Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan and Spyware removal from my computer


  • This topic is locked This topic is locked
32 replies to this topic

#1 mjthai

mjthai

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 04 February 2016 - 05:10 PM

Hi,

 

First time posting here - with a problem. Discovered yesterday that my computer is infected with Trojan.Mdropper and JS.Downloader when I ran full scan with Norton Security Suite. It was unable to remove these - tried Norton Power Scrubber - it did not find issues -pretty useless. Ran a scan with Microsoft Security Essentials and it did find remove 5 instances of the infections. Ran RogueKiller and it found some more files that were deleted.

 

Forgot to mention this: The scans with Microsoft Security Essentials and RogueKiller were done when I was running the computer in Safe Mode with Networking. I was not able to start Norton in this mode - maybe it is corrupted..

 

Looked a bit too easy so restarted the machine and ran a check with Norton and RogueKiller again - Norton showed the same infection while RogueKiller showed hidden.ads

 

I have a Lenovo X201 running 64 bit Windows 7 Professional.

 

Any help I can get to remove these from my computer would be greatly appreciated!

 

Thank you.

MJThai


Edited by mjthai, 04 February 2016 - 05:14 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 04 February 2016 - 05:42 PM

Hi mjthai :)

My name is Aura and I'll be assisting you with your issue. To get started, I need you to provide me FRST logs (FRST.txt and Addition.txt). Can you follow the instructions below please? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 04 February 2016 - 06:02 PM

Attached File  Addition.txt   52.87KB   4 downloadsScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Manoj (administrator) on MANOJ-LENOVO (04-02-2016 14:52:16)
Running from C:\Users\Manoj\Desktop
Loaded Profiles: Manoj (Available Profiles: Manoj)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\GManager.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Windows\System32\mlpatch.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-14] (Lenovo)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1896656 2016-01-11] (Magic Control Technology Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-02] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8547320 2016-01-20] (Binary Fortress Software)
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\MountPoints2: {932c04c6-316d-11e5-aaff-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-09-21]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{06E40AFA-30AB-4D8A-9AD6-2647EB3C9070}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6193BF13-5288-4ACF-83F0-7395BDB74AFB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {81ABD569-F769-4266-95F4-3BD9F3310293} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {81ABD569-F769-4266-95F4-3BD9F3310293} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {81ABD569-F769-4266-95F4-3BD9F3310293} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {81ABD569-F769-4266-95F4-3BD9F3310293} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2466105403-3288891235-289223170-1001 -> DefaultScope {81ABD569-F769-4266-95F4-3BD9F3310293} URL =
SearchScopes: HKU\S-1-5-21-2466105403-3288891235-289223170-1001 -> {81ABD569-F769-4266-95F4-3BD9F3310293} URL =
SearchScopes: HKU\S-1-5-21-2466105403-3288891235-289223170-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-08-26] (Lenovo Group Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2466105403-3288891235-289223170-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: HKLM-x32 {3216F683-68D2-4C5B-B7EC-9496AF981FC0} hxxp://qtview.com/DevFetcher.exe
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://qtview.com/WebClient.exe
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-12-07] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: www.msn.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2ADF&PC=SK2A&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-18] (Adobe Systems, Inc.)
FF Plugin-x32: @DVR4/DevFetcher -> C:\Windows\system32\DevFetcher\npdevfetcher.dll [No File]
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2466105403-3288891235-289223170-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Manoj\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-2466105403-3288891235-289223170-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Manoj\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2466105403-3288891235-289223170-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Manoj\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF SearchPlugin: C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default\searchplugins\marriott-hotel-search-by-cityairport-code.xml [2016-01-27]
FF SearchPlugin: C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default\searchplugins\norton-safe-search.xml [2015-11-04]
FF Extension: Bing Search - C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default\Extensions\bingsearch.full@microsoft.com [2015-09-07] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension [2015-07-23] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-12]
CHR Extension: (Google Docs) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-12]
CHR Extension: (Google Drive) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-04]
CHR Extension: (Google Cast) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-01-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-04]
CHR Extension: (Google Search) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Google Sheets) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-12]
CHR Extension: (Gmail) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-26] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4616216 2016-01-20] (Binary Fortress Software)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-08-24] (Lenovo.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 MlPatch; C:\Windows\system32\MlPatch.exe [2244912 2014-08-22] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-29] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [42168 2015-03-29] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [204296 2012-04-12] (Nitro PDF Software)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-12-07] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-09-29] (Intuit Inc.) [File not signed]
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2194096 2015-03-29] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-29] (Microsoft Corporation)
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-02-10] (Lenovo Group Limited) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [172752 2016-01-12] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160203.071\ENG64.SYS [138488 2016-02-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160203.071\EX64.SYS [2148080 2016-02-03] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-10-07] (CACE Technologies, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-07-23] ()
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-29] (Microsoft Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 t1pusb64; C:\Windows\System32\drivers\t1pusb64.sys [156424 2016-01-19] (Magic Control Technology Corp.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-04 14:52 - 2016-02-04 14:52 - 00035270 _____ C:\Users\Manoj\Desktop\FRST.txt
2016-02-04 14:51 - 2016-02-04 14:52 - 00000000 ____D C:\FRST
2016-02-04 14:50 - 2016-02-04 14:49 - 02370560 _____ (Farbar) C:\Users\Manoj\Desktop\FRST64.exe
2016-02-03 22:41 - 2016-02-04 14:04 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-03 22:41 - 2016-02-03 23:04 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-03 22:41 - 2016-02-03 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-02-03 22:41 - 2016-02-03 22:41 - 00000000 ____D C:\Program Files\RogueKiller
2016-02-03 22:40 - 2016-02-03 22:40 - 00000000 ____D C:\Users\Manoj\AppData\Local\ElevatedDiagnostics
2016-02-03 19:52 - 2016-02-03 23:23 - 00278766 _____ C:\Windows\ntbtlog.txt
2016-02-02 16:45 - 2016-02-02 16:45 - 25022464 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals LLC (Backup Feb 02,2016  04 44 PM).QBB
2016-02-02 04:31 - 2016-02-02 04:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-01 22:59 - 2016-02-01 22:59 - 00014679 _____ C:\Users\Manoj\Desktop\Intuit.pdf
2016-02-01 22:29 - 2016-02-01 22:29 - 50708480 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals Ltd. (Backup Feb 01,2016  10 28 PM).QBB
2016-01-31 20:34 - 2016-02-01 13:12 - 00109126 _____ C:\Users\Manoj\Desktop\Jan - UVISA.pdf
2016-01-31 20:20 - 2016-01-31 20:20 - 00042292 _____ C:\Users\Manoj\Desktop\Jan 2016 - SAFE Ltd.pdf
2016-01-30 13:46 - 2016-01-30 13:48 - 00138326 _____ C:\Users\Manoj\Desktop\USPS - Email Us.pdf
2016-01-29 20:57 - 2016-01-29 20:57 - 00223874 _____ C:\Users\Manoj\Desktop\Wedding Invitation.pdf
2016-01-29 11:58 - 2016-01-29 11:58 - 00000000 ____D C:\Users\Manoj\Documents\Purchase Orders Issued
2016-01-28 09:33 - 2016-01-28 09:33 - 00000000 ____D C:\Users\Manoj\Documents\Intuit
2016-01-27 13:15 - 2016-01-27 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-27 12:52 - 2016-01-27 12:52 - 00039938 _____ C:\Users\Manoj\Desktop\Avery-Label-5267-1.avery
2016-01-24 21:57 - 2016-01-24 21:57 - 50675712 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals Ltd. (Backup Jan 24,2016  09 57 PM).QBB
2016-01-24 13:00 - 2016-02-04 13:51 - 00000000 ____D C:\Users\Manoj\Desktop\TCMM - Week 3
2016-01-24 12:47 - 2016-01-28 09:11 - 00000000 ___RD C:\Users\Manoj\Documents\Dropbox
2016-01-23 00:08 - 2015-12-16 10:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-01-23 00:08 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-01-23 00:08 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-01-23 00:08 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-01-23 00:08 - 2015-12-16 10:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-01-23 00:08 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-01-23 00:08 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-01-23 00:08 - 2015-12-16 10:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-01-22 17:33 - 2015-12-03 10:18 - 00670824 _____ (Magic Control Technology Corporation) C:\Windows\system32\igdumdmx.dll
2016-01-22 15:23 - 2016-01-22 15:23 - 24526848 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals LLC (Backup Jan 22,2016  03 23 PM).QBB
2016-01-19 03:00 - 2016-01-19 03:00 - 00156424 _____ (Magic Control Technology Corp.) C:\Windows\system32\Drivers\t1pusb64.sys
2016-01-19 03:00 - 2016-01-19 03:00 - 00038696 _____ (Magic Control Technology Corporation) C:\Windows\system32\TrgCoInst64.dll
2016-01-15 18:32 - 2016-01-22 19:49 - 00000000 ____D C:\Users\Manoj\Desktop\Shabad
2016-01-15 17:43 - 2016-01-15 17:43 - 24506368 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals LLC (Backup Jan 15,2016  05 43 PM).QBB
2016-01-15 17:38 - 2016-01-15 17:52 - 2010621995 _____ C:\Users\Manoj\Documents\1-15-2016_Neat.nbak
2016-01-13 00:19 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 00:19 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 00:19 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 00:19 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 00:19 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 00:19 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 00:19 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 00:19 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 00:19 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 00:19 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 00:19 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 00:19 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 00:19 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 00:19 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 00:19 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 00:19 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 00:18 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 00:18 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 00:18 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 00:18 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 00:18 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 00:18 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 00:18 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 00:18 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 00:18 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 00:18 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 00:18 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 00:18 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 00:18 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 00:18 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 00:18 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 00:18 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 00:18 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 00:18 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 00:18 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 00:18 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 00:18 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 00:18 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 00:18 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 00:18 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 00:18 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 00:18 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 00:18 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 00:18 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 00:18 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 00:18 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 00:18 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 00:18 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 00:18 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 00:18 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 00:18 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 00:18 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 00:18 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 00:18 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 00:18 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 00:18 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 00:18 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 00:18 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 00:18 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 00:18 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 00:18 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 00:18 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 00:18 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 00:18 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 00:18 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 00:18 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 00:18 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 00:18 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 00:18 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 00:18 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 00:18 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 00:18 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 00:18 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 00:18 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 00:18 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 00:18 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 00:18 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 00:18 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 00:18 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 00:18 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 00:18 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 00:18 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 00:18 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 00:18 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 00:18 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 00:18 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 00:18 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 00:18 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 00:18 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 00:18 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 00:18 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 00:18 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 00:18 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 00:18 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 00:18 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 00:18 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 00:18 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 00:18 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 00:18 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 00:17 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 00:17 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 00:17 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 00:17 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 00:17 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 00:17 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 00:17 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 00:17 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 00:17 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 00:17 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 00:17 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 00:17 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 00:17 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 00:17 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 00:17 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 00:17 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 00:17 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 00:17 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 00:17 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 00:17 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 00:17 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 00:17 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 00:17 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 00:17 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 00:17 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 00:17 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 00:17 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 00:17 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 00:17 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 00:17 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 00:17 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 00:17 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 00:17 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 00:17 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 00:17 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 00:17 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 00:17 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 00:17 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 00:17 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 00:17 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 00:17 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 00:17 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 00:17 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 00:17 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 00:17 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 00:17 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 00:17 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 00:17 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 00:17 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 00:17 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 00:17 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 16:31 - 2016-01-17 22:57 - 05300675 _____ C:\Users\Manoj\Desktop\Nutrition_week-1.pdf.pdf
2016-01-11 12:19 - 2016-01-11 12:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-01-10 12:31 - 2016-01-10 12:31 - 03234987 _____ C:\Users\Manoj\Desktop\TCMM RECIPE EBOOK.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-04 14:43 - 2015-11-26 16:38 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-04 14:41 - 2015-12-02 10:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12d2f6e038332.job
2016-02-04 14:39 - 2015-07-24 15:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-04 14:12 - 2009-07-13 20:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-04 14:12 - 2009-07-13 20:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-04 12:40 - 2015-07-23 17:18 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\Nitro PDF
2016-02-04 10:13 - 2009-07-13 21:13 - 00891500 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-04 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-04 10:10 - 2015-07-31 01:14 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-02-04 09:13 - 2015-12-02 10:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12d2f6dc33e0b.job
2016-02-04 09:13 - 2015-11-26 16:38 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-04 09:13 - 2015-07-23 13:06 - 00000000 ____D C:\Users\Manoj\AppData\Local\CrashDumps
2016-02-04 09:12 - 2015-07-23 13:05 - 00002813 _____ C:\Windows\system32\GManager.ini
2016-02-04 09:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-04 03:15 - 2015-07-24 09:39 - 00000486 _____ C:\Windows\Tasks\SQLBackupAndFtp_180 Backup.job
2016-02-03 20:36 - 2015-10-16 13:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-03 19:49 - 2015-07-23 18:19 - 00000000 ____D C:\Users\Manoj\Documents\Outlook Files
2016-02-03 19:44 - 2015-07-23 11:12 - 00000000 ____D C:\swshare
2016-02-03 19:10 - 2015-10-09 17:31 - 00000000 ____D C:\Users\Manoj\AppData\Local\NPE
2016-02-03 19:02 - 2015-10-09 17:34 - 00000000 ____D C:\NPE
2016-02-03 19:00 - 2015-07-24 15:46 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\TeamViewer
2016-02-03 15:14 - 2015-07-23 17:40 - 00000000 ____D C:\Users\Manoj\Documents\Personal
2016-02-02 23:08 - 2015-07-23 17:43 - 00000000 ____D C:\Users\Manoj\Documents\Safe Financial
2016-02-02 04:32 - 2015-11-19 12:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 04:31 - 2015-11-19 12:41 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-02-02 04:31 - 2015-11-19 12:41 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-02-01 20:36 - 2015-12-02 10:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d12d2f6e038332
2016-02-01 20:36 - 2015-12-02 10:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12d2f6dc33e0b
2016-01-30 12:29 - 2015-07-31 18:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-30 12:16 - 2015-07-23 17:39 - 00000000 ____D C:\Users\Manoj\Documents\Estate of Sanjeev
2016-01-29 01:37 - 2015-07-24 08:56 - 00000000 ____D C:\Program Files (x86)\GoldMine
2016-01-28 19:36 - 2015-09-12 20:21 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 09:33 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\Nuance
2016-01-28 09:33 - 2015-07-23 16:11 - 00000000 ____D C:\ProgramData\Nuance
2016-01-27 23:25 - 2015-07-23 17:37 - 00000000 ____D C:\Users\Manoj\Documents\Word Folder
2016-01-27 21:57 - 2015-11-26 16:38 - 00000000 ____D C:\Users\Manoj\AppData\Local\Dropbox
2016-01-27 21:55 - 2015-07-23 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-27 16:38 - 2015-08-13 13:09 - 00000000 ____D C:\Users\Manoj\Documents\Tor Browser
2016-01-27 14:07 - 2015-07-23 17:45 - 00000000 ____D C:\Users\Manoj\Documents\SAFE LLC Tax
2016-01-27 12:36 - 2015-07-23 17:39 - 00000000 ____D C:\Users\Manoj\Documents\LEADS - Market Information
2016-01-27 11:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2016-01-23 12:11 - 2009-07-13 20:45 - 00477376 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-23 04:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-01-21 12:05 - 2015-07-28 08:51 - 00000000 ____D C:\Users\Manoj\Documents\DisplayFusion Backups
2016-01-21 12:05 - 2015-07-28 08:51 - 00000000 ____D C:\Users\Manoj\AppData\Local\DisplayFusion
2016-01-21 12:05 - 2015-07-23 17:25 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\DisplayFusion
2016-01-21 12:05 - 2015-07-23 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2016-01-21 12:05 - 2015-07-23 17:25 - 00000000 ____D C:\Program Files (x86)\DisplayFusion
2016-01-20 10:41 - 2015-12-22 07:00 - 00000000 ____D C:\Users\Manoj\Documents\SAFE LLC Litigation
2016-01-20 10:40 - 2015-07-23 22:41 - 00000000 ____D C:\Users\Manoj
2016-01-20 10:38 - 2015-12-08 13:05 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\Epson
2016-01-20 10:38 - 2015-12-08 13:02 - 00000000 ____D C:\ProgramData\EPSON
2016-01-15 17:38 - 2015-07-31 18:16 - 00000000 ____D C:\Users\Manoj\Documents\Neat Data
2016-01-13 15:38 - 2015-07-23 17:05 - 00000000 ____D C:\Users\Manoj\AppData\Local\Adobe
2016-01-13 15:38 - 2015-07-23 16:08 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-13 15:38 - 2015-07-23 16:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-13 03:43 - 2015-07-23 19:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 03:43 - 2015-07-23 19:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 03:42 - 2015-07-23 12:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 03:42 - 2015-07-23 12:12 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 03:25 - 2015-07-23 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 03:21 - 2015-07-23 11:27 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 03:10 - 2015-07-23 11:27 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-12 17:47 - 2015-10-01 13:24 - 00172752 _____ (Magic Control Technology Corporation) C:\Windows\system32\Drivers\mctkmd64.sys
2016-01-12 13:04 - 2015-07-23 17:38 - 00000000 ____D C:\Users\Manoj\Documents\Chai Club
2016-01-11 12:05 - 2015-11-26 16:41 - 00000000 ___RD C:\Users\Manoj\Dropbox
2016-01-10 21:32 - 2015-07-23 22:41 - 00000000 ____D C:\Users\Manoj\AppData\Local\VirtualStore
2016-01-07 11:27 - 2015-09-11 14:01 - 00000000 ____D C:\Users\Manoj\Documents\2015 Tax
2016-01-07 10:44 - 2015-07-23 17:37 - 00000000 ____D C:\Users\Manoj\Documents\STAR TDS
2016-01-05 15:33 - 2015-07-23 17:48 - 00000000 ____D C:\Users\Manoj\Documents\Sparsh Taxes

==================== Files in the root of some directories =======

2015-07-24 09:03 - 2015-07-24 09:03 - 0000008 __RSH () C:\Users\Manoj\AppData\Local\ℤ™☠
2015-07-23 18:02 - 2015-07-23 18:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Manoj\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-29 05:20

==================== End of FRST.txt ============================



#4 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 04 February 2016 - 09:05 PM

Hi Aura,

 

Thanks for your help. Posted the results of the FRST scan above. When you have had a chance to look them over, do let me know the next steps.

 

MJ



#5 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 05 February 2016 - 01:54 PM

Hi Aura,

 

Another question - If I copy all the data (outlook .pst files, office files(xlsx, .doc), pdf files, pictures, quickbooks and goldmine files) on the infected machine to an external drive - the date should be safe since there would be no .exe files? I can then use the external storage drive on another computer tocontinue working?

 

Do let me know.

 

Thanks!

MJ



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 05 February 2016 - 05:15 PM

Hi mijthai :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • Finally, in the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

warning.gifOutdated Programs Warning!

I noticed that you have outdated vulnerable programs installed on your system. I'll ask you to uninstall them since keeping outdated software installed on a system puts it more at risk of being infected. Otherwise, you can update them right now, and make sure that their outdated version is uninstalled after. We will reinstall these programs at the end of the clean-up if you decide to uninstall them now, and need them after.
  • Adobe Flash Player 19 ActiveX;
  • Adobe Reader 9.4.0;
  • Java 8 Update 51;
If you have an issue when uninstalling a program, please let me know.

warning.gifMultiple Antivirus Warning!
I see that you have multiple Antivirus programs installed on your system.
  • Norton Security Suite;
  • Microsoft Security Essentials;
You should only have one Antivirus installed at all time on a computer. Reason being that having more than one installed can cause system instability and conflict due to the way these programs works and interact with the system. If you want to read more about these kind of issues, I suggest you to read the "IMPORTANT NOTE" in quietman7's post here. This being said, I'll ask you to choose the Antivirus program you want to keep, and uninstall the other(s). Usually, you would keep the program you pay for, and uninstall the free one(s). If you pay for multiple products, keep the one you prefer the most, and uninstall the other(s). In your case however, before you uninstall any of these programs, is it possible for you to copy/paste the content of their protection and/or scan logs, so I can see what they are detecting exactly? If you don't know where to find these logs, let me know. As long as I have the filename and full path to it, I'll be good. Same for RogueKiller. After running a Scan with it, click on the Report on the right, and copy/paste the content of the log that will open in your next reply.

