2015-05-14 07:51][2011-03-03 01:12] 0357888 ____A (Microsoft Corporation) DCC0888655823103F19EF8FFD330080D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2015-05-14 07:51][2011-03-03 01:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-20 22:24][2010-11-20 22:24] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01 [File is digitally signed]
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-05-14 07:51][2011-03-03 00:38] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File is digitally signed]
 
C:\Windows\System32\dnsapi.dll
[2015-05-14 07:51][2011-03-03 01:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is digitally signed]
 
C:\Users\Chad\Desktop\dnsapi.dll
[2015-11-03 16:45][2014-02-04 14:25] 0221184 ____N (Microsoft Corporation) B6BB1EDE455D39B80F4BAE23478A2905 [File not signed]
 
====== End of Search ======





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users