Do you use a search plugin in Firefox to search Marriott hotels?
FF SearchPlugin: C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default\searchplugins\marriott-hotel-search-by-cityairport-code.xml [2016-01-27]
I'm also interested in a suspicious file on your system. Before we delete it by running a FRST fix, can you upload it here on BleepingComputer so I can check it out?
  • Go on the BleepingComputer submission page;
  • Click Choose a file and navigate to the C:\Users\Manoj\AppData\Local folder;
  • Click on the file named ℤ☠ (oddly named file) and click on Ok;
  • Once done, click on the Validate button (green) at the bottom of the page to upload it;
Once you've done the above, we'll run a first fix with FRST. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


Your next reply should include:
  • Copy/pasted content of a Microsoft Security Essentials log with the detections you are talking about;
  • Copy/pasted content of a Norton Security Suite log with the detections you are talking about;
  • Answer to my question about the Mariott Hotels search plug in Mozilla Firefox;
  • Copy/pasted content of the RogueKiller log after running a scan with it;
  • Copy/pasted content of the FRST fixlog.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 05 February 2016 - 07:14 PM

Hi Yoan,

 

Thanks - my name, as you must have seen in the logs, is Manoj. I wanted to run a few actions/options by you before I went further on this: 

 

1) The infected computer has been disconnected from the Internet since I found the problem - in order to run anything on that, I download on a different computer, copy it onto a USB drive and then upload on the computer via the USB. To send the results to you, I follow a reverse path - so Question: Is it safe to do that (maybe a bit late in asking!)?

 

2) I understand the time limitations that you have and appreciate your helping me solve this problem. However, this is my main computer that I use for all my work so I am seriously handicapped without it. In order for me to be up and running as quickly as possible - would it faster (for me) to just reinstall everything using the media that I recd when I had bought the machine? Will that clear the Tojan/Spyware Infection? I can copy all my data onto a portable drive and after reinstalling and updating Windows, I could load all my data back. I am assuming that the data would not be infected as there are NO .exe files - only Excel, Word, pdf, Photos, quickbooks files etc.

PLEASE confirm if this is a good option considering the time.

 

3) I am not able to see where I can copy logs from Microsoft Security Essentials. In the History section, it shows the items that were detected and quarantined - but does not show the location where they were found. I also could not copy that information so I am writing the details below - If there is a way to find and copy the logs, please let me know.

Microsoft Security Essentials history:

1) TrojanDownloader:JS/Swabfex.A            SEVERE           2/4/2016 6:32 PM        QUARANTINED

2) Exploit: Win32/CVE-2012-0158               SEVERE           2/4/2016 6:30 PM        QUARANTINED

3) TrojanDownloader:JS/Swabfex.A              SEVERE           2/4/2016 6:27 PM        QUARANTINED

4) TrojanDownloader:JS/Swabfex.A            SEVERE           2/4/2016 12:20 AM      QUARANTINED

5) Exploit: Win32/CVE-2012-0158               SEVERE           2/4/2016 12:17 AM      QUARANTINED

6) TrojanDownloader:JS/Swabfex.A              SEVERE           2/4/2016 12:14 AM      QUARANTINED

 

Thanks

Manoj


Edited by mjthai, 05 February 2016 - 07:30 PM.


#8 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 05 February 2016 - 07:21 PM

I checked just now and in the folder C:\Users\Manoj\AppData I did not see any file named   (oddly named file). Maybe it was cleaned by CC Cleaner which I had run last night before I recd  your message about No Modifications?

 

Manoj



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 05 February 2016 - 11:37 PM

1) The infected computer has been disconnected from the Internet since I found the problem - in order to run anything on that, I download on a different computer, copy it onto a USB drive and then upload on the computer via the USB. To send the results to you, I follow a reverse path - so Question: Is it safe to do that (maybe a bit late in asking!)?


If you want, you can follow these steps in Safe Mode with Networking instead. Malware present on your computer shouldn't be launched there, so no communications will be initiated as well. Since we don't know what you are infected with, I can't tell if the malware present on your system have USB spreading capabilities. I don't see any signs that would let me think that you are infected with a such malware however.
 

2) I understand the time limitations that you have and appreciate your helping me solve this problem. However, this is my main computer that I use for all my work so I am seriously handicapped without it. In order for me to be up and running as quickly as possible - would it faster (for me) to just reinstall everything using the media that I recd when I had bought the machine? Will that clear the Tojan/Spyware Infection? I can copy all my data onto a portable drive and after reinstalling and updating Windows, I could load all my data back. I am assuming that the data would not be infected as there are NO .exe files - only Excel, Word, pdf, Photos, quickbooks files etc.
PLEASE confirm if this is a good option considering the time.


I do understand where you're coming from with this. I'll tell you this as a technical support: yes, it would be faster for you to back up the data you want to preserve, and clean install Windows on your system, then install back everything. That is, assuming you are comfortable with that process and won't lose time looking into it. Depending on what you are infected with, a Factory Reset should be enough to remove malware on your system (assuming that you aren't infected with a nasty, persistent malware). And right now, I don't see any traces of file infector on your system, so these documents should be safe to back up. Once again, I cannot guarantee this since I have no information on what you are infected with.
 

3) I am not able to see where I can copy logs from Microsoft Security Essentials. In the History section, it shows the items that were detected and quarantined - but does not show the location where they were found. I also could not copy that information so I am writing the details below - If there is a way to find and copy the logs, please let me know.
Microsoft Security Essentials history:
1) TrojanDownloader:JS/Swabfex.A SEVERE 2/4/2016 6:32 PM QUARANTINED
2) Exploit: Win32/CVE-2012-0158 SEVERE 2/4/2016 6:30 PM QUARANTINED
3) TrjanDownloader:JS/Swabfex.A SEVERE 2/4/2016 6:27 PM QUARANTINED
4) TrojanDownloader:JS/Swabfex.A SEVERE 2/4/2016 12:20 AM QUARANTINED
5) Exploit: Win32/CVE-2012-0158 SEVERE 2/4/2016 12:17 AM QUARANTINED
6) TrjanDownloader:JS/Swabfex.A SEVERE 2/4/2016 12:14 AM QUARANTINED


For Microsoft Security Essential logs, refer to the point 18. of the thread below on the Microsoft Community website.

http://answers.microsoft.com/en-us/protect/wiki/mse-protect_start/microsoft-security-essentials-consolidated-faq/4d726f20-15d8-475f-ac47-a21507d112c8

You'll have to use the command prompt and use a few commands to create a cabinet archive (.cab file) containing the logs, then extract it's content and open the logs in Notepad to access their content.
 

I checked just now and in the folder C:\Users\Manoj\AppData I did not see any file named ℤ☠ (oddly named file). Maybe it was cleaned by CC Cleaner which I had run last night before I recd your message about No Modifications?


I doubt that CCleaner would take care of it. If you go in your Folder Options (you can search it via the Start Menu), under the View tab and:
  • Check Show hidden files, folders and drives;
  • Uncheck Hide protected operating system files (recommended);
Do you see it after? After that, if you go straight in the C:\Users\Manoj\AppData folder (without using the upload feature on BleepingComputer), do you see it? If you still don't see it, follow the instructions below then please.
  • Close any open programs you have;
  • Close and/or disable any Antivirus, Antimalware and Firewall programs you have so they do not interfere while ComboFix is running;
  • Once done, download CFScript.txt and ComboFix and save them both on your Desktop;
  • Now, drag and drop the CFScript.txt file on top of ComboFix.exe, like shown in the example below;
    CFScriptB-4.gif
  • Once ComboFix is done running, a log will be produced at C:\ComboFix.txt. Please copy/paste its content in your next reply;
By doing this, you'll run ComboFix with a script that will upload the suspicious file (if present on your system) to our malware submission channel on BleepingComputer so I can take a look at it :)

Also, if you decide to go through with a clean reinstall and/or Factory Reset, please let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 06 February 2016 - 09:54 AM

Hi Yoan,

 

Thanks - for your help. Have checked as per your suggestions and will load the various files later today. I tried to run Outlook in Safe Mode but am not able to start any Office Application - Word/Excel/Outlook...seems like the Office Application may have been corrupted.

 

Manoj Jain



#11 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 06 February 2016 - 06:09 PM

Hi Yoan

 

I am attaching the NISlog file from Microsoft Security Essentials. There is another file named MPLog it is quite large - 22.7M so not able to upload it.. I am also attaching a MPDetection file from MSE - this shows that it detected the Trojan on 01/16. Lastly, the odd file from Appdata - I was not able to load it - I recd a message "You are not allowed to upload this kind of file (it is showing as a system file). I will try the CFScript etc later as I am currently traveling so will do the next steps later - probably tomorrow morning Pacific Time.

 

Thank you and do let me know if there is another way to upload the MSE Log file (MPLog)

 

ManojAttached File  NisLog.txt   4.33MB   6 downloadsAttached File  NisLog.txt   4.33MB   6 downloadsAttached File  MPDetection-01122016-180759.log   15.47KB   5 downloads



#12 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 07 February 2016 - 10:11 PM

Hi Yoan,

 

How do I disable or stop MSE, Norton Security Suite etc while I have the computer running in Safe Mode, in order to run ComboFix?

 

Thanks

Manoj



#13 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 08 February 2016 - 12:24 PM

Hi Yoan

 

This is the Combofix log:

ComboFix 16-02-05.01 - Manoj 02/07/2016  21:04:44.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7988.5522 [GMT -8:00]
Running from: c:\users\Manoj\Desktop\ComboFix.exe
Command switches used :: c:\users\Manoj\Desktop\CFScript.txt
AV: Emsisoft Anti-Malware *Disabled/Outdated* {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Norton Security Suite *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security Suite *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Norton Security Suite *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Manoj\AppData\Local\assembly\tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
Q:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-08 to 2016-02-08  )))))))))))))))))))))))))))))))
.
.
2016-02-08 05:54 . 2016-02-08 05:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-02-08 03:01 . 2015-11-25 11:02    11154520    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DE0E3A0-F0A8-47BA-8C14-67F8C0277787}\mpengine.dll
2016-02-07 00:39 . 2015-11-25 11:02    11154520    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-05 03:56 . 2016-02-05 03:56    --------    d-----w-    c:\programdata\Emsisoft
2016-02-05 02:42 . 2016-02-08 05:55    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2016-02-04 22:51 . 2016-02-04 22:55    --------    d-----w-    C:\FRST
2016-02-04 06:41 . 2016-02-08 03:27    28272    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2016-02-04 06:41 . 2016-02-04 06:41    --------    d-----w-    c:\program files\RogueKiller
2016-02-04 06:41 . 2016-02-04 07:04    --------    d-----w-    c:\programdata\RogueKiller
2016-02-03 03:11 . 2015-10-12 21:54    1190000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D0B4107-BBD3-4B21-A11D-C7568F9295C0}\gapaengine.dll
2016-01-23 08:08 . 2015-12-16 18:55    69120    ----a-w-    c:\windows\system32\nlsbres.dll
2016-01-23 08:08 . 2015-12-16 18:53    7168    ----a-w-    c:\windows\system32\kbdgeoqw.dll
2016-01-23 08:08 . 2015-12-16 18:53    7168    ----a-w-    c:\windows\system32\KBDAZEL.DLL
2016-01-23 08:08 . 2015-12-16 18:53    7168    ----a-w-    c:\windows\system32\KBDAZE.DLL
2016-01-23 08:08 . 2015-12-16 18:48    6656    ----a-w-    c:\windows\SysWow64\kbdgeoqw.dll
2016-01-23 08:08 . 2015-12-16 18:48    6656    ----a-w-    c:\windows\SysWow64\KBDAZEL.DLL
2016-01-23 08:08 . 2015-12-16 18:47    69120    ----a-w-    c:\windows\SysWow64\nlsbres.dll
2016-01-23 01:33 . 2015-12-03 18:18    670824    ----a-w-    c:\windows\system32\igdumdmx.dll
2016-01-19 11:00 . 2016-01-19 11:00    38696    ----a-w-    c:\windows\system32\TrgCoInst64.dll
2016-01-19 11:00 . 2016-01-19 11:00    156424    ----a-w-    c:\windows\system32\drivers\t1pusb64.sys
2016-01-13 08:18 . 2015-12-08 21:54    740352    ----a-w-    c:\windows\SysWow64\wmpmde.dll
2016-01-13 08:17 . 2015-12-08 21:53    641536    ----a-w-    c:\windows\SysWow64\advapi32.dll
2016-01-11 20:19 . 2016-01-11 20:19    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-08 02:42 . 2015-10-16 21:43    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-13 23:38 . 2015-07-24 00:08    796864    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-13 23:38 . 2015-07-24 00:08    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-13 11:10 . 2015-07-23 19:27    143671360    ----a-w-    c:\windows\system32\MRT.exe
2016-01-13 01:47 . 2015-10-01 21:24    172752    ----a-w-    c:\windows\system32\drivers\mctkmd64.sys
2015-12-30 18:37 . 2016-01-13 08:17    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-12-10 06:39 . 2015-12-10 06:39    1070232    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2015-12-09 04:30 . 2010-11-21 03:27    301728    ------w-    c:\windows\system32\MpSigStub.exe
2015-12-03 18:18 . 2015-10-01 21:24    670824    ----a-w-    c:\windows\system32\mctux.dll
2015-12-03 18:18 . 2015-11-13 22:10    516824    ----a-w-    c:\windows\SysWow64\MCTU.dll
2015-12-03 18:18 . 2015-11-13 22:10    516824    ----a-w-    c:\windows\SysWow64\Igdumdmu.dll
2015-11-20 18:54 . 2015-12-09 09:19    98816    ----a-w-    c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-09 09:19    37888    ----a-w-    c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-09 09:19    3170304    ----a-w-    c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-09 09:19    2609152    ----a-w-    c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-09 09:19    192512    ----a-w-    c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-09 09:19    36864    ----a-w-    c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-09 09:19    709632    ----a-w-    c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-09 09:19    91136    ----a-w-    c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-09 09:19    12288    ----a-w-    c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-09 09:19    140288    ----a-w-    c:\windows\system32\wuauclt.exe
2015-11-20 18:54 . 2015-12-09 09:19    37888    ----a-w-    c:\windows\system32\wuapp.exe
2015-11-20 18:34 . 2015-12-09 09:19    93696    ----a-w-    c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-09 09:19    174080    ----a-w-    c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 09:19    30208    ----a-w-    c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-09 09:19    573440    ----a-w-    c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-09 09:19    35328    ----a-w-    c:\windows\SysWow64\wuapp.exe
2015-11-11 23:29 . 2015-11-25 21:42    577768    ----a-w-    c:\windows\system32\drivers\N360x64\1605050.00F\symnets.sys
2015-11-11 23:28 . 2015-11-25 21:42    1621232    ----a-w-    c:\windows\system32\drivers\N360x64\1605050.00F\symefasi64.sys
2015-11-11 23:28 . 2015-11-25 21:42    928496    ----a-w-    c:\windows\system32\drivers\N360x64\1605050.00F\srtsp64.sys
2015-11-11 18:53 . 2015-12-09 09:19    1735680    ----a-w-    c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-09 09:19    525312    ----a-w-    c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-09 09:19    1242624    ----a-w-    c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 09:19    487936    ----a-w-    c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-09 09:19    1648128    ----a-w-    c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-09 09:19    1180160    ----a-w-    c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-09 09:19    1008640    ----a-w-    c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-09 09:19    1251328    ----a-w-    c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-09 09:19    833024    ----a-w-    c:\windows\SysWow64\user32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    199488    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    199488    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    199488    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    199488    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    199488    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    199488    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    199488    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    199488    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2016-01-21 8547320]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2015-08-26 603392]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2015-03-17 3776824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-01-28 1403304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-9-29 6306104]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2015-12-7 1226520]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2015\QBW32.EXE -silent [2015-12-7 1539864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 t1pusb64;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb64.sys;c:\windows\SYSNATIVE\drivers\t1pusb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0153.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 mctkmdldr;mctkmdldr;c:\windows\system32\drivers\mctkmdldr64.sys;c:\windows\SYSNATIVE\drivers\mctkmdldr64.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1605050.00F\ccSetx64.sys [x]
S1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSvia64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1605050.00F\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1605050.00F\SYMNETS.SYS [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 GManager;GManager;c:\windows\system32\GManager.exe;c:\windows\SYSNATIVE\GManager.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MCTDesktopSvr;MCTDesktopSvr;c:\program files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe;c:\program files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 MlPatch;MlPatch;c:\windows\system32\MlPatch.exe;c:\windows\SYSNATIVE\MlPatch.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [x]
S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 e1kexpress;Intel® Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mctkmd;mctkmd;c:\windows\system32\drivers\mctkmd64.sys;c:\windows\SYSNATIVE\drivers\mctkmd64.sys [x]
S3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-29 03:34    1090376    ----a-w-    c:\program files (x86)\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24 23:38]
.
2016-02-08 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-27 00:38]
.
2016-02-08 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-27 00:38]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13 04:21]
.
2016-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12d2f6dc33e0b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13 04:21]
.
2015-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13 04:21]
.
2016-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d12d2f6e038332.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13 04:21]
.
2015-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466105403-3288891235-289223170-1001Core.job
- c:\users\Manoj\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-13 04:25]
.
2015-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466105403-3288891235-289223170-1001UA.job
- c:\users\Manoj\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-13 04:25]
.
2015-09-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2016-02-06 c:\windows\Tasks\SQLBackupAndFtp_180 Backup.job
- c:\program files (x86)\Pranas.NET\SQLBackupAndFTP\SQLBackupAndFTP.exe [2015-07-23 16:10]
.
2015-09-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    236352    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    236352    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    236352    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    236352    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    236352    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    236352    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    236352    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33    236352    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-08-13 02:05    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-08-13 02:05    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-08-13 02:05    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"TpShocks"="TpShocks.exe" [2010-07-02 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"MCTDUtil"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
"FDispPos"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
"TUCCDUtil"="c:\progra~2\MCTCOR~1\UVTP100\Driver\TUCCDUTIL\TUCCD.exe" [2016-01-12 1896656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2016-01-27 9235928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - c:\program files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll
DPF: {3216F683-68D2-4C5B-B7EC-9496AF981FC0} - hxxp://qtview.com/DevFetcher.exe
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://qtview.com/WebClient.exe
FF - ProfilePath - c:\users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK2ADF&PC=SK2A&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
ShellIconOverlayIdentifiers-{A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
ShellIconOverlayIdentifiers-{A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
AddRemove-DevFetcher - c:\windows\system32\DevFetcher\install.exe
AddRemove-WebClient - c:\windows\system32\WebClient\uninstall.cmd
AddRemove-OneDriveSetup.exe - c:\users\Manoj\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\OneDriveSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\22.5.5.15\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\22.5.5.15;c:\program files (x86)\Norton Security Suite\Engine64\22.5.5.15"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Completion time: 2016-02-07  22:04:06 - machine was rebooted
ComboFix-quarantined-files.txt  2016-02-08 06:04
.
Pre-Run: 209,531,961,344 bytes free
Post-Run: 208,389,468,160 bytes free
.
- - End Of File - - 9B0DC3F8DAB8E7D46AD1493A5CCB44C5
 



#14 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 08 February 2016 - 12:26 PM

Other pending items:

1) I had not created any search plug for Marriott Hotels - but I do search for Marriott hotels, so it may have downloaded something.

2) I am copying FRST logs below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Manoj (administrator) on MANOJ-LENOVO (04-02-2016 14:52:16)
Running from C:\Users\Manoj\Desktop
Loaded Profiles: Manoj (Available Profiles: Manoj)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\GManager.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Windows\System32\mlpatch.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-14] (Lenovo)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1896656 2016-01-11] (Magic Control Technology Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-02] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8547320 2016-01-20] (Binary Fortress Software)
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\MountPoints2: {932c04c6-316d-11e5-aaff-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-09-21]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{06E40AFA-30AB-4D8A-9AD6-2647EB3C9070}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6193BF13-5288-4ACF-83F0-7395BDB74AFB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2466105403-3288891235-289223170-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {81ABD569-F769-4266-95F4-3BD9F3310293} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {81ABD569-F769-4266-95F4-3BD9F3310293} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {81ABD569-F769-4266-95F4-3BD9F3310293} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {81ABD569-F769-4266-95F4-3BD9F3310293} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2466105403-3288891235-289223170-1001 -> DefaultScope {81ABD569-F769-4266-95F4-3BD9F3310293} URL =
SearchScopes: HKU\S-1-5-21-2466105403-3288891235-289223170-1001 -> {81ABD569-F769-4266-95F4-3BD9F3310293} URL =
SearchScopes: HKU\S-1-5-21-2466105403-3288891235-289223170-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-08-26] (Lenovo Group Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2466105403-3288891235-289223170-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: HKLM-x32 {3216F683-68D2-4C5B-B7EC-9496AF981FC0} hxxp://qtview.com/DevFetcher.exe
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://qtview.com/WebClient.exe
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-12-07] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: www.msn.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2ADF&PC=SK2A&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-18] (Adobe Systems, Inc.)
FF Plugin-x32: @DVR4/DevFetcher -> C:\Windows\system32\DevFetcher\npdevfetcher.dll [No File]
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2466105403-3288891235-289223170-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Manoj\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-2466105403-3288891235-289223170-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Manoj\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2466105403-3288891235-289223170-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Manoj\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF SearchPlugin: C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default\searchplugins\marriott-hotel-search-by-cityairport-code.xml [2016-01-27]
FF SearchPlugin: C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default\searchplugins\norton-safe-search.xml [2015-11-04]
FF Extension: Bing Search - C:\Users\Manoj\AppData\Roaming\Mozilla\Firefox\Profiles\ya7u9b3v.default\Extensions\bingsearch.full@microsoft.com [2015-09-07] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-2466105403-3288891235-289223170-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension [2015-07-23] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-12]
CHR Extension: (Google Docs) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-12]
CHR Extension: (Google Drive) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-04]
CHR Extension: (Google Cast) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-01-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-04]
CHR Extension: (Google Search) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Google Sheets) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-12]
CHR Extension: (Gmail) - C:\Users\Manoj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-26] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4616216 2016-01-20] (Binary Fortress Software)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-08-24] (Lenovo.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 MlPatch; C:\Windows\system32\MlPatch.exe [2244912 2014-08-22] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-29] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [42168 2015-03-29] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [204296 2012-04-12] (Nitro PDF Software)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-12-07] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-09-29] (Intuit Inc.) [File not signed]
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2194096 2015-03-29] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-29] (Microsoft Corporation)
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-02-10] (Lenovo Group Limited) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [172752 2016-01-12] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160203.071\ENG64.SYS [138488 2016-02-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160203.071\EX64.SYS [2148080 2016-02-03] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-10-07] (CACE Technologies, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-07-23] ()
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-29] (Microsoft Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 t1pusb64; C:\Windows\System32\drivers\t1pusb64.sys [156424 2016-01-19] (Magic Control Technology Corp.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-04 14:52 - 2016-02-04 14:52 - 00035270 _____ C:\Users\Manoj\Desktop\FRST.txt
2016-02-04 14:51 - 2016-02-04 14:52 - 00000000 ____D C:\FRST
2016-02-04 14:50 - 2016-02-04 14:49 - 02370560 _____ (Farbar) C:\Users\Manoj\Desktop\FRST64.exe
2016-02-03 22:41 - 2016-02-04 14:04 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-03 22:41 - 2016-02-03 23:04 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-03 22:41 - 2016-02-03 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-02-03 22:41 - 2016-02-03 22:41 - 00000000 ____D C:\Program Files\RogueKiller
2016-02-03 22:40 - 2016-02-03 22:40 - 00000000 ____D C:\Users\Manoj\AppData\Local\ElevatedDiagnostics
2016-02-03 19:52 - 2016-02-03 23:23 - 00278766 _____ C:\Windows\ntbtlog.txt
2016-02-02 16:45 - 2016-02-02 16:45 - 25022464 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals LLC (Backup Feb 02,2016  04 44 PM).QBB
2016-02-02 04:31 - 2016-02-02 04:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-01 22:59 - 2016-02-01 22:59 - 00014679 _____ C:\Users\Manoj\Desktop\Intuit.pdf
2016-02-01 22:29 - 2016-02-01 22:29 - 50708480 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals Ltd. (Backup Feb 01,2016  10 28 PM).QBB
2016-01-31 20:34 - 2016-02-01 13:12 - 00109126 _____ C:\Users\Manoj\Desktop\Jan - UVISA.pdf
2016-01-31 20:20 - 2016-01-31 20:20 - 00042292 _____ C:\Users\Manoj\Desktop\Jan 2016 - SAFE Ltd.pdf
2016-01-30 13:46 - 2016-01-30 13:48 - 00138326 _____ C:\Users\Manoj\Desktop\USPS - Email Us.pdf
2016-01-29 20:57 - 2016-01-29 20:57 - 00223874 _____ C:\Users\Manoj\Desktop\Wedding Invitation.pdf
2016-01-29 11:58 - 2016-01-29 11:58 - 00000000 ____D C:\Users\Manoj\Documents\Purchase Orders Issued
2016-01-28 09:33 - 2016-01-28 09:33 - 00000000 ____D C:\Users\Manoj\Documents\Intuit
2016-01-27 13:15 - 2016-01-27 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-27 12:52 - 2016-01-27 12:52 - 00039938 _____ C:\Users\Manoj\Desktop\Avery-Label-5267-1.avery
2016-01-24 21:57 - 2016-01-24 21:57 - 50675712 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals Ltd. (Backup Jan 24,2016  09 57 PM).QBB
2016-01-24 13:00 - 2016-02-04 13:51 - 00000000 ____D C:\Users\Manoj\Desktop\TCMM - Week 3
2016-01-24 12:47 - 2016-01-28 09:11 - 00000000 ___RD C:\Users\Manoj\Documents\Dropbox
2016-01-23 00:08 - 2015-12-16 10:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-01-23 00:08 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-01-23 00:08 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-01-23 00:08 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-01-23 00:08 - 2015-12-16 10:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-01-23 00:08 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-01-23 00:08 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-01-23 00:08 - 2015-12-16 10:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-01-22 17:33 - 2015-12-03 10:18 - 00670824 _____ (Magic Control Technology Corporation) C:\Windows\system32\igdumdmx.dll
2016-01-22 15:23 - 2016-01-22 15:23 - 24526848 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals LLC (Backup Jan 22,2016  03 23 PM).QBB
2016-01-19 03:00 - 2016-01-19 03:00 - 00156424 _____ (Magic Control Technology Corp.) C:\Windows\system32\Drivers\t1pusb64.sys
2016-01-19 03:00 - 2016-01-19 03:00 - 00038696 _____ (Magic Control Technology Corporation) C:\Windows\system32\TrgCoInst64.dll
2016-01-15 18:32 - 2016-01-22 19:49 - 00000000 ____D C:\Users\Manoj\Desktop\Shabad
2016-01-15 17:43 - 2016-01-15 17:43 - 24506368 _____ C:\Users\Manoj\Documents\S.A.F.E. Chemicals LLC (Backup Jan 15,2016  05 43 PM).QBB
2016-01-15 17:38 - 2016-01-15 17:52 - 2010621995 _____ C:\Users\Manoj\Documents\1-15-2016_Neat.nbak
2016-01-13 00:19 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 00:19 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 00:19 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 00:19 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 00:19 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 00:19 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 00:19 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 00:19 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 00:19 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 00:19 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 00:19 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 00:19 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 00:19 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 00:19 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 00:19 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 00:19 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 00:19 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 00:19 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 00:18 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 00:18 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 00:18 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 00:18 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 00:18 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 00:18 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 00:18 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 00:18 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 00:18 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 00:18 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 00:18 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 00:18 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 00:18 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 00:18 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 00:18 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 00:18 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 00:18 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 00:18 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 00:18 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 00:18 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 00:18 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 00:18 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 00:18 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 00:18 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 00:18 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 00:18 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 00:18 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 00:18 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 00:18 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 00:18 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 00:18 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 00:18 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 00:18 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 00:18 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 00:18 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 00:18 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 00:18 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 00:18 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 00:18 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 00:18 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 00:18 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 00:18 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 00:18 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 00:18 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 00:18 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 00:18 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 00:18 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 00:18 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 00:18 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 00:18 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 00:18 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 00:18 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 00:18 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 00:18 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 00:18 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 00:18 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 00:18 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 00:18 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 00:18 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 00:18 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 00:18 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 00:18 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 00:18 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 00:18 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 00:18 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 00:18 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 00:18 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 00:18 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 00:18 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 00:18 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 00:18 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 00:18 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 00:18 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 00:18 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 00:18 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 00:18 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 00:18 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 00:18 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 00:18 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 00:18 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 00:18 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 00:18 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 00:18 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 00:18 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 00:18 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 00:18 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 00:18 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 00:17 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 00:17 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 00:17 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 00:17 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 00:17 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 00:17 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 00:17 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 00:17 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 00:17 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 00:17 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 00:17 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 00:17 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 00:17 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 00:17 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 00:17 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 00:17 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 00:17 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 00:17 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 00:17 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 00:17 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 00:17 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 00:17 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 00:17 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 00:17 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 00:17 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 00:17 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 00:17 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 00:17 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 00:17 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 00:17 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 00:17 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 00:17 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 00:17 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 00:17 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 00:17 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 00:17 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 00:17 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 00:17 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 00:17 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 00:17 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 00:17 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 00:17 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 00:17 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 00:17 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 00:17 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 00:17 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 00:17 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 00:17 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 00:17 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 00:17 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 00:17 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 00:17 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 00:17 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 00:17 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 00:17 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 16:31 - 2016-01-17 22:57 - 05300675 _____ C:\Users\Manoj\Desktop\Nutrition_week-1.pdf.pdf
2016-01-11 12:19 - 2016-01-11 12:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-01-10 12:31 - 2016-01-10 12:31 - 03234987 _____ C:\Users\Manoj\Desktop\TCMM RECIPE EBOOK.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-04 14:43 - 2015-11-26 16:38 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-04 14:41 - 2015-12-02 10:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12d2f6e038332.job
2016-02-04 14:39 - 2015-07-24 15:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-04 14:12 - 2009-07-13 20:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-04 14:12 - 2009-07-13 20:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-04 12:40 - 2015-07-23 17:18 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\Nitro PDF
2016-02-04 10:13 - 2009-07-13 21:13 - 00891500 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-04 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-04 10:10 - 2015-07-31 01:14 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-02-04 09:13 - 2015-12-02 10:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12d2f6dc33e0b.job
2016-02-04 09:13 - 2015-11-26 16:38 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-04 09:13 - 2015-07-23 13:06 - 00000000 ____D C:\Users\Manoj\AppData\Local\CrashDumps
2016-02-04 09:12 - 2015-07-23 13:05 - 00002813 _____ C:\Windows\system32\GManager.ini
2016-02-04 09:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-04 03:15 - 2015-07-24 09:39 - 00000486 _____ C:\Windows\Tasks\SQLBackupAndFtp_180 Backup.job
2016-02-03 20:36 - 2015-10-16 13:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-03 19:49 - 2015-07-23 18:19 - 00000000 ____D C:\Users\Manoj\Documents\Outlook Files
2016-02-03 19:44 - 2015-07-23 11:12 - 00000000 ____D C:\swshare
2016-02-03 19:10 - 2015-10-09 17:31 - 00000000 ____D C:\Users\Manoj\AppData\Local\NPE
2016-02-03 19:02 - 2015-10-09 17:34 - 00000000 ____D C:\NPE
2016-02-03 19:00 - 2015-07-24 15:46 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\TeamViewer
2016-02-03 15:14 - 2015-07-23 17:40 - 00000000 ____D C:\Users\Manoj\Documents\Personal
2016-02-02 23:08 - 2015-07-23 17:43 - 00000000 ____D C:\Users\Manoj\Documents\Safe Financial
2016-02-02 04:32 - 2015-11-19 12:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 04:31 - 2015-11-19 12:41 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-02-02 04:31 - 2015-11-19 12:41 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-02-01 20:36 - 2015-12-02 10:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d12d2f6e038332
2016-02-01 20:36 - 2015-12-02 10:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12d2f6dc33e0b
2016-01-30 12:29 - 2015-07-31 18:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-30 12:16 - 2015-07-23 17:39 - 00000000 ____D C:\Users\Manoj\Documents\Estate of Sanjeev
2016-01-29 01:37 - 2015-07-24 08:56 - 00000000 ____D C:\Program Files (x86)\GoldMine
2016-01-28 19:36 - 2015-09-12 20:21 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 09:33 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\Nuance
2016-01-28 09:33 - 2015-07-23 16:11 - 00000000 ____D C:\ProgramData\Nuance
2016-01-27 23:25 - 2015-07-23 17:37 - 00000000 ____D C:\Users\Manoj\Documents\Word Folder
2016-01-27 21:57 - 2015-11-26 16:38 - 00000000 ____D C:\Users\Manoj\AppData\Local\Dropbox
2016-01-27 21:55 - 2015-07-23 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-27 16:38 - 2015-08-13 13:09 - 00000000 ____D C:\Users\Manoj\Documents\Tor Browser
2016-01-27 14:07 - 2015-07-23 17:45 - 00000000 ____D C:\Users\Manoj\Documents\SAFE LLC Tax
2016-01-27 12:36 - 2015-07-23 17:39 - 00000000 ____D C:\Users\Manoj\Documents\LEADS - Market Information
2016-01-27 11:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2016-01-23 12:11 - 2009-07-13 20:45 - 00477376 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-23 04:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-01-21 12:05 - 2015-07-28 08:51 - 00000000 ____D C:\Users\Manoj\Documents\DisplayFusion Backups
2016-01-21 12:05 - 2015-07-28 08:51 - 00000000 ____D C:\Users\Manoj\AppData\Local\DisplayFusion
2016-01-21 12:05 - 2015-07-23 17:25 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\DisplayFusion
2016-01-21 12:05 - 2015-07-23 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2016-01-21 12:05 - 2015-07-23 17:25 - 00000000 ____D C:\Program Files (x86)\DisplayFusion
2016-01-20 10:41 - 2015-12-22 07:00 - 00000000 ____D C:\Users\Manoj\Documents\SAFE LLC Litigation
2016-01-20 10:40 - 2015-07-23 22:41 - 00000000 ____D C:\Users\Manoj
2016-01-20 10:38 - 2015-12-08 13:05 - 00000000 ____D C:\Users\Manoj\AppData\Roaming\Epson
2016-01-20 10:38 - 2015-12-08 13:02 - 00000000 ____D C:\ProgramData\EPSON
2016-01-15 17:38 - 2015-07-31 18:16 - 00000000 ____D C:\Users\Manoj\Documents\Neat Data
2016-01-13 15:38 - 2015-07-23 17:05 - 00000000 ____D C:\Users\Manoj\AppData\Local\Adobe
2016-01-13 15:38 - 2015-07-23 16:08 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-13 15:38 - 2015-07-23 16:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-13 03:43 - 2015-07-23 19:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 03:43 - 2015-07-23 19:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 03:42 - 2015-07-23 12:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 03:42 - 2015-07-23 12:12 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 03:25 - 2015-07-23 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 03:21 - 2015-07-23 11:27 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 03:10 - 2015-07-23 11:27 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-12 17:47 - 2015-10-01 13:24 - 00172752 _____ (Magic Control Technology Corporation) C:\Windows\system32\Drivers\mctkmd64.sys
2016-01-12 13:04 - 2015-07-23 17:38 - 00000000 ____D C:\Users\Manoj\Documents\Chai Club
2016-01-11 12:05 - 2015-11-26 16:41 - 00000000 ___RD C:\Users\Manoj\Dropbox
2016-01-10 21:32 - 2015-07-23 22:41 - 00000000 ____D C:\Users\Manoj\AppData\Local\VirtualStore
2016-01-07 11:27 - 2015-09-11 14:01 - 00000000 ____D C:\Users\Manoj\Documents\2015 Tax
2016-01-07 10:44 - 2015-07-23 17:37 - 00000000 ____D C:\Users\Manoj\Documents\STAR TDS
2016-01-05 15:33 - 2015-07-23 17:48 - 00000000 ____D C:\Users\Manoj\Documents\Sparsh Taxes

==================== Files in the root of some directories =======

2015-07-24 09:03 - 2015-07-24 09:03 - 0000008 __RSH () C:\Users\Manoj\AppData\Local\ℤ™☠
2015-07-23 18:02 - 2015-07-23 18:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Manoj\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-29 05:20

==================== End of FRST.txt ============================



#15 mjthai

mjthai
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 08 February 2016 - 12:27 PM

Last pending item - these are the results from Norton Security:

 

Category: Recent History
Date & Time,Risk,Activity,Status
2/3/2016 11:31:04 PM,Info,AntiSpyware turned on.,Detected
2/3/2016 11:31:04 PM,Info,AntiSpyware turned on.,Detected
2/3/2016 11:31:04 PM,Info,Auto-Protect turned on.,Detected


Category: Scan Results
Date & Time,Risk,Activity,Status,Scan Time (d:h:m:s),Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Total Security Risks Resolved,Total Security Risks Requiring Attention,Virus,Virus Unresolved,Tracking Cookies,Tracking Cookies Resolved
2/7/2016 8:04:33 PM,Info,Quick Scan results,Completed,0:00:03:43,"7,863","4,785",728,"1,742",591,17,729,91,0,0,0,,,,
2/4/2016 6:39:53 PM,Info,Full System Scan results,Completed,0:00:43:04,"432,086","428,721",730,"2,028",590,17,"58,524","263,057",3,0,3,3,3,,
2/4/2016 9:12:14 AM,Info,Full System Scan results,Completed,0:00:46:00,"433,599","430,353",730,"1,895",604,17,"58,429","263,757",3,0,3,3,3,,
2/3/2016 11:49:24 PM,Info,Quick Scan results,Completed,0:00:04:26,"7,850","4,777",730,"1,729",597,17,728,86,0,0,0,,,,
2/3/2016 7:00:55 PM,Info,Full System Scan results,Completed,0:01:26:09,"1,066,751","1,063,599",734,"1,755",646,17,"58,415","11,748",3,0,3,3,3,,
2/3/2016 3:46:11 PM,Info,Quick Scan results,Completed,0:00:03:24,"8,108","4,810",734,"1,879",668,17,757,49,1,1,0,,,1,1
2/3/2016 3:02:28 PM,Info,Quick Scan results,Completed,0:00:03:56,"8,080","4,817",735,"1,881",629,18,760,0,0,0,0,,,,
2/3/2016 8:05:43 AM,Info,Quick Scan results,Completed,0:00:03:48,"8,052","4,819",735,"1,879",601,18,762,0,0,0,0,,,,
2/2/2016 11:50:57 PM,Info,Quick Scan results,Completed,0:00:03:49,"8,053","4,818",735,"1,881",601,18,761,0,0,0,0,,,,
2/2/2016 5:11:55 PM,Info,Quick Scan results,Completed,0:00:03:41,"7,928","4,793",735,"1,778",604,18,743,31,0,0,0,,,,
2/2/2016 8:27:28 AM,Info,Quick Scan results,Completed,0:00:04:02,"8,043","4,821",735,"1,875",594,18,764,0,0,0,0,,,,
2/2/2016 1:15:13 AM,Info,Quick Scan results,Completed,0:00:03:37,"7,896","4,786",732,"1,766",594,18,737,30,0,0,0,,,,
2/1/2016 3:43:23 PM,Info,Quick Scan results,Completed,0:00:03:37,"8,181","4,813",732,"2,025",594,17,751,0,0,0,0,,,,
2/1/2016 7:23:37 AM,Info,Quick Scan results,Completed,0:00:03:19,"7,999","4,805",732,"1,855",589,18,744,0,0,0,0,,,,
2/1/2016 12:11:04 AM,Info,Quick Scan results,Completed,0:00:03:24,"8,056","4,808",732,"1,909",589,18,762,0,0,0,0,,,,


Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Activity
2/6/2016 4:20:53 PM,High,Trojan.Mdropper detected by Virus scanner,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
2/6/2016 4:18:03 PM,High,JS.Downloader detected by Virus scanner,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
2/6/2016 4:18:03 PM,High,JS.Downloader detected by Virus scanner,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
2/4/2016 6:33:40 PM,High,JS.Downloader detected by Auto-Protect,Removed,Resolved - No Action Required,Threat Actions performed: 1
2/4/2016 6:32:55 PM,High,nav266f.tmp (Trojan.Mdropper) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 2
2/4/2016 6:29:03 PM,High,JS.Downloader detected by Auto-Protect,Removed,Resolved - No Action Required,Threat Actions performed: 1
2/4/2016 12:21:43 AM,High,nav7643.tmp (JS.Downloader) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 2
2/4/2016 12:19:49 AM,High,navfe35.tmp (Trojan.Mdropper) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 2
2/4/2016 12:16:23 AM,High,JS.Downloader detected by Auto-Protect,Removed,Resolved - No Action Required,Threat Actions performed: 1
2/3/2016 5:51:31 PM,High,nav8f8e.tmp (Trojan.Mdropper) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
2/3/2016 5:49:49 PM,High,Trojan.Mdropper detected by Auto-Protect,Removed,Resolved - No Action Required,Threat Actions performed: 1
2/3/2016 5:48:16 PM,High,JS.Downloader detected by Auto-Protect,Removed,Resolved - No Action Required,Threat Actions performed: 1
2/3/2016 3:46:10 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 8


Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action,Activity
2/6/2016 4:20:53 PM,High,Trojan.Mdropper detected by Virus scanner,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
2/6/2016 4:18:03 PM,High,JS.Downloader detected by Virus scanner,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
2/6/2016 4:18:03 PM,High,JS.Downloader detected by Virus scanner,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
2/4/2016 6:32:55 PM,High,nav266f.tmp (Trojan.Mdropper) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 2
2/4/2016 12:21:43 AM,High,nav7643.tmp (JS.Downloader) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 2
2/4/2016 12:19:49 AM,High,navfe35.tmp (Trojan.Mdropper) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 2
2/3/2016 5:51:31 PM,High,nav8f8e.tmp (Trojan.Mdropper) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 1


Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Subnet Identifier,Category,Gateway Physical Address
2/7/2016 7:21:55 PM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/7/2016 7:18:31 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/7/2016 7:18:31 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/6/2016 5:25:06 AM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/6/2016 5:22:38 AM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/6/2016 5:22:38 AM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/5/2016 7:34:05 AM,Info,IP address has disappeared from adapter Intel® 82577LM Gigabit Network Connection (IP address: fe80::2de7:8fb5:4e0d:4fba%13).,Detected,No Action Required,,Firewall - Network and Connections,
2/5/2016 7:34:05 AM,Info,IP address has disappeared from adapter Intel® 82577LM Gigabit Network Connection (IP address: 169.254.79.186).,Detected,No Action Required,,Firewall - Network and Connections,
2/5/2016 7:34:05 AM,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82577LM Gigabit Network Connection\" (IP address: fe80::2de7:8fb5:4e0d:4fba%13).",Detected,No Action Required,,Firewall - Network and Connections,
2/5/2016 7:34:05 AM,Info,"Protecting your connection to a newly detected network on adapter \"Intel® 82577LM Gigabit Network Connection\" (IP address: 169.254.79.186).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 9:59:05 PM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/4/2016 9:55:48 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 9:55:48 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 6:50:08 PM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/4/2016 6:47:04 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 6:47:04 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 5:49:45 PM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/4/2016 5:48:23 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 5:48:23 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 10:08:40 AM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/4/2016 10:08:19 AM,Info,"Protecting your connection to a newly detected network on adapter \"Microsoft Virtual WiFi Miniport Adapter\" (IP address: fe80::d00c:48ee:473e:b674%15).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 10:08:19 AM,Info,"Protecting your connection to a newly detected network on adapter \"Microsoft Virtual WiFi Miniport Adapter\" (IP address: 169.254.182.116).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 9:12:41 AM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/4/2016 9:12:41 AM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 11:34:34 PM,Info,IP address has disappeared from adapter Intel® Centrino® Advanced-N 6200 AGN (IP address: fe80::1962:c0be:eaa9:69d4%14).,Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 11:34:34 PM,Info,IP address has disappeared from adapter Intel® Centrino® Advanced-N 6200 AGN (IP address: 192.168.1.11).,Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 11:31:46 PM,Info,Connected to a private network. (A4 2B 8C 94 2E 06),Shared,No Action Required,,,A4 2B 8C 94 2E 06
2/3/2016 11:31:39 PM,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Advanced-N 6200 AGN\" (IP address: fe80::1962:c0be:eaa9:69d4%14).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 11:31:39 PM,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Advanced-N 6200 AGN\" (IP address: 192.168.1.11).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 11:31:05 PM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/3/2016 11:29:16 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 11:29:16 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 7:50:36 PM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/3/2016 7:48:44 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 7:48:44 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 7:42:45 PM,Info,Connected to a public network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,
2/3/2016 7:39:47 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 7:39:47 PM,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 7:38:09 PM,Info,IP address has disappeared from adapter Intel® Centrino® Advanced-N 6200 AGN (IP address: fe80::1962:c0be:eaa9:69d4%14).,Detected,No Action Required,,Firewall - Network and Connections,
2/3/2016 7:38:09 PM,Info,IP address has disappeared from adapter Intel® Centrino® Advanced-N 6200 AGN (IP address: 192.168.1.11).,Detected,No Action Required,,Firewall - Network and Connections,


Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Category
2/7/2016 7:21:53 PM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/7/2016 7:21:50 PM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/7/2016 7:18:31 PM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities
2/6/2016 5:25:05 AM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/6/2016 5:25:00 AM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/6/2016 5:22:38 AM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities
2/6/2016 5:19:36 AM,Info,No user is logged in.  ,Detected,No Action Required,Firewall - Activities
2/4/2016 9:59:03 PM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/4/2016 9:59:01 PM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/4/2016 9:55:48 PM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities
2/4/2016 9:53:25 PM,Info,No user is logged in.  ,Detected,No Action Required,Firewall - Activities
2/4/2016 6:50:07 PM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/4/2016 6:50:04 PM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/4/2016 6:47:04 PM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities
2/4/2016 6:41:01 PM,Info,No user is logged in.  ,Detected,No Action Required,Firewall - Activities
2/4/2016 5:49:43 PM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/4/2016 5:49:40 PM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/4/2016 5:48:23 PM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities
2/4/2016 4:44:53 PM,Info,No user is logged in.  ,Detected,No Action Required,Firewall - Activities
2/4/2016 10:08:41 AM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/4/2016 10:08:36 AM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/4/2016 9:12:41 AM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities
2/4/2016 9:12:14 AM,Info,No user is logged in.  ,Detected,No Action Required,Firewall - Activities
2/3/2016 11:31:03 PM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/3/2016 11:31:01 PM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/3/2016 11:29:16 PM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities
2/3/2016 7:50:34 PM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/3/2016 7:50:32 PM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/3/2016 7:48:44 PM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities
2/3/2016 7:43:27 PM,Info,No user is logged in.  ,Detected,No Action Required,Firewall - Activities
2/3/2016 7:42:43 PM,Info,User logged in.  ,Detected,No Action Required,Firewall - Activities
2/3/2016 7:42:41 PM,Info,Smart Firewall is enabled.,Detected,No Action Required,
2/3/2016 7:39:47 PM,Info,Firewall rules updated  ,Detected,No Action Required,Firewall - Activities


Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,Category,Default Action,Action Taken
2/7/2016 7:21:51 PM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/7/2016 7:21:51 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/7/2016 7:21:51 PM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/6/2016 5:24:59 AM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/6/2016 5:24:59 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/6/2016 5:24:59 AM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 9:59:01 PM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 9:59:01 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 9:59:01 PM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 6:50:04 PM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 6:50:04 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 6:50:04 PM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 5:49:41 PM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 5:49:41 PM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 5:49:41 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 10:08:36 AM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 10:08:36 AM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/4/2016 10:08:36 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 11:31:01 PM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 11:31:01 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 11:31:01 PM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 7:50:29 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 7:50:29 PM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 7:50:29 PM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 7:42:41 PM,Info,Intrusion Prevention Engine version: 7.4.0.83 Definitions Set version: 20160203.001,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 7:42:41 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required
2/3/2016 7:42:41 PM,Info,Intrusion Prevention is monitoring network traffic. Driver version: 15.0.2.19,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required


Category: Download Insight
Date & Time,Risk,Activity,Status,Activity
2/6/2016 5:25:46 AM,Info,Download Insight detected launch of suservice.exe,Access allowed,Threat Actions Performed: 0


Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction,Terminal Session
2/7/2016 8:47:27 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 8:47:27 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\uistub.exe,8052,Access Process Data,Unauthorized access blocked,
2/7/2016 8:04:49 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/7/2016 8:04:49 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3816,Access Thread Data,Unauthorized access blocked,
2/7/2016 7:51:19 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/7/2016 7:51:19 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3816,Access Thread Data,Unauthorized access blocked,
2/7/2016 7:49:02 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 7:49:02 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\symerr.exe,3672,Access Process Data,Unauthorized access blocked,
2/7/2016 7:49:00 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/7/2016 7:49:00 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3816,Access Thread Data,Unauthorized access blocked,
2/7/2016 7:26:50 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 7:26:50 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,4108,Access Process Data,Unauthorized access blocked,
2/7/2016 7:26:48 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 7:26:48 PM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,3416,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,4108,Access Process Data,Unauthorized access blocked,
2/7/2016 7:21:52 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 7:21:52 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe,7160,Access Process Data,Unauthorized access blocked,
2/7/2016 7:21:52 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 7:21:52 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3816,Access Process Data,Unauthorized access blocked,
2/7/2016 7:21:52 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 7:21:52 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3816,Access Process Data,Unauthorized access blocked,
2/7/2016 7:21:52 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 7:21:52 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3816,Access Process Data,Unauthorized access blocked,
2/7/2016 7:21:52 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/7/2016 7:21:52 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,408,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3816,Access Process Data,Unauthorized access blocked,
2/6/2016 5:25:50 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/6/2016 5:25:50 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,392,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe,8396,Access Process Data,Unauthorized access blocked,
2/6/2016 5:25:04 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/6/2016 5:25:04 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,392,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\conathst.exe,6248,Access Process Data,Unauthorized access blocked,
2/6/2016 5:25:04 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/6/2016 5:25:04 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,392,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2732,Access Process Data,Unauthorized access blocked,
2/6/2016 5:25:04 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/6/2016 5:25:04 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,392,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2732,Access Process Data,Unauthorized access blocked,
2/6/2016 5:25:04 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/6/2016 5:25:04 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,392,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2732,Access Process Data,Unauthorized access blocked,
2/6/2016 5:25:02 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/6/2016 5:25:02 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,392,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2732,Access Process Data,Unauthorized access blocked,
2/5/2016 1:05:56 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/5/2016 1:05:56 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\conathst.exe,8660,Access Process Data,Unauthorized access blocked,
2/5/2016 10:58:42 AM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/5/2016 10:58:42 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2084,Access Thread Data,Unauthorized access blocked,
2/5/2016 7:44:46 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/5/2016 7:44:46 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\symerr.exe,5448,Access Process Data,Unauthorized access blocked,
2/4/2016 11:02:04 PM,Medium,Unauthorized access blocked (File System Directory Set Security),Blocked,No Action Required,2/4/2016 11:02:04 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine,,File System Directory Set Security,Unauthorized access blocked,1
2/4/2016 11:00:46 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 11:00:46 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\uistub.exe,,Open File,Unauthorized access blocked,1
2/4/2016 10:05:35 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:05:35 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Windows\System32\drivers\N360x64\1605050.00F\srtsp64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:05:30 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:05:30 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 10:05:27 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:05:27 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSviA64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:05:22 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:05:22 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:05:16 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:05:16 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Windows\System32\drivers\N360x64\1605050.00F\srtsp64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:05:11 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:05:11 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 10:05:08 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:05:08 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSviA64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:05:04 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:05:04 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:04:57 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:04:57 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Windows\System32\drivers\N360x64\1605050.00F\symnets.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:04:56 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:04:56 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Windows\System32\drivers\N360x64\1605050.00F\srtsp64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:04:51 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:04:51 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 10:04:47 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:04:47 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSviA64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:04:42 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:04:42 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 10:04:31 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:04:31 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\BuShell.dll,,Open File,Unauthorized access blocked,1
2/4/2016 10:04:23 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:04:23 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\symerr.exe,,Open File,Unauthorized access blocked,1
2/4/2016 10:04:02 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 10:04:02 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,5932,Access Process Data,Unauthorized access blocked,
2/4/2016 10:03:57 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 10:03:57 PM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,5000,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,5932,Access Process Data,Unauthorized access blocked,
2/4/2016 10:01:55 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:01:55 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 10:01:42 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 10:01:42 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4468,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 9:59:03 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 9:59:03 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe,5796,Access Process Data,Unauthorized access blocked,
2/4/2016 9:59:03 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 9:59:03 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2084,Access Process Data,Unauthorized access blocked,
2/4/2016 9:59:03 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 9:59:03 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2084,Access Process Data,Unauthorized access blocked,
2/4/2016 9:59:03 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 9:59:03 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2084,Access Process Data,Unauthorized access blocked,
2/4/2016 9:59:03 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 9:59:03 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2084,Access Process Data,Unauthorized access blocked,
2/4/2016 6:55:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 6:55:06 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,6000,Access Process Data,Unauthorized access blocked,
2/4/2016 6:55:02 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 6:55:02 PM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,3708,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,6000,Access Process Data,Unauthorized access blocked,
2/4/2016 6:50:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 6:50:06 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe,6384,Access Process Data,Unauthorized access blocked,
2/4/2016 6:50:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 6:50:06 PM,C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2SERVICE.EXE,1432,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2620,Access Process Data,Unauthorized access blocked,
2/4/2016 6:50:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 6:50:06 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2760,Access Process Data,Unauthorized access blocked,
2/4/2016 6:50:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 6:50:06 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2620,Access Process Data,Unauthorized access blocked,
2/4/2016 6:50:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 6:50:06 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2620,Access Process Data,Unauthorized access blocked,
2/4/2016 6:50:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 6:50:06 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,388,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,2620,Access Process Data,Unauthorized access blocked,
2/4/2016 6:32:35 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/4/2016 6:32:35 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Thread Data,Unauthorized access blocked,
2/4/2016 6:30:36 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/4/2016 6:30:36 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Thread Data,Unauthorized access blocked,
2/4/2016 6:29:03 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/4/2016 6:29:03 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Thread Data,Unauthorized access blocked,
2/4/2016 6:28:47 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/4/2016 6:28:47 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Thread Data,Unauthorized access blocked,
2/4/2016 6:27:05 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/4/2016 6:27:05 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Thread Data,Unauthorized access blocked,
2/4/2016 6:18:27 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/4/2016 6:18:27 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Thread Data,Unauthorized access blocked,
2/4/2016 6:06:05 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/4/2016 6:06:05 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Thread Data,Unauthorized access blocked,
2/4/2016 5:54:35 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 5:54:35 PM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,6312,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,3540,Access Process Data,Unauthorized access blocked,
2/4/2016 5:53:42 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,2/4/2016 5:53:42 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Thread Data,Unauthorized access blocked,
2/4/2016 5:51:04 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 5:51:04 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe,7244,Access Process Data,Unauthorized access blocked,
2/4/2016 5:50:14 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 5:50:14 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Process Data,Unauthorized access blocked,
2/4/2016 5:49:48 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 5:49:48 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Process Data,Unauthorized access blocked,
2/4/2016 5:49:42 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 5:49:42 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Process Data,Unauthorized access blocked,
2/4/2016 5:49:42 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 5:49:42 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,988,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,3744,Access Process Data,Unauthorized access blocked,
2/4/2016 4:44:08 PM,Medium,Unauthorized access blocked (Delete Registry Key),Blocked,No Action Required,2/4/2016 4:44:08 PM,C:\PROGRAM FILES\CCLEANER\CCLEANER64.EXE,7468,HKEY_CLASSES_ROOT\Wow6432Node\Interface\{F0E3A5D7-80C7-4228-90FE-61DF01C417A5}\ProxyStubClsid\,,Delete Registry Key,Unauthorized access blocked,1
2/4/2016 4:43:41 PM,Medium,Unauthorized access blocked (Delete Registry Key),Blocked,No Action Required,2/4/2016 4:43:41 PM,C:\PROGRAM FILES\CCLEANER\CCLEANER64.EXE,7468,HKEY_CLASSES_ROOT\Wow6432Node\Interface\{F0E3A5D7-80C7-4228-90FE-61DF01C417A5}\ProxyStubClsid\,,Delete Registry Key,Unauthorized access blocked,1
2/4/2016 4:39:10 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 4:39:10 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,992,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,1380,Access Process Data,Unauthorized access blocked,
2/4/2016 4:05:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 4:05:06 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,992,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\symerr.exe,7484,Access Process Data,Unauthorized access blocked,
2/4/2016 2:11:23 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:11:23 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Windows\System32\drivers\N360x64\1605050.00F\srtsp64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:11:19 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:11:19 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 2:11:16 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:11:16 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSviA64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:11:12 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:11:12 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:11:07 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:11:07 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Windows\System32\drivers\N360x64\1605050.00F\srtsp64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:11:03 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:11:03 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 2:11:01 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:11:01 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSviA64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:10:58 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:10:58 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:10:51 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:10:51 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Windows\System32\drivers\N360x64\1605050.00F\srtsp64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:10:47 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:10:47 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 2:10:44 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:10:44 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160203.001\IDSviA64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:10:39 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:10:39 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys,,Open File,Unauthorized access blocked,1
2/4/2016 2:10:29 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:10:29 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\BuShell.dll,,Open File,Unauthorized access blocked,1
2/4/2016 2:10:22 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:10:22 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\symerr.exe,,Open File,Unauthorized access blocked,1
2/4/2016 2:07:39 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:07:39 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 2:07:06 PM,Medium,Unauthorized access blocked (Open File),Blocked,No Action Required,2/4/2016 2:07:06 PM,C:\PROGRAM FILES\ROGUEKILLER\ROGUEKILLER64.EXE,4652,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,,Open File,Unauthorized access blocked,1
2/4/2016 2:02:25 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 2:02:25 PM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,992,C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\uistub.exe,7840,Access Process Data,Unauthorized access blocked,
2/4/2016 10:13:39 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 10:13:39 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,992,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,7760,Access Process Data,Unauthorized access blocked,
2/4/2016 10:13:34 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 10:13:34 AM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,5020,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\cltlmh.exe,7760,Access Process Data,Unauthorized access blocked,
2/4/2016 10:10:08 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 10:10:08 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,992,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe,8084,Access Process Data,Unauthorized access blocked,
2/4/2016 10:09:57 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 10:09:57 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,992,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,1380,Access Process Data,Unauthorized access blocked,
2/4/2016 10:09:55 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 10:09:55 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,992,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe,1380,Access Process Data,Unauthorized access blocked,
2/4/2016 10:09:44 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,2/4/2016 10:09:44 AM,C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE,992,C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe,8084,Access Process Data,Unauthorized access blocked,


Category: Performance Alert
Date & Time,Risk,Activity,Status,Recommended Action
2/5/2016 7:48:07 AM,Info,High CPU usage by: SQLBackupAndFTP ,Detected,No Action Required
2/4/2016 6:03:46 PM,Info,High CPU usage by: Antimalware Service Executable ,Detected,No Action Required
2/4/2016 10:54:45 AM,Info,High CPU usage by: Antimalware Service Executable ,Detected,No Action Required


Category: Norton Community Watch
Date & Time,Risk,Activity,Status,Recommended Action,Date Updated,Submitted By,Description,Submission Details
2/7/2016 7:48:52 PM,Info,Statistical Submission: combofix.exe Exonerated,Pending,No Action Required,2/7/2016 7:48:52 PM,Norton Security Suite,Statistical Submission: combofix.exe Exonerated,"CSIDL_PROFILE\desktop\combofix.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 29 59 E1 EB 01 03 00 .........)Y.....  <br>01 AB 00 04 03 00 00 C8 19 03 06 00 01 02 04 00 ................  <br>00 00 06 91 00 08 01 12 04 00 00 00 00 1A 04 00 ................  <br>00 00 00 22 08 00 00 00 00 00 00 00 00 2A 08 00 ...\".........*..  <br>00 00 00 00 00 00 00 32 6D 01 7E 85 04 00 7F 36 .......2m.~....6  <br>0D 00 80 3C 10 00 81 E2 20 00 82 FF FF FF 83 FA ...<.... .......  <br>2F 00 84 89 33 00 85 5B 37 00 86 CE 3A 00 87 B6 /...3..[7...:...  <br>3D 00 88 FF FF FF 89 C1 43 00 8A F7 48 00 8B 73 =.......C...H..s  <br>4B 00 8C C5 4E 00 8D F0 55 00 8E CB 59 00 8F FF K...N...U...Y...  <br>FF FF 90 FF FF FF 91 0D 71 00 92 6F 00 00 93 5B ........q..o...[  <br>0B 00 94 32 7A 00 95 E6 82 00 96 66 BA 00 97 C9 ...2z......f....  <br>DD 00 98 95 FB 00                               ......            <br>"
2/7/2016 7:26:42 PM,Info,Norton Community Watch Feedback,Pending,No Action Required,2/7/2016 7:26:42 PM,Norton Security Suite,Norton Community Watch Feedback,Safe Web Blocking Message
2/6/2016 5:15:36 AM,Info,Norton Community Watch Feedback,Pending,No Action Required,2/6/2016 5:15:36 AM,Norton Security Suite,Norton Community Watch Feedback,Safe Web Blocking Message
2/4/2016 6:50:55 PM,Info,Statistical Submission: fsdui.exe,Pending,No Action Required,2/4/2016 6:50:55 PM,Norton Security Suite,Statistical Submission: fsdui.exe,"CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\stage\fsdui.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 05 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 13 71 49 A2 02 04 00 ..........qI....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>0E 01 00 05 4B 00 5C 44 65 76 69 63 65 5C 48 61 ....K.\Device\Ha  <br>72 64 64 69 73 6B 56 6F 6C 75 6D 65 32 5C 50 72 rddiskVolume2\Pr  <br>6F 67 72 61 6D 20 46 69 6C 65 73 5C 4D 69 63 72 ogram Files\Micr  <br>6F 73 6F 66 74 20 53 65 63 75 72 69 74 79 20 43 osoft Security C  <br>6C 69 65 6E 74 5C 4D 73 4D 70 45 6E 67 2E 65 78 lient\MsMpEng.ex  <br>65 06 91 00 08 01 12 04 C2 2E 87 47 1A 04 4E 16 e..........G..N.  <br>45 48 22 08 31 FB 55 AE B3 30 D1 01 2A 08 0F 46 EH\".1.U..0..*..F  <br>63 F8 BF 5F D1 01 32 6D 01 7E FF FF FF 7F FF FF c.._..2m.~......  <br>FF 80 A0 10 00 81 37 21 00 82 AF 23 00 83 4E 2F ......7!...#..N/  <br>00 84 FF FF FF 85 1E 36 00 86 35 3B 00 87 FF FF .......6..5;....  <br>FF 88 6D 41 00 89 18 45 00 8A 87 48 00 8B FF FF ..mA...E...H....  <br>FF 8C 71 50 00 8D E8 56 00 8E 41 5B 00 8F 83 66 ..qP...V..A[...f  <br>00 90 FF FF FF 91 FF FF FF 92 AB 01 00 93 FF FF ................  <br>FF 94 43 77 00 95 A0 80 00 96 C9 B8 00 97 E5 DD ..Cw............  <br>00 98 CA FB 00                                  .....             <br>"
2/4/2016 6:50:55 PM,Info,Sample Submission: fsdui.exe,Pending,No Action Required,2/4/2016 6:50:55 PM,Norton Security Suite,Sample Submission: fsdui.exe,CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\stage\fsdui.exe
2/4/2016 6:30:49 PM,Info,Statistical Submission: Trojan.Mdropper,Pending,No Action Required,2/4/2016 6:30:49 PM,Norton Security Suite,Statistical Submission: Trojan.Mdropper,"CSIDL_WINDOWS\temp\nav266f.tmpDetection Digest:  <br>03 00 EA AF 19 01 01 04 00 DB 34 D8 9D A4 C5 C9 ..........4.....  <br>FE C6 22 5F A3 1C 28 13 D7 00 00 00 00 00 00 00 ..\"_..(.........  <br>00 00 00 00 00 00 00 00 00 D7 41 5F 8F 04 03 00 ..........A_....  <br>00 C8 19 03 06 00 01 02 04 0E 02 00 05 4B 00 5C .............K.\  <br>44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 Device\HarddiskV  <br>6F 6C 75 6D 65 32 5C 50 72 6F 67 72 61 6D 20 46 olume2\Program F  <br>69 6C 65 73 5C 4D 69 63 72 6F 73 6F 66 74 20 53 iles\Microsoft S  <br>65 63 75 72 69 74 79 20 43 6C 69 65 6E 74 5C 4D ecurity Client\M  <br>73 4D 70 45 6E 67 2E 65 78 65 06 22 00 08 01 12 sMpEng.exe.\"....  <br>04 0F 13 45 48 1A 04 52 13 45 48 22 08 00 00 00 ...EH..R.EH\"....  <br>00 00 00 00 00 2A 08 00 00 00 00 00 00 00 00    .....*.........   <br>"
2/4/2016 6:30:49 PM,Info,Sample Submission: TeamViewerQS_en-idcsgfpsb6.exe,Pending,No Action Required,2/4/2016 6:30:49 PM,Norton Security Suite,Sample Submission: TeamViewerQS_en-idcsgfpsb6.exe,CSIDL_PROFILE\downloads\teamviewerqs_en-idcsgfpsb6.exe
2/4/2016 6:30:48 PM,Info,Statistical Submission: TeamViewerQS_en-idcsgfpsb6.exe,Pending,No Action Required,2/4/2016 6:30:48 PM,Norton Security Suite,Statistical Submission: TeamViewerQS_en-idcsgfpsb6.exe,"CSIDL_PROFILE\downloads\teamviewerqs_en-idcsgfpsb6.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 B2 71 DF 7B 02 04 00 ..........q.{...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 5A 9F 45 47 1A 04 ..........Z.EG..  <br>5A 9F 45 47 22 08 3B 7E 28 3F A8 FF D0 01 2A 08 Z.EG\".;~(?....*.  <br>D6 81 CD 40 A8 FF D0 01 32 6D 01 7E FF FF FF 7F ...@....2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 FF FF FF 83 ................  <br>FF FF FF 84 63 34 00 85 FF FF FF 86 B3 3B 00 87 ....c4.......;..  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C 81 50 00 8D EC 55 00 8E FF FF FF 8F .....P...U......  <br>FF FF FF 90 89 6A 00 91 F8 71 00 92 F7 02 00 93 .....j...q......  <br>3B 0C 00 94 82 79 00 95 E7 83 00 96 95 BE 00 97 ;....y..........  <br>5A E4 00 98 29 FC 00                            Z...)..           <br>"
2/4/2016 6:30:47 PM,Info,Sample Submission: Shockwave_Installer_Slim.exe,Pending,No Action Required,2/4/2016 6:30:47 PM,Norton Security Suite,Sample Submission: Shockwave_Installer_Slim.exe,CSIDL_PROFILE\downloads\shockwave_installer_slim.exe
2/4/2016 6:30:45 PM,Info,Statistical Submission: Shockwave_Installer_Slim.exe,Pending,No Action Required,2/4/2016 6:30:45 PM,Norton Security Suite,Statistical Submission: Shockwave_Installer_Slim.exe,"CSIDL_PROFILE\downloads\shockwave_installer_slim.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 D7 30 A7 2F 02 04 00 ..........0./...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 F1 0C 84 47 1A 04 .............G..  <br>F4 0C 84 47 22 08 F2 45 04 9D 34 2E D1 01 2A 08 ...G\"..E..4...*.  <br>B5 94 32 9E 34 2E D1 01 32 6D 01 7E FF FF FF 7F ..2.4...2m.~....  <br>FF FF FF 80 FF FF FF 81 FA 1F 00 82 FF FF FF 83 ................  <br>FF FF FF 84 63 34 00 85 FF FF FF 86 FF FF FF 87 ....c4..........  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C FF FF FF 8D EC 55 00 8E FF FF FF 8F .........U......  <br>FF FF FF 90 89 6A 00 91 4F 70 00 92 F7 02 00 93 .....j..Op......  <br>3B 0E 00 94 9A 79 00 95 E7 83 00 96 95 BE 00 97 ;....y..........  <br>9C E2 00 98 2A FC 00                            ....*..           <br>"
2/4/2016 6:30:45 PM,Info,Sample Submission: DropboxInstaller.exe,Pending,No Action Required,2/4/2016 6:30:45 PM,Norton Security Suite,Sample Submission: DropboxInstaller.exe,CSIDL_PROFILE\downloads\dropboxinstaller.exe
2/4/2016 6:29:58 PM,Info,Statistical Submission: DropboxInstaller.exe,Pending,No Action Required,2/4/2016 6:29:58 PM,Norton Security Suite,Statistical Submission: DropboxInstaller.exe,"CSIDL_PROFILE\downloads\dropboxinstaller.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 B8 99 15 CB 02 04 00 ................  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 C7 04 7B 47 1A 04 ............{G..  <br>C7 04 7B 47 22 08 65 22 9F E2 AB 28 D1 01 2A 08 ..{G\".e\"...(..*.  <br>0D ED E8 E2 AB 28 D1 01 32 6D 01 7E F5 04 00 7F .....(..2m.~....  <br>8C 0E 00 80 FF FF FF 81 ED 21 00 82 FF FF FF 83 .........!......  <br>FF FF FF 84 FF FF FF 85 FF FF FF 86 8B 3A 00 87 .............:..  <br>FF FF FF 88 93 42 00 89 FF FF FF 8A FF FF FF 8B .....B..........  <br>ED 4C 00 8C FF FF FF 8D FF FF FF 8E FF FF FF 8F .L..............  <br>FF FF FF 90 FF FF FF 91 FF FF FF 92 9B 04 00 93 ................  <br>86 0D 00 94 A8 7C 00 95 91 83 00 96 F6 BF 00 97 .....|..........  <br>50 E1 00 98 6A 00 01                            P...j..           <br>"
2/4/2016 6:17:07 PM,Info,Sample Submission: SETUP.EXE,Pending,No Action Required,2/4/2016 6:17:07 PM,Norton Security Suite,Sample Submission: SETUP.EXE,CSIDL_SYSTEM_DRIVE\swtools\drivers\commutil\setup.exe
2/4/2016 6:16:54 PM,Info,Statistical Submission: SETUP.EXE,Pending,No Action Required,2/4/2016 6:16:54 PM,Norton Security Suite,Statistical Submission: SETUP.EXE,"CSIDL_SYSTEM_DRIVE\swtools\drivers\commutil\setup.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 39 22 6A 7F 02 04 00 .........9\"j....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 D7 32 8E 3E 1A 04 ...........2.>..  <br>E2 39 2E 3E 22 08 00 00 00 00 00 00 00 00 2A 08 .9.>\".........*.  <br>00 00 00 00 00 00 00 00 32 6D 01 7E EC 04 00 7F ........2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 FF FF FF 83 ................  <br>FF FF FF 84 B8 33 00 85 CA 37 00 86 99 3B 00 87 .....3...7...;..  <br>38 3E 00 88 FF FF FF 89 40 45 00 8A A2 48 00 8B 8>......@E...H..  <br>E3 4B 00 8C FF FF FF 8D F3 55 00 8E 58 5B 00 8F .K.......U..X[..  <br>83 66 00 90 FF FF FF 91 FF FF FF 92 71 04 00 93 .f..........q...  <br>4C 0B 00 94 42 7B 00 95 07 83 00 96 74 BC 00 97 L...B{......t...  <br>52 E0 00 98 4A FC 00                            R...J..           <br>"
2/4/2016 6:02:09 PM,Info,Sample Submission: Setup_nltd.exe,Pending,No Action Required,2/4/2016 6:02:09 PM,Norton Security Suite,Sample Submission: Setup_nltd.exe,CSIDL_SYSTEM_DRIVE\program files\pc-doctor\setup_nltd.exe
2/4/2016 6:01:58 PM,Info,Statistical Submission: Setup_nltd.exe,Pending,No Action Required,2/4/2016 6:01:58 PM,Norton Security Suite,Statistical Submission: Setup_nltd.exe,"CSIDL_SYSTEM_DRIVE\program files\pc-doctor\setup_nltd.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 AD B1 70 5A 02 04 00 ...........pZ...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 C5 B0 7F 3E 1A 04 .............>..  <br>C5 B0 7F 3E 22 08 00 00 00 00 00 00 00 00 2A 08 ...>\".........*.  <br>00 00 00 00 00 00 00 00 32 6D 01 7E FF FF FF 7F ........2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 67 23 00 83 ............g#..  <br>FF FF FF 84 64 34 00 85 F2 36 00 86 B3 3B 00 87 ....d4...6...;..  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A BA 47 00 8B .............G..  <br>FF FF FF 8C 81 50 00 8D FF FF FF 8E FF FF FF 8F .....P..........  <br>FF FF FF 90 8A 6A 00 91 FF FF FF 92 F4 02 00 93 .....j..........  <br>38 0C 00 94 7B 79 00 95 CC 85 00 96 8F BE 00 97 8...{y..........  <br>B9 E4 00 98 29 FC 00                            ....)..           <br>"
2/4/2016 6:00:08 PM,Info,Sample Submission: SetupPrn_x64.exe,Pending,No Action Required,2/4/2016 6:00:08 PM,Norton Security Suite,Sample Submission: SetupPrn_x64.exe,CSIDL_SYSTEM_DRIVE\program files\common files\the neat company\send to neat\setup\setupprn_x64.exe
2/4/2016 6:00:02 PM,Info,Statistical Submission: SetupPrn_x64.exe,Pending,No Action Required,2/4/2016 6:00:02 PM,Norton Security Suite,Statistical Submission: SetupPrn_x64.exe,"CSIDL_SYSTEM_DRIVE\program files\common files\the neat company\send to neat\setup\setupprn_x64.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 C5 97 38 3D 02 04 00 ...........8=...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 BA 8A 30 46 1A 04 ............0F..  <br>BA 8A 30 46 22 08 00 00 00 00 00 00 00 00 2A 08 ..0F\".........*.  <br>00 00 00 00 00 00 00 00 32 6D 01 7E FF FF FF 7F ........2m.~....  <br>FF FF FF 80 55 10 00 81 CE 22 00 82 ED 24 00 83 ....U....\"...$..  <br>17 31 00 84 E9 34 00 85 E1 36 00 86 FF FF FF 87 .1...4...6......  <br>FF FF FF 88 FF FF FF 89 AE 46 00 8A FF FF FF 8B .........F......  <br>0D 4C 00 8C 9A 50 00 8D 93 57 00 8E FF FF FF 8F .L...P...W......  <br>7E 67 00 90 2B 6B 00 91 FE 71 00 92 6A 03 00 93 ~g..+k...q..j...  <br>90 0C 00 94 87 79 00 95 E7 83 00 96 4D BF 00 97 .....y......M...  <br>E6 DF 00 98 C6 FF 00                            .......           <br>"
2/4/2016 5:59:48 PM,Info,Sample Submission: wpinst.exe,Pending,No Action Required,2/4/2016 5:59:48 PM,Norton Security Suite,Sample Submission: wpinst.exe,CSIDL_PROGRAM_FILES\netgear genie\wpinst.exe
2/4/2016 5:59:41 PM,Info,Statistical Submission: wpinst.exe,Pending,No Action Required,2/4/2016 5:59:41 PM,Norton Security Suite,Statistical Submission: wpinst.exe,"CSIDL_PROGRAM_FILES\netgear genie\wpinst.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 5C 9B 99 16 02 04 00 .........\......  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 07 1A C2 46 1A 04 .............F..  <br>07 1A C2 46 22 08 A2 B9 29 C0 69 01 D1 01 2A 08 ...F\"...).i...*.  <br>30 99 42 C0 69 01 D1 01 32 6D 01 7E FF FF FF 7F 0.B.i...2m.~....  <br>FF FF FF 80 FF FF FF 81 D3 21 00 82 FF FF FF 83 .........!......  <br>FF FF FF 84 71 34 00 85 37 38 00 86 7D 3A 00 87 ....q4..78..}:..  <br>71 3E 00 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B q>..............  <br>FF FF FF 8C FD 50 00 8D FF FF FF 8E 67 5A 00 8F .....P......gZ..  <br>33 68 00 90 FF FF FF 91 FC 71 00 92 11 03 00 93 3h.......q......  <br>3C 0E 00 94 54 7E 00 95 31 86 00 96 EA BF 00 97 <...T~..1.......  <br>F9 E1 00 98 6A 00 01                            ....j..           <br>"
2/4/2016 5:59:29 PM,Info,Sample Submission: maintenanceservice_installer.exe,Pending,No Action Required,2/4/2016 5:59:29 PM,Norton Security Suite,Sample Submission: maintenanceservice_installer.exe,CSIDL_PROGRAM_FILES\mozilla thunderbird\maintenanceservice_installer.exe
2/4/2016 5:59:27 PM,Info,Statistical Submission: maintenanceservice_installer.exe,Pending,No Action Required,2/4/2016 5:59:27 PM,Norton Security Suite,Statistical Submission: maintenanceservice_installer.exe,"CSIDL_PROGRAM_FILES\mozilla thunderbird\maintenanceservice_installer.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 67 B7 58 10 02 04 00 .........g.X....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 66 A2 2B 48 1A 04 ..........f.+H..  <br>6D A2 2B 48 22 08 84 3E 31 5C AD 4C D1 01 2A 08 m.+H\"..>1\.L..*.  <br>2A C5 32 5C AD 4C D1 01 32 6D 01 7E FF FF FF 7F *.2\.L..2m.~....  <br>FF FF FF 80 73 11 00 81 FF FF FF 82 42 25 00 83 ....s.......B%..  <br>F2 31 00 84 FF FF FF 85 FF FF FF 86 FF FF FF 87 .1..............  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C 81 50 00 8D FF FF FF 8E FF FF FF 8F .....P..........  <br>0A 66 00 90 29 6B 00 91 FE 71 00 92 FF FF FF 93 .f..)k...q......  <br>90 0C 00 94 7E 79 00 95 E7 83 00 96 DA BF 00 97 ....~y..........  <br>74 E2 00 98 D8 FF 00                            t......           <br>"
2/4/2016 5:59:26 PM,Info,Sample Submission: xul.dll,Pending,No Action Required,2/4/2016 5:59:26 PM,Norton Security Suite,Sample Submission: xul.dll,CSIDL_PROGRAM_FILES\mozilla thunderbird\xul.dll
2/4/2016 5:59:17 PM,Info,Statistical Submission: xul.dll,Pending,No Action Required,2/4/2016 5:59:17 PM,Norton Security Suite,Statistical Submission: xul.dll,"CSIDL_PROGRAM_FILES\mozilla thunderbird\xul.dll  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 E3 0B 47 72 02 04 00 ...........Gr...  <br>41 A5 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 A...............  <br>00 00 00 06 25 00 08 01 12 04 67 A2 2B 48 1A 04 ....%.....g.+H..  <br>68 A2 2B 48 22 08 43 70 9F 57 AD 4C D1 01 2A 08 h.+H\".Cp.W.L..*.  <br>63 60 DF 57 AD 4C D1 01 32 01 01                c`.W.L..2..       <br>"
2/4/2016 5:57:51 PM,Info,Sample Submission: SAMSUNG_USB_Driver_for_Mobile_Phones.exe,Pending,No Action Required,2/4/2016 5:57:51 PM,Norton Security Suite,Sample Submission: SAMSUNG_USB_Driver_for_Mobile_Phones.exe,CSIDL_PROGRAM_FILES\samsung\smart switch pc\usb driver\samsung_usb_driver_for_mobile_phones.exe
2/4/2016 5:57:45 PM,Info,Statistical Submission: SAMSUNG_USB_Driver_for_Mobile_Phones.exe,Pending,No Action Required,2/4/2016 5:57:45 PM,Norton Security Suite,Statistical Submission: SAMSUNG_USB_Driver_for_Mobile_Phones.exe,"CSIDL_PROGRAM_FILES\samsung\smart switch pc\usb driver\samsung_usb_driver_for_mobile_phones.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 33 4F 37 3A 02 04 00 .........3O7:...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 92 9E 2B 47 1A 04 ............+G..  <br>92 9E 2B 47 22 08 56 88 C9 80 18 44 D1 01 2A 08 ..+G\".V....D..*.  <br>19 56 E1 80 18 44 D1 01 32 6D 01 7E FF FF FF 7F .V...D..2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 F8 25 00 83 .............%..  <br>0E 2F 00 84 E9 34 00 85 E1 36 00 86 CE 3A 00 87 ./...4...6...:..  <br>FF FF FF 88 FF FF FF 89 AE 46 00 8A FF FF FF 8B .........F......  <br>69 4B 00 8C FF FF FF 8D C2 56 00 8E 9B 5B 00 8F iK.......V...[..  <br>79 67 00 90 2B 6B 00 91 FF FF FF 92 6A 03 00 93 yg..+k......j...  <br>90 0C 00 94 9C 79 00 95 E7 83 00 96 4D BF 00 97 .....y......M...  <br>32 DF 00 98 A1 FF 00                            2......           <br>"
2/4/2016 5:57:37 PM,Info,Sample Submission: CommonModule.dll,Pending,No Action Required,2/4/2016 5:57:37 PM,Norton Security Suite,Sample Submission: CommonModule.dll,CSIDL_PROGRAM_FILES\samsung\smart switch pc\commonmodule.dll
2/4/2016 5:57:30 PM,Info,Statistical Submission: CommonModule.dll,Pending,No Action Required,2/4/2016 5:57:30 PM,Norton Security Suite,Statistical Submission: CommonModule.dll,"CSIDL_PROGRAM_FILES\samsung\smart switch pc\commonmodule.dll  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 22 46 17 A1 02 04 00 .........\"F.....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 EB 1E 4F 47 1A 04 ............OG..  <br>EB 1E 4F 47 22 08 70 89 6A 7E 18 44 D1 01 2A 08 ..OG\".p.j~.D..*.  <br>91 AD 71 7E 18 44 D1 01 32 6D 01 7E FF FF FF 7F ..q~.D..2m.~....  <br>A2 0C 00 80 FF FF FF 81 CC 1F 00 82 5A 23 00 83 ............Z#..  <br>FF FF FF 84 FF FF FF 85 94 37 00 86 FF FF FF 87 .........7......  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C 71 50 00 8D FF FF FF 8E 02 5B 00 8F ....qP.......[..  <br>DF 65 00 90 1A 6A 00 91 FF FF FF 92 6C 00 00 93 .e...j......l...  <br>FF FF FF 94 9E 7A 00 95 38 81 00 96 14 B9 00 97 .....z..8.......  <br>04 E4 00 98 75 FB 00                            ....u..           <br>"
2/4/2016 5:57:29 PM,Info,Sample Submission: uninstall.exe,Pending,No Action Required,2/4/2016 5:57:29 PM,Norton Security Suite,Sample Submission: uninstall.exe,CSIDL_PROGRAM_FILES\teamviewer\uninstall.exe
2/4/2016 5:57:23 PM,Info,Statistical Submission: uninstall.exe,Pending,No Action Required,2/4/2016 5:57:23 PM,Norton Security Suite,Statistical Submission: uninstall.exe,"CSIDL_PROGRAM_FILES\teamviewer\uninstall.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 EE C5 8A 8D 02 04 00 ................  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 A0 BD F8 46 1A 04 .............F..  <br>9C 7E 8E 47 22 08 C9 D2 83 B0 C7 37 D1 01 2A 08 .~.G\"......7..*.  <br>78 CA 87 B0 C7 37 D1 01 32 6D 01 7E FF FF FF 7F x....7..2m.~....  <br>FF FF FF 80 FF FF FF 81 FA 1F 00 82 46 25 00 83 ............F%..  <br>FF FF FF 84 FF FF FF 85 F1 36 00 86 FF FF FF 87 .........6......  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>E9 4C 00 8C FF FF FF 8D FF FF FF 8E 00 00 00 8F .L..............  <br>0A 66 00 90 29 6B 00 91 4F 70 00 92 FF FF FF 93 .f..)k..Op......  <br>90 0C 00 94 A0 79 00 95 E7 83 00 96 DB BF 00 97 .....y..........  <br>75 E2 00 98 AA FF 00                            u......           <br>"
2/4/2016 5:57:20 PM,Info,Sample Submission: SmartSwitchPDLR.exe,Pending,No Action Required,2/4/2016 5:57:20 PM,Norton Security Suite,Sample Submission: SmartSwitchPDLR.exe,CSIDL_PROGRAM_FILES\samsung\smart switch pc\smartswitchpdlr.exe
2/4/2016 5:57:14 PM,Info,Statistical Submission: SmartSwitchPDLR.exe,Pending,No Action Required,2/4/2016 5:57:14 PM,Norton Security Suite,Statistical Submission: SmartSwitchPDLR.exe,"CSIDL_PROGRAM_FILES\samsung\smart switch pc\smartswitchpdlr.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 05 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 00 DA AB 9A 01 03 00 ................  <br>01 AA 00 02 04 00 2B A6 00 00 04 03 00 00 C8 19 ......+.........  <br>03 06 00 01 02 04 00 00 00 06 91 00 08 01 12 04 ................  <br>EB 1E 4F 47 1A 04 EB 1E 4F 47 22 08 86 F7 28 7F ..OG....OG\"...(.  <br>18 44 D1 01 2A 08 E6 58 2B 7F 18 44 D1 01 32 6D .D..*..X+..D..2m  <br>01 7E D6 04 00 7F FF FF FF 80 16 12 00 81 86 22 .~.............\"  <br>00 82 AF 23 00 83 4E 2F 00 84 FF FF FF 85 02 39 ...#..N/.......9  <br>00 86 38 3C 00 87 1D 3E 00 88 79 42 00 89 F5 44 ..8<...>..yB...D  <br>00 8A 82 48 00 8B FF FF FF 8C 8C 51 00 8D 7E 57 ...H.......Q..~W  <br>00 8E 25 5B 00 8F 83 66 00 90 1B 6A 00 91 FF FF ..%[...f...j....  <br>FF 92 BB 01 00 93 5B 0B 00 94 6F 78 00 95 07 83 ......[...ox....  <br>00 96 C9 B8 00 97 FF FF FF 98 F8 FB 00          .............     <br>"
2/4/2016 5:57:10 PM,Info,Sample Submission: AdminDelegator_SmartSwitch.exe,Pending,No Action Required,2/4/2016 5:57:10 PM,Norton Security Suite,Sample Submission: AdminDelegator_SmartSwitch.exe,CSIDL_PROGRAM_FILES\samsung\smart switch pc\admindelegator_smartswitch.exe
2/4/2016 5:57:04 PM,Info,Statistical Submission: AdminDelegator_SmartSwitch.exe,Pending,No Action Required,2/4/2016 5:57:04 PM,Norton Security Suite,Statistical Submission: AdminDelegator_SmartSwitch.exe,"CSIDL_PROGRAM_FILES\samsung\smart switch pc\admindelegator_smartswitch.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 05 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 F1 FD 6D 24 01 03 00 ...........m$...  <br>01 AB 00 02 04 00 2B A6 00 00 04 03 00 00 C8 19 ......+.........  <br>03 06 00 01 02 04 00 00 00 06 91 00 08 01 12 04 ................  <br>EA 1E 4F 47 1A 04 EA 1E 4F 47 22 08 6C 73 44 7E ..OG....OG\".lsD~  <br>18 44 D1 01 2A 08 6C 73 44 7E 18 44 D1 01 32 6D .D..*.lsD~.D..2m  <br>01 7E D6 04 00 7F A3 0C 00 80 16 12 00 81 8D 22 .~.............\"  <br>00 82 AF 23 00 83 4E 2F 00 84 FF FF FF 85 02 39 ...#..N/.......9  <br>00 86 FF FF FF 87 FF FF FF 88 79 42 00 89 F5 44 ..........yB...D  <br>00 8A FF FF FF 8B FF FF FF 8C 8E 51 00 8D FD 56 ...........Q...V  <br>00 8E 99 5B 00 8F 83 66 00 90 FF FF FF 91 E7 71 ...[...f.......q  <br>00 92 A0 01 00 93 5B 0B 00 94 2C 7B 00 95 07 83 ......[...,{....  <br>00 96 C9 B8 00 97 FF FF FF 98 08 FC 00          .............     <br>"
2/4/2016 5:57:03 PM,Info,Sample Submission: 48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe,Pending,No Action Required,2/4/2016 5:57:03 PM,Norton Security Suite,Sample Submission: 48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe,CSIDL_PROGRAM_FILES\google\update\download\{4dc8b4ca-1bda-483e-b5fa-d3c12e15b62d}\48.0.2564.97\48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe
2/4/2016 5:56:52 PM,Info,Statistical Submission: 48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe,Pending,No Action Required,2/4/2016 5:56:52 PM,Norton Security Suite,Statistical Submission: 48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe,"CSIDL_PROGRAM_FILES\google\update\download\{4dc8b4ca-1bda-483e-b5fa-d3c12e15b62d}\48.0.2564.97\48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 9A 7B 45 0C 02 04 00 ..........{E....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 57 1C 3D 48 1A 04 ..........W.=H..  <br>40 5B 3B 48 22 08 CA CA AA FF 45 5A D1 01 2A 08 @[;H\".....EZ..*.  <br>91 9F AC FF 45 5A D1 01 32 6D 01 7E 8B 04 00 7F ....EZ..2m.~....  <br>0F 0C 00 80 A8 10 00 81 12 22 00 82 D2 24 00 83 .........\"...$..  <br>FF FF FF 84 FF FF FF 85 A2 36 00 86 FF FF FF 87 .........6......  <br>FF FF FF 88 FF FF FF 89 C2 44 00 8A FF FF FF 8B .........D......  <br>FF FF FF 8C 0C 4F 00 8D FF FF FF 8E 13 5A 00 8F .....O.......Z..  <br>42 68 00 90 FF FF FF 91 FF FF FF 92 AC 02 00 93 Bh..............  <br>4C 0B 00 94 AF 79 00 95 C8 80 00 96 AF BC 00 97 L....y..........  <br>48 DF 00 98 C7 FF 00                            H......           <br>"
2/4/2016 5:54:28 PM,Info,Norton Community Watch Feedback,Pending,No Action Required,2/4/2016 5:54:28 PM,Norton Security Suite,Norton Community Watch Feedback,Safe Web Blocking Message
2/4/2016 5:51:38 PM,Info,Statistical Submission: fsdui.exe,Pending,No Action Required,2/4/2016 5:51:38 PM,Norton Security Suite,Statistical Submission: fsdui.exe,"CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\stage\fsdui.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 05 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 13 71 49 A2 02 04 00 ..........qI....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>0E 01 00 05 5E 00 5C 44 65 76 69 63 65 5C 48 61 ....^.\Device\Ha  <br>72 64 64 69 73 6B 56 6F 6C 75 6D 65 32 5C 50 72 rddiskVolume2\Pr  <br>6F 67 72 61 6D 20 46 69 6C 65 73 20 28 78 38 36 ogram Files (x86  <br>29 5C 4E 6F 72 74 6F 6E 20 53 65 63 75 72 69 74 )\Norton Securit  <br>79 20 53 75 69 74 65 5C 45 6E 67 69 6E 65 5C 32 y Suite\Engine\2  <br>32 2E 35 2E 35 2E 31 35 5C 57 53 43 53 74 75 62 2.5.5.15\WSCStub  <br>2E 65 78 65 06 91 00 08 01 12 04 C2 2E 87 47 1A .exe..........G.  <br>04 6E 0E 45 48 22 08 31 FB 55 AE B3 30 D1 01 2A .n.EH\".1.U..0..*  <br>08 83 78 48 BB B7 5F D1 01 32 6D 01 7E FF FF FF ..xH.._..2m.~...  <br>7F FF FF FF 80 A0 10 00 81 37 21 00 82 AF 23 00 .........7!...#.  <br>83 4E 2F 00 84 FF FF FF 85 1E 36 00 86 35 3B 00 .N/.......6..5;.  <br>87 FF FF FF 88 6D 41 00 89 18 45 00 8A 87 48 00 .....mA...E...H.  <br>8B FF FF FF 8C 71 50 00 8D E8 56 00 8E 41 5B 00 .....qP...V..A[.  <br>8F 83 66 00 90 FF FF FF 91 FF FF FF 92 AB 01 00 ..f.............  <br>93 FF FF FF 94 43 77 00 95 A0 80 00 96 C9 B8 00 .....Cw.........  <br>97 E5 DD 00 98 CA FB 00                         ........          <br>"
2/4/2016 5:51:38 PM,Info,Sample Submission: fsdui.exe,Pending,No Action Required,2/4/2016 5:51:38 PM,Norton Security Suite,Sample Submission: fsdui.exe,CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\stage\fsdui.exe
2/4/2016 2:55:16 PM,Info,Norton Community Watch Feedback,Pending,No Action Required,2/4/2016 2:55:16 PM,Norton Security Suite,Norton Community Watch Feedback,c:\users\manoj\desktop\frst64.exe
2/4/2016 10:10:18 AM,Info,Statistical Submission: fsdui.exe,Pending,No Action Required,2/4/2016 10:10:18 AM,Norton Security Suite,Statistical Submission: fsdui.exe,"CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\stage\fsdui.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 05 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 13 71 49 A2 02 04 00 ..........qI....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>0E 01 00 05 5E 00 5C 44 65 76 69 63 65 5C 48 61 ....^.\Device\Ha  <br>72 64 64 69 73 6B 56 6F 6C 75 6D 65 32 5C 50 72 rddiskVolume2\Pr  <br>6F 67 72 61 6D 20 46 69 6C 65 73 20 28 78 38 36 ogram Files (x86  <br>29 5C 4E 6F 72 74 6F 6E 20 53 65 63 75 72 69 74 )\Norton Securit  <br>79 20 53 75 69 74 65 5C 45 6E 67 69 6E 65 5C 32 y Suite\Engine\2  <br>32 2E 35 2E 35 2E 31 35 5C 57 53 43 53 74 75 62 2.5.5.15\WSCStub  <br>2E 65 78 65 06 91 00 08 01 12 04 C2 2E 87 47 1A .exe..........G.  <br>04 42 91 44 48 22 08 31 FB 55 AE B3 30 D1 01 2A .B.DH\".1.U..0..*  <br>08 CB 8F AE 45 77 5F D1 01 32 6D 01 7E FF FF FF ....Ew_..2m.~...  <br>7F FF FF FF 80 A0 10 00 81 37 21 00 82 AF 23 00 .........7!...#.  <br>83 4E 2F 00 84 FF FF FF 85 1E 36 00 86 35 3B 00 .N/.......6..5;.  <br>87 FF FF FF 88 6D 41 00 89 18 45 00 8A 87 48 00 .....mA...E...H.  <br>8B FF FF FF 8C 71 50 00 8D E8 56 00 8E 41 5B 00 .....qP...V..A[.  <br>8F 83 66 00 90 FF FF FF 91 FF FF FF 92 AB 01 00 ..f.............  <br>93 FF FF FF 94 43 77 00 95 A0 80 00 96 C9 B8 00 .....Cw.........  <br>97 E5 DD 00 98 CA FB 00                         ........          <br>"
2/4/2016 10:10:18 AM,Info,Sample Submission: fsdui.exe,Pending,No Action Required,2/4/2016 10:10:18 AM,Norton Security Suite,Sample Submission: fsdui.exe,CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\stage\fsdui.exe
2/4/2016 12:19:57 AM,Info,Statistical Submission: JS.Downloader,Pending,No Action Required,2/4/2016 12:19:57 AM,Norton Security Suite,Statistical Submission: JS.Downloader,"CSIDL_WINDOWS\temp\nav7643.tmpDetection Digest:  <br>03 00 EA AF 19 01 01 04 00 46 2E BE 33 64 92 2B .........F..3d.+  <br>24 C2 09 FD 0E 04 30 00 C3 00 00 00 00 00 00 00 $.....0.........  <br>00 00 00 00 00 00 00 00 00 DE A8 56 64 04 03 00 ...........Vd...  <br>00 C8 19 03 06 00 01 02 04 0E 02 00 05 4B 00 5C .............K.\  <br>44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 Device\HarddiskV  <br>6F 6C 75 6D 65 32 5C 50 72 6F 67 72 61 6D 20 46 olume2\Program F  <br>69 6C 65 73 5C 4D 69 63 72 6F 73 6F 66 74 20 53 iles\Microsoft S  <br>65 63 75 72 69 74 79 20 43 6C 69 65 6E 74 5C 4D ecurity Client\M  <br>73 4D 70 45 6E 67 2E 65 78 65 06 22 00 08 01 12 sMpEng.exe.\"....  <br>04 CC 41 44 48 1A 04 FB 41 44 48 22 08 00 00 00 ..ADH...ADH\"....  <br>00 00 00 00 00 2A 08 00 00 00 00 00 00 00 00    .....*.........   <br>"
2/4/2016 12:17:52 AM,Info,Statistical Submission: Trojan.Mdropper,Pending,No Action Required,2/4/2016 12:17:52 AM,Norton Security Suite,Statistical Submission: Trojan.Mdropper,"CSIDL_WINDOWS\temp\navfe35.tmpDetection Digest:  <br>03 00 EA AF 19 01 01 04 00 DB 34 D8 9D A4 C5 C9 ..........4.....  <br>FE C6 22 5F A3 1C 28 13 D7 00 00 00 00 00 00 00 ..\"_..(.........  <br>00 00 00 00 00 00 00 00 00 D7 41 5F 8F 04 03 00 ..........A_....  <br>00 C8 19 03 06 00 01 02 04 0E 02 00 05 4B 00 5C .............K.\  <br>44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 Device\HarddiskV  <br>6F 6C 75 6D 65 32 5C 50 72 6F 67 72 61 6D 20 46 olume2\Program F  <br>69 6C 65 73 5C 4D 69 63 72 6F 73 6F 66 74 20 53 iles\Microsoft S  <br>65 63 75 72 69 74 79 20 43 6C 69 65 6E 74 5C 4D ecurity Client\M  <br>73 4D 70 45 6E 67 2E 65 78 65 06 22 00 08 01 12 sMpEng.exe.\"....  <br>04 75 41 44 48 1A 04 B6 41 44 48 22 08 00 00 00 .uADH...ADH\"....  <br>00 00 00 00 00 2A 08 00 00 00 00 00 00 00 00    .....*.........   <br>"
2/4/2016 12:17:38 AM,Info,Sample Submission: TeamViewerQS_en-idcsgfpsb6.exe,Pending,No Action Required,2/4/2016 12:17:38 AM,Norton Security Suite,Sample Submission: TeamViewerQS_en-idcsgfpsb6.exe,CSIDL_PROFILE\downloads\teamviewerqs_en-idcsgfpsb6.exe
2/4/2016 12:17:36 AM,Info,Statistical Submission: TeamViewerQS_en-idcsgfpsb6.exe,Pending,No Action Required,2/4/2016 12:17:36 AM,Norton Security Suite,Statistical Submission: TeamViewerQS_en-idcsgfpsb6.exe,"CSIDL_PROFILE\downloads\teamviewerqs_en-idcsgfpsb6.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 B2 71 DF 7B 02 04 00 ..........q.{...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 5A 9F 45 47 1A 04 ..........Z.EG..  <br>5A 9F 45 47 22 08 3B 7E 28 3F A8 FF D0 01 2A 08 Z.EG\".;~(?....*.  <br>D6 81 CD 40 A8 FF D0 01 32 6D 01 7E FF FF FF 7F ...@....2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 FF FF FF 83 ................  <br>FF FF FF 84 63 34 00 85 FF FF FF 86 B3 3B 00 87 ....c4.......;..  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C 81 50 00 8D EC 55 00 8E FF FF FF 8F .....P...U......  <br>FF FF FF 90 89 6A 00 91 F8 71 00 92 F7 02 00 93 .....j...q......  <br>3B 0C 00 94 82 79 00 95 E7 83 00 96 95 BE 00 97 ;....y..........  <br>5A E4 00 98 29 FC 00                            Z...)..           <br>"
2/4/2016 12:17:35 AM,Info,Sample Submission: Shockwave_Installer_Slim.exe,Pending,No Action Required,2/4/2016 12:17:35 AM,Norton Security Suite,Sample Submission: Shockwave_Installer_Slim.exe,CSIDL_PROFILE\downloads\shockwave_installer_slim.exe
2/4/2016 12:17:26 AM,Info,Statistical Submission: Shockwave_Installer_Slim.exe,Pending,No Action Required,2/4/2016 12:17:26 AM,Norton Security Suite,Statistical Submission: Shockwave_Installer_Slim.exe,"CSIDL_PROFILE\downloads\shockwave_installer_slim.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 D7 30 A7 2F 02 04 00 ..........0./...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 F1 0C 84 47 1A 04 .............G..  <br>F4 0C 84 47 22 08 F2 45 04 9D 34 2E D1 01 2A 08 ...G\"..E..4...*.  <br>B5 94 32 9E 34 2E D1 01 32 6D 01 7E FF FF FF 7F ..2.4...2m.~....  <br>FF FF FF 80 FF FF FF 81 FA 1F 00 82 FF FF FF 83 ................  <br>FF FF FF 84 63 34 00 85 FF FF FF 86 FF FF FF 87 ....c4..........  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C FF FF FF 8D EC 55 00 8E FF FF FF 8F .........U......  <br>FF FF FF 90 89 6A 00 91 4F 70 00 92 F7 02 00 93 .....j..Op......  <br>3B 0E 00 94 9A 79 00 95 E7 83 00 96 95 BE 00 97 ;....y..........  <br>9C E2 00 98 2A FC 00                            ....*..           <br>"
2/4/2016 12:17:21 AM,Info,Sample Submission: DropboxInstaller.exe,Pending,No Action Required,2/4/2016 12:17:21 AM,Norton Security Suite,Sample Submission: DropboxInstaller.exe,CSIDL_PROFILE\downloads\dropboxinstaller.exe
2/4/2016 12:17:10 AM,Info,Statistical Submission: DropboxInstaller.exe,Pending,No Action Required,2/4/2016 12:17:10 AM,Norton Security Suite,Statistical Submission: DropboxInstaller.exe,"CSIDL_PROFILE\downloads\dropboxinstaller.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 B8 99 15 CB 02 04 00 ................  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 C7 04 7B 47 1A 04 ............{G..  <br>C7 04 7B 47 22 08 65 22 9F E2 AB 28 D1 01 2A 08 ..{G\".e\"...(..*.  <br>0D ED E8 E2 AB 28 D1 01 32 6D 01 7E F5 04 00 7F .....(..2m.~....  <br>8C 0E 00 80 FF FF FF 81 ED 21 00 82 FF FF FF 83 .........!......  <br>FF FF FF 84 FF FF FF 85 FF FF FF 86 8B 3A 00 87 .............:..  <br>FF FF FF 88 93 42 00 89 FF FF FF 8A FF FF FF 8B .....B..........  <br>ED 4C 00 8C FF FF FF 8D FF FF FF 8E FF FF FF 8F .L..............  <br>FF FF FF 90 FF FF FF 91 FF FF FF 92 9B 04 00 93 ................  <br>86 0D 00 94 A8 7C 00 95 91 83 00 96 F6 BF 00 97 .....|..........  <br>50 E1 00 98 6A 00 01                            P...j..           <br>"
2/4/2016 12:04:28 AM,Info,Sample Submission: SETUP.EXE,Pending,No Action Required,2/4/2016 12:04:28 AM,Norton Security Suite,Sample Submission: SETUP.EXE,CSIDL_SYSTEM_DRIVE\swtools\drivers\commutil\setup.exe
2/4/2016 12:04:08 AM,Info,Statistical Submission: SETUP.EXE,Pending,No Action Required,2/4/2016 12:04:08 AM,Norton Security Suite,Statistical Submission: SETUP.EXE,"CSIDL_SYSTEM_DRIVE\swtools\drivers\commutil\setup.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 39 22 6A 7F 02 04 00 .........9\"j....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 D7 32 8E 3E 1A 04 ...........2.>..  <br>E2 39 2E 3E 22 08 00 00 00 00 00 00 00 00 2A 08 .9.>\".........*.  <br>00 00 00 00 00 00 00 00 32 6D 01 7E EC 04 00 7F ........2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 FF FF FF 83 ................  <br>FF FF FF 84 B8 33 00 85 CA 37 00 86 99 3B 00 87 .....3...7...;..  <br>38 3E 00 88 FF FF FF 89 40 45 00 8A A2 48 00 8B 8>......@E...H..  <br>E3 4B 00 8C FF FF FF 8D F3 55 00 8E 58 5B 00 8F .K.......U..X[..  <br>83 66 00 90 FF FF FF 91 FF FF FF 92 71 04 00 93 .f..........q...  <br>4C 0B 00 94 42 7B 00 95 07 83 00 96 74 BC 00 97 L...B{......t...  <br>52 E0 00 98 4A FC 00                            R...J..           <br>"
2/3/2016 11:48:36 PM,Info,Sample Submission: Setup_nltd.exe,Pending,No Action Required,2/3/2016 11:48:36 PM,Norton Security Suite,Sample Submission: Setup_nltd.exe,CSIDL_SYSTEM_DRIVE\program files\pc-doctor\setup_nltd.exe
2/3/2016 11:48:27 PM,Info,Statistical Submission: Setup_nltd.exe,Pending,No Action Required,2/3/2016 11:48:27 PM,Norton Security Suite,Statistical Submission: Setup_nltd.exe,"CSIDL_SYSTEM_DRIVE\program files\pc-doctor\setup_nltd.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 AD B1 70 5A 02 04 00 ...........pZ...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 C5 B0 7F 3E 1A 04 .............>..  <br>C5 B0 7F 3E 22 08 00 00 00 00 00 00 00 00 2A 08 ...>\".........*.  <br>00 00 00 00 00 00 00 00 32 6D 01 7E FF FF FF 7F ........2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 67 23 00 83 ............g#..  <br>FF FF FF 84 64 34 00 85 F2 36 00 86 B3 3B 00 87 ....d4...6...;..  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A BA 47 00 8B .............G..  <br>FF FF FF 8C 81 50 00 8D FF FF FF 8E FF FF FF 8F .....P..........  <br>FF FF FF 90 8A 6A 00 91 FF FF FF 92 F4 02 00 93 .....j..........  <br>38 0C 00 94 7B 79 00 95 CC 85 00 96 8F BE 00 97 8...{y..........  <br>B9 E4 00 98 29 FC 00                            ....)..           <br>"
2/3/2016 11:44:48 PM,Info,Sample Submission: SetupPrn_x64.exe,Pending,No Action Required,2/3/2016 11:44:48 PM,Norton Security Suite,Sample Submission: SetupPrn_x64.exe,CSIDL_SYSTEM_DRIVE\program files\common files\the neat company\send to neat\setup\setupprn_x64.exe
2/3/2016 11:44:42 PM,Info,Statistical Submission: SetupPrn_x64.exe,Pending,No Action Required,2/3/2016 11:44:42 PM,Norton Security Suite,Statistical Submission: SetupPrn_x64.exe,"CSIDL_SYSTEM_DRIVE\program files\common files\the neat company\send to neat\setup\setupprn_x64.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 C5 97 38 3D 02 04 00 ...........8=...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 BA 8A 30 46 1A 04 ............0F..  <br>BA 8A 30 46 22 08 00 00 00 00 00 00 00 00 2A 08 ..0F\".........*.  <br>00 00 00 00 00 00 00 00 32 6D 01 7E FF FF FF 7F ........2m.~....  <br>FF FF FF 80 55 10 00 81 CE 22 00 82 ED 24 00 83 ....U....\"...$..  <br>17 31 00 84 E9 34 00 85 E1 36 00 86 FF FF FF 87 .1...4...6......  <br>FF FF FF 88 FF FF FF 89 AE 46 00 8A FF FF FF 8B .........F......  <br>0D 4C 00 8C 9A 50 00 8D 93 57 00 8E FF FF FF 8F .L...P...W......  <br>7E 67 00 90 2B 6B 00 91 FE 71 00 92 6A 03 00 93 ~g..+k...q..j...  <br>90 0C 00 94 87 79 00 95 E7 83 00 96 4D BF 00 97 .....y......M...  <br>E6 DF 00 98 C6 FF 00                            .......           <br>"
2/3/2016 11:44:29 PM,Info,Sample Submission: wpinst.exe,Pending,No Action Required,2/3/2016 11:44:29 PM,Norton Security Suite,Sample Submission: wpinst.exe,CSIDL_PROGRAM_FILES\netgear genie\wpinst.exe
2/3/2016 11:44:20 PM,Info,Statistical Submission: wpinst.exe,Pending,No Action Required,2/3/2016 11:44:20 PM,Norton Security Suite,Statistical Submission: wpinst.exe,"CSIDL_PROGRAM_FILES\netgear genie\wpinst.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 5C 9B 99 16 02 04 00 .........\......  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 07 1A C2 46 1A 04 .............F..  <br>07 1A C2 46 22 08 A2 B9 29 C0 69 01 D1 01 2A 08 ...F\"...).i...*.  <br>30 99 42 C0 69 01 D1 01 32 6D 01 7E FF FF FF 7F 0.B.i...2m.~....  <br>FF FF FF 80 FF FF FF 81 D3 21 00 82 FF FF FF 83 .........!......  <br>FF FF FF 84 71 34 00 85 37 38 00 86 7D 3A 00 87 ....q4..78..}:..  <br>71 3E 00 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B q>..............  <br>FF FF FF 8C FD 50 00 8D FF FF FF 8E 67 5A 00 8F .....P......gZ..  <br>33 68 00 90 FF FF FF 91 FC 71 00 92 11 03 00 93 3h.......q......  <br>3C 0E 00 94 54 7E 00 95 31 86 00 96 EA BF 00 97 <...T~..1.......  <br>F9 E1 00 98 6A 00 01                            ....j..           <br>"
2/3/2016 11:44:10 PM,Info,Sample Submission: maintenanceservice_installer.exe,Pending,No Action Required,2/3/2016 11:44:10 PM,Norton Security Suite,Sample Submission: maintenanceservice_installer.exe,CSIDL_PROGRAM_FILES\mozilla thunderbird\maintenanceservice_installer.exe
2/3/2016 11:44:06 PM,Info,Statistical Submission: maintenanceservice_installer.exe,Pending,No Action Required,2/3/2016 11:44:06 PM,Norton Security Suite,Statistical Submission: maintenanceservice_installer.exe,"CSIDL_PROGRAM_FILES\mozilla thunderbird\maintenanceservice_installer.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 67 B7 58 10 02 04 00 .........g.X....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 66 A2 2B 48 1A 04 ..........f.+H..  <br>6D A2 2B 48 22 08 84 3E 31 5C AD 4C D1 01 2A 08 m.+H\"..>1\.L..*.  <br>2A C5 32 5C AD 4C D1 01 32 6D 01 7E FF FF FF 7F *.2\.L..2m.~....  <br>FF FF FF 80 73 11 00 81 FF FF FF 82 42 25 00 83 ....s.......B%..  <br>F2 31 00 84 FF FF FF 85 FF FF FF 86 FF FF FF 87 .1..............  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C 81 50 00 8D FF FF FF 8E FF FF FF 8F .....P..........  <br>0A 66 00 90 29 6B 00 91 FE 71 00 92 FF FF FF 93 .f..)k...q......  <br>90 0C 00 94 7E 79 00 95 E7 83 00 96 DA BF 00 97 ....~y..........  <br>74 E2 00 98 D8 FF 00                            t......           <br>"
2/3/2016 11:44:05 PM,Info,Sample Submission: xul.dll,Pending,No Action Required,2/3/2016 11:44:05 PM,Norton Security Suite,Sample Submission: xul.dll,CSIDL_PROGRAM_FILES\mozilla thunderbird\xul.dll
2/3/2016 11:43:55 PM,Info,Statistical Submission: xul.dll,Pending,No Action Required,2/3/2016 11:43:55 PM,Norton Security Suite,Statistical Submission: xul.dll,"CSIDL_PROGRAM_FILES\mozilla thunderbird\xul.dll  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 E3 0B 47 72 02 04 00 ...........Gr...  <br>41 A5 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 A...............  <br>00 00 00 06 25 00 08 01 12 04 67 A2 2B 48 1A 04 ....%.....g.+H..  <br>68 A2 2B 48 22 08 43 70 9F 57 AD 4C D1 01 2A 08 h.+H\".Cp.W.L..*.  <br>63 60 DF 57 AD 4C D1 01 32 01 01                c`.W.L..2..       <br>"
2/3/2016 11:42:07 PM,Info,Sample Submission: SAMSUNG_USB_Driver_for_Mobile_Phones.exe,Pending,No Action Required,2/3/2016 11:42:07 PM,Norton Security Suite,Sample Submission: SAMSUNG_USB_Driver_for_Mobile_Phones.exe,CSIDL_PROGRAM_FILES\samsung\smart switch pc\usb driver\samsung_usb_driver_for_mobile_phones.exe
2/3/2016 11:42:02 PM,Info,Statistical Submission: SAMSUNG_USB_Driver_for_Mobile_Phones.exe,Pending,No Action Required,2/3/2016 11:42:02 PM,Norton Security Suite,Statistical Submission: SAMSUNG_USB_Driver_for_Mobile_Phones.exe,"CSIDL_PROGRAM_FILES\samsung\smart switch pc\usb driver\samsung_usb_driver_for_mobile_phones.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 33 4F 37 3A 02 04 00 .........3O7:...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 92 9E 2B 47 1A 04 ............+G..  <br>92 9E 2B 47 22 08 56 88 C9 80 18 44 D1 01 2A 08 ..+G\".V....D..*.  <br>19 56 E1 80 18 44 D1 01 32 6D 01 7E FF FF FF 7F .V...D..2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 F8 25 00 83 .............%..  <br>0E 2F 00 84 E9 34 00 85 E1 36 00 86 CE 3A 00 87 ./...4...6...:..  <br>FF FF FF 88 FF FF FF 89 AE 46 00 8A FF FF FF 8B .........F......  <br>69 4B 00 8C FF FF FF 8D C2 56 00 8E 9B 5B 00 8F iK.......V...[..  <br>79 67 00 90 2B 6B 00 91 FF FF FF 92 6A 03 00 93 yg..+k......j...  <br>90 0C 00 94 9C 79 00 95 E7 83 00 96 4D BF 00 97 .....y......M...  <br>32 DF 00 98 A1 FF 00                            2......           <br>"
2/3/2016 11:42:01 PM,Info,Sample Submission: CommonModule.dll,Pending,No Action Required,2/3/2016 11:42:01 PM,Norton Security Suite,Sample Submission: CommonModule.dll,CSIDL_PROGRAM_FILES\samsung\smart switch pc\commonmodule.dll
2/3/2016 11:41:54 PM,Info,Statistical Submission: CommonModule.dll,Pending,No Action Required,2/3/2016 11:41:54 PM,Norton Security Suite,Statistical Submission: CommonModule.dll,"CSIDL_PROGRAM_FILES\samsung\smart switch pc\commonmodule.dll  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 22 46 17 A1 02 04 00 .........\"F.....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 EB 1E 4F 47 1A 04 ............OG..  <br>EB 1E 4F 47 22 08 70 89 6A 7E 18 44 D1 01 2A 08 ..OG\".p.j~.D..*.  <br>91 AD 71 7E 18 44 D1 01 32 6D 01 7E FF FF FF 7F ..q~.D..2m.~....  <br>A2 0C 00 80 FF FF FF 81 CC 1F 00 82 5A 23 00 83 ............Z#..  <br>FF FF FF 84 FF FF FF 85 94 37 00 86 FF FF FF 87 .........7......  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C 71 50 00 8D FF FF FF 8E 02 5B 00 8F ....qP.......[..  <br>DF 65 00 90 1A 6A 00 91 FF FF FF 92 6C 00 00 93 .e...j......l...  <br>FF FF FF 94 9E 7A 00 95 38 81 00 96 14 B9 00 97 .....z..8.......  <br>04 E4 00 98 75 FB 00                            ....u..           <br>"
2/3/2016 11:41:52 PM,Info,Sample Submission: uninstall.exe,Pending,No Action Required,2/3/2016 11:41:52 PM,Norton Security Suite,Sample Submission: uninstall.exe,CSIDL_PROGRAM_FILES\teamviewer\uninstall.exe
2/3/2016 11:41:46 PM,Info,Statistical Submission: uninstall.exe,Pending,No Action Required,2/3/2016 11:41:46 PM,Norton Security Suite,Statistical Submission: uninstall.exe,"CSIDL_PROGRAM_FILES\teamviewer\uninstall.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 EE C5 8A 8D 02 04 00 ................  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 A0 BD F8 46 1A 04 .............F..  <br>9C 7E 8E 47 22 08 C9 D2 83 B0 C7 37 D1 01 2A 08 .~.G\"......7..*.  <br>78 CA 87 B0 C7 37 D1 01 32 6D 01 7E FF FF FF 7F x....7..2m.~....  <br>FF FF FF 80 FF FF FF 81 FA 1F 00 82 46 25 00 83 ............F%..  <br>FF FF FF 84 FF FF FF 85 F1 36 00 86 FF FF FF 87 .........6......  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>E9 4C 00 8C FF FF FF 8D FF FF FF 8E 00 00 00 8F .L..............  <br>0A 66 00 90 29 6B 00 91 4F 70 00 92 FF FF FF 93 .f..)k..Op......  <br>90 0C 00 94 A0 79 00 95 E7 83 00 96 DB BF 00 97 .....y..........  <br>75 E2 00 98 AA FF 00                            u......           <br>"
2/3/2016 11:41:43 PM,Info,Sample Submission: SmartSwitchPDLR.exe,Pending,No Action Required,2/3/2016 11:41:43 PM,Norton Security Suite,Sample Submission: SmartSwitchPDLR.exe,CSIDL_PROGRAM_FILES\samsung\smart switch pc\smartswitchpdlr.exe
2/3/2016 11:41:36 PM,Info,Statistical Submission: SmartSwitchPDLR.exe,Pending,No Action Required,2/3/2016 11:41:36 PM,Norton Security Suite,Statistical Submission: SmartSwitchPDLR.exe,"CSIDL_PROGRAM_FILES\samsung\smart switch pc\smartswitchpdlr.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 05 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 00 DA AB 9A 01 03 00 ................  <br>01 AA 00 02 04 00 2B A6 00 00 04 03 00 00 C8 19 ......+.........  <br>03 06 00 01 02 04 00 00 00 06 91 00 08 01 12 04 ................  <br>EB 1E 4F 47 1A 04 EB 1E 4F 47 22 08 86 F7 28 7F ..OG....OG\"...(.  <br>18 44 D1 01 2A 08 E6 58 2B 7F 18 44 D1 01 32 6D .D..*..X+..D..2m  <br>01 7E D6 04 00 7F FF FF FF 80 16 12 00 81 86 22 .~.............\"  <br>00 82 AF 23 00 83 4E 2F 00 84 FF FF FF 85 02 39 ...#..N/.......9  <br>00 86 38 3C 00 87 1D 3E 00 88 79 42 00 89 F5 44 ..8<...>..yB...D  <br>00 8A 82 48 00 8B FF FF FF 8C 8C 51 00 8D 7E 57 ...H.......Q..~W  <br>00 8E 25 5B 00 8F 83 66 00 90 1B 6A 00 91 FF FF ..%[...f...j....  <br>FF 92 BB 01 00 93 5B 0B 00 94 6F 78 00 95 07 83 ......[...ox....  <br>00 96 C9 B8 00 97 FF FF FF 98 F8 FB 00          .............     <br>"
2/3/2016 11:41:35 PM,Info,Sample Submission: AdminDelegator_SmartSwitch.exe,Pending,No Action Required,2/3/2016 11:41:35 PM,Norton Security Suite,Sample Submission: AdminDelegator_SmartSwitch.exe,CSIDL_PROGRAM_FILES\samsung\smart switch pc\admindelegator_smartswitch.exe
2/3/2016 11:41:28 PM,Info,Statistical Submission: AdminDelegator_SmartSwitch.exe,Pending,No Action Required,2/3/2016 11:41:28 PM,Norton Security Suite,Statistical Submission: AdminDelegator_SmartSwitch.exe,"CSIDL_PROGRAM_FILES\samsung\smart switch pc\admindelegator_smartswitch.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 05 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 F1 FD 6D 24 01 03 00 ...........m$...  <br>01 AB 00 02 04 00 2B A6 00 00 04 03 00 00 C8 19 ......+.........  <br>03 06 00 01 02 04 00 00 00 06 91 00 08 01 12 04 ................  <br>EA 1E 4F 47 1A 04 EA 1E 4F 47 22 08 6C 73 44 7E ..OG....OG\".lsD~  <br>18 44 D1 01 2A 08 6C 73 44 7E 18 44 D1 01 32 6D .D..*.lsD~.D..2m  <br>01 7E D6 04 00 7F A3 0C 00 80 16 12 00 81 8D 22 .~.............\"  <br>00 82 AF 23 00 83 4E 2F 00 84 FF FF FF 85 02 39 ...#..N/.......9  <br>00 86 FF FF FF 87 FF FF FF 88 79 42 00 89 F5 44 ..........yB...D  <br>00 8A FF FF FF 8B FF FF FF 8C 8E 51 00 8D FD 56 ...........Q...V  <br>00 8E 99 5B 00 8F 83 66 00 90 FF FF FF 91 E7 71 ...[...f.......q  <br>00 92 A0 01 00 93 5B 0B 00 94 2C 7B 00 95 07 83 ......[...,{....  <br>00 96 C9 B8 00 97 FF FF FF 98 08 FC 00          .............     <br>"
2/3/2016 11:41:27 PM,Info,Sample Submission: 48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe,Pending,No Action Required,2/3/2016 11:41:27 PM,Norton Security Suite,Sample Submission: 48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe,CSIDL_PROGRAM_FILES\google\update\download\{4dc8b4ca-1bda-483e-b5fa-d3c12e15b62d}\48.0.2564.97\48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe
2/3/2016 11:41:14 PM,Info,Statistical Submission: 48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe,Pending,No Action Required,2/3/2016 11:41:14 PM,Norton Security Suite,Statistical Submission: 48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe,"CSIDL_PROGRAM_FILES\google\update\download\{4dc8b4ca-1bda-483e-b5fa-d3c12e15b62d}\48.0.2564.97\48.0.2564.97_47.0.2526.111_chrome_updater_3stage.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 9A 7B 45 0C 02 04 00 ..........{E....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 57 1C 3D 48 1A 04 ..........W.=H..  <br>40 5B 3B 48 22 08 CA CA AA FF 45 5A D1 01 2A 08 @[;H\".....EZ..*.  <br>91 9F AC FF 45 5A D1 01 32 6D 01 7E 8B 04 00 7F ....EZ..2m.~....  <br>0F 0C 00 80 A8 10 00 81 12 22 00 82 D2 24 00 83 .........\"...$..  <br>FF FF FF 84 FF FF FF 85 A2 36 00 86 FF FF FF 87 .........6......  <br>FF FF FF 88 FF FF FF 89 C2 44 00 8A FF FF FF 8B .........D......  <br>FF FF FF 8C 0C 4F 00 8D FF FF FF 8E 13 5A 00 8F .....O.......Z..  <br>42 68 00 90 FF FF FF 91 FF FF FF 92 AC 02 00 93 Bh..............  <br>4C 0B 00 94 AF 79 00 95 C8 80 00 96 AF BC 00 97 L....y..........  <br>48 DF 00 98 C7 FF 00                            H......           <br>"
2/3/2016 5:59:47 PM,Info,Sample Submission: TeamViewerQS_en-idcsgfpsb6.exe,Pending,No Action Required,2/3/2016 5:59:47 PM,Norton Security Suite,Sample Submission: TeamViewerQS_en-idcsgfpsb6.exe,CSIDL_PROFILE\downloads\teamviewerqs_en-idcsgfpsb6.exe
2/3/2016 5:59:41 PM,Info,Statistical Submission: TeamViewerQS_en-idcsgfpsb6.exe,Pending,No Action Required,2/3/2016 5:59:41 PM,Norton Security Suite,Statistical Submission: TeamViewerQS_en-idcsgfpsb6.exe,"CSIDL_PROFILE\downloads\teamviewerqs_en-idcsgfpsb6.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 B2 71 DF 7B 02 04 00 ..........q.{...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 5A 9F 45 47 1A 04 ..........Z.EG..  <br>5A 9F 45 47 22 08 3B 7E 28 3F A8 FF D0 01 2A 08 Z.EG\".;~(?....*.  <br>D6 81 CD 40 A8 FF D0 01 32 6D 01 7E FF FF FF 7F ...@....2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 FF FF FF 83 ................  <br>FF FF FF 84 63 34 00 85 FF FF FF 86 B3 3B 00 87 ....c4.......;..  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C 81 50 00 8D EC 55 00 8E FF FF FF 8F .....P...U......  <br>FF FF FF 90 89 6A 00 91 F8 71 00 92 F7 02 00 93 .....j...q......  <br>3B 0C 00 94 82 79 00 95 E7 83 00 96 95 BE 00 97 ;....y..........  <br>5A E4 00 98 29 FC 00                            Z...)..           <br>"
2/3/2016 5:59:38 PM,Info,Statistical Submission: EpsonReg.exe Exonerated,Pending,No Action Required,2/3/2016 5:59:38 PM,Norton Security Suite,Statistical Submission: EpsonReg.exe Exonerated,"common\epsonreg\epsonreg.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 E6 CC CF EC 04 03 00 ................  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 91 00 08 ................  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 6D 01 7E 06 06 00 7F FF FF FF 80 FF FF FF .2m.~...........  <br>81 E9 1F 00 82 AF 23 00 83 CF 30 00 84 FF FF FF ......#...0.....  <br>85 FF FF FF 86 B0 39 00 87 FF FF FF 88 75 41 00 ......9......uA.  <br>89 CE 44 00 8A FF FF FF 8B FF FF FF 8C FF FF FF ..D.............  <br>8D 6C 57 00 8E D6 5A 00 8F FF FF FF 90 FF FF FF .lW...Z.........  <br>91 46 70 00 92 8D 01 00 93 08 0B 00 94 68 7B 00 .Fp..........h{.  <br>95 15 83 00 96 C2 B8 00 97 FF FF FF 98 B8 FB 00 ................  <br>"
2/3/2016 5:59:36 PM,Info,Sample Submission: DropboxInstaller.exe,Pending,No Action Required,2/3/2016 5:59:36 PM,Norton Security Suite,Sample Submission: DropboxInstaller.exe,CSIDL_PROFILE\downloads\dropboxinstaller.exe
2/3/2016 5:59:29 PM,Info,Statistical Submission: DropboxInstaller.exe,Pending,No Action Required,2/3/2016 5:59:29 PM,Norton Security Suite,Statistical Submission: DropboxInstaller.exe,"CSIDL_PROFILE\downloads\dropboxinstaller.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 B8 99 15 CB 02 04 00 ................  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 C7 04 7B 47 1A 04 ............{G..  <br>C7 04 7B 47 22 08 65 22 9F E2 AB 28 D1 01 2A 08 ..{G\".e\"...(..*.  <br>0D ED E8 E2 AB 28 D1 01 32 6D 01 7E F5 04 00 7F .....(..2m.~....  <br>8C 0E 00 80 FF FF FF 81 ED 21 00 82 FF FF FF 83 .........!......  <br>FF FF FF 84 FF FF FF 85 FF FF FF 86 8B 3A 00 87 .............:..  <br>FF FF FF 88 93 42 00 89 FF FF FF 8A FF FF FF 8B .....B..........  <br>ED 4C 00 8C FF FF FF 8D FF FF FF 8E FF FF FF 8F .L..............  <br>FF FF FF 90 FF FF FF 91 FF FF FF 92 9B 04 00 93 ................  <br>86 0D 00 94 A8 7C 00 95 91 83 00 96 F6 BF 00 97 .....|..........  <br>50 E1 00 98 6A 00 01                            P...j..           <br>"
2/3/2016 5:59:27 PM,Info,Statistical Submission: lastpass_x64.exe Exonerated,Pending,No Action Required,2/3/2016 5:59:27 PM,Norton Security Suite,Statistical Submission: lastpass_x64.exe Exonerated,"CSIDL_PROFILE\downloads\lastpass_x64.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 2C 88 2B 30 04 03 00 .........,.+0...  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 91 00 08 ................  <br>01 12 04 64 BE 41 47 1A 04 7A BE 41 47 22 08 00 ...d.AG..z.AG\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 6D 01 7E FF FF FF 7F FF FF FF 80 E6 10 00 .2m.~...........  <br>81 FF FF FF 82 AF 23 00 83 FF FF FF 84 FF FF FF ......#.........  <br>85 EB 37 00 86 D6 39 00 87 FF FF FF 88 6E 40 00 ..7...9......n@.  <br>89 E6 44 00 8A FF FF FF 8B FF FF FF 8C 71 50 00 ..D..........qP.  <br>8D 7E 57 00 8E CD 5A 00 8F 6E 66 00 90 E8 69 00 .~W...Z..nf...i.  <br>91 FF FF FF 92 B1 01 00 93 C4 0A 00 94 69 78 00 .............ix.  <br>95 B3 80 00 96 D7 BA 00 97 22 E0 00 98 B8 FB 00 .........\"......  <br>"
2/3/2016 5:59:25 PM,Info,Sample Submission: Shockwave_Installer_Slim.exe,Pending,No Action Required,2/3/2016 5:59:25 PM,Norton Security Suite,Sample Submission: Shockwave_Installer_Slim.exe,CSIDL_PROFILE\downloads\shockwave_installer_slim.exe
2/3/2016 5:59:10 PM,Info,Statistical Submission: Shockwave_Installer_Slim.exe,Pending,No Action Required,2/3/2016 5:59:10 PM,Norton Security Suite,Statistical Submission: Shockwave_Installer_Slim.exe,"CSIDL_PROFILE\downloads\shockwave_installer_slim.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 D7 30 A7 2F 02 04 00 ..........0./...  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 F1 0C 84 47 1A 04 .............G..  <br>F4 0C 84 47 22 08 F2 45 04 9D 34 2E D1 01 2A 08 ...G\"..E..4...*.  <br>B5 94 32 9E 34 2E D1 01 32 6D 01 7E FF FF FF 7F ..2.4...2m.~....  <br>FF FF FF 80 FF FF FF 81 FA 1F 00 82 FF FF FF 83 ................  <br>FF FF FF 84 63 34 00 85 FF FF FF 86 FF FF FF 87 ....c4..........  <br>FF FF FF 88 FF FF FF 89 FF FF FF 8A FF FF FF 8B ................  <br>FF FF FF 8C FF FF FF 8D EC 55 00 8E FF FF FF 8F .........U......  <br>FF FF FF 90 89 6A 00 91 4F 70 00 92 F7 02 00 93 .....j..Op......  <br>3B 0E 00 94 9A 79 00 95 E7 83 00 96 95 BE 00 97 ;....y..........  <br>9C E2 00 98 2A FC 00                            ....*..           <br>"
2/3/2016 5:48:36 PM,Info,Statistical Submission: Trojan.Mdropper,Pending,No Action Required,2/3/2016 5:48:36 PM,Norton Security Suite,Statistical Submission: Trojan.Mdropper,"CSIDL_WINDOWS\temp\nav8f8e.tmpDetection Digest:  <br>03 00 EA AF 19 01 01 04 00 DB 34 D8 9D A4 C5 C9 ..........4.....  <br>FE C6 22 5F A3 1C 28 13 D7 00 00 00 00 00 00 00 ..\"_..(.........  <br>00 00 00 00 00 00 00 00 00 D7 41 5F 8F 04 03 00 ..........A_....  <br>00 C8 19 03 06 00 01 02 04 0E 02 00 05 4B 00 5C .............K.\  <br>44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 Device\HarddiskV  <br>6F 6C 75 6D 65 32 5C 50 72 6F 67 72 61 6D 20 46 olume2\Program F  <br>69 6C 65 73 5C 4D 69 63 72 6F 73 6F 66 74 20 53 iles\Microsoft S  <br>65 63 75 72 69 74 79 20 43 6C 69 65 6E 74 5C 4D ecurity Client\M  <br>73 4D 70 45 6E 67 2E 65 78 65 06 22 00 08 01 12 sMpEng.exe.\"....  <br>04 44 0D 44 48 1A 04 8A 0D 44 48 22 08 00 00 00 .D.DH....DH\"....  <br>00 00 00 00 00 2A 08 00 00 00 00 00 00 00 00    .....*.........   <br>"
2/3/2016 5:46:05 PM,Info,Statistical Submission: OfficeIns.exe Exonerated,Pending,No Action Required,2/3/2016 5:46:05 PM,Norton Security Suite,Statistical Submission: OfficeIns.exe Exonerated,"officeins.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 DF CB 11 E1 01 03 00 ................  <br>01 AB 00 04 03 00 00 C8 19 03 06 00 01 02 04 00 ................  <br>00 00 06 91 00 08 01 12 04 00 00 00 00 1A 04 00 ................  <br>00 00 00 22 08 00 00 00 00 00 00 00 00 2A 08 00 ...\".........*..  <br>00 00 00 00 00 00 00 32 6D 01 7E 65 06 00 7F C5 .......2m.~e....  <br>0E 00 80 91 10 00 81 35 21 00 82 64 25 00 83 C5 .......5!..d%...  <br>30 00 84 91 35 00 85 E3 38 00 86 34 3B 00 87 22 0...5...8..4;..\"  <br>3E 00 88 9F 41 00 89 FF FF FF 8A 43 49 00 8B FF >...A......CI...  <br>FF FF 8C FF FF FF 8D 5A 57 00 8E 6F 5B 00 8F 5E .......ZW..o[..^  <br>66 00 90 6A 6B 00 91 B1 71 00 92 B8 01 00 93 F9 f..jk...q.......  <br>0A 00 94 67 7B 00 95 97 85 00 96 D2 BA 00 97 B0 ...g{...........  <br>DF 00 98 DD FB 00                               ......            <br>"
2/3/2016 5:42:09 PM,Info,Statistical Submission: Trojan.Mdropper,Pending,No Action Required,2/3/2016 5:42:09 PM,Norton Security Suite,Statistical Submission: Trojan.Mdropper,"revised purchase order no. 16pam6440.doc  <br>Detection Digest:  <br>03 00 EA AF 19 01 01 03 00 DB 34 D8 9D A4 C5 C9 ..........4.....  <br>FE C6 22 5F A3 1C 28 13 D7 00 00 00 00 00 00 00 ..\"_..(.........  <br>00 00 00 00 00 00 00 00 00 D7 41 5F 8F 04 03 00 ..........A_....  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 22 00 08 .............\"..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00                                              .                 <br>"
2/3/2016 5:40:44 PM,Info,Statistical Submission: JS.Downloader,Pending,No Action Required,2/3/2016 5:40:44 PM,Norton Security Suite,Statistical Submission: JS.Downloader,"invoice_copy_bd2e45i62a129s.js  <br>Detection Digest:  <br>03 00 EA AF 19 01 01 03 00 46 2E BE 33 64 92 2B .........F..3d.+  <br>24 C2 09 FD 0E 04 30 00 C3 00 00 00 00 00 00 00 $.....0.........  <br>00 00 00 00 00 00 00 00 00 DE A8 56 64 04 03 00 ...........Vd...  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 22 00 08 .............\"..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00                                              .                 <br>"
2/3/2016 5:39:09 PM,Info,Statistical Submission: JS.Downloader,Pending,No Action Required,2/3/2016 5:39:09 PM,Norton Security Suite,Statistical Submission: JS.Downloader,"invoice_main_bd3847636213.js  <br>Detection Digest:  <br>03 00 EA AF 19 01 01 03 00 01 E0 1A D6 CC 23 CB ..............#.  <br>62 F0 8D CB 5C F7 1D A2 60 00 00 00 00 00 00 00 b...\...`.......  <br>00 00 00 00 00 00 00 00 00 72 29 2B 12 04 03 00 .........r)+....  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 22 00 08 .............\"..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00                                              .                 <br>"
2/3/2016 5:31:19 PM,Info,Sample Submission: SETUP.EXE,Pending,No Action Required,2/3/2016 5:31:19 PM,Norton Security Suite,Sample Submission: SETUP.EXE,CSIDL_SYSTEM_DRIVE\swtools\drivers\commutil\setup.exe
2/3/2016 5:31:03 PM,Info,Statistical Submission: SETUP.EXE,Pending,No Action Required,2/3/2016 5:31:03 PM,Norton Security Suite,Statistical Submission: SETUP.EXE,"CSIDL_SYSTEM_DRIVE\swtools\drivers\commutil\setup.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 39 22 6A 7F 02 04 00 .........9\"j....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 D7 32 8E 3E 1A 04 ...........2.>..  <br>E2 39 2E 3E 22 08 00 00 00 00 00 00 00 00 2A 08 .9.>\".........*.  <br>00 00 00 00 00 00 00 00 32 6D 01 7E EC 04 00 7F ........2m.~....  <br>FF FF FF 80 FF FF FF 81 FF FF FF 82 FF FF FF 83 ................  <br>FF FF FF 84 B8 33 00 85 CA 37 00 86 99 3B 00 87 .....3...7...;..  <br>38 3E 00 88 FF FF FF 89 40 45 00 8A A2 48 00 8B 8>......@E...H..  <br>E3 4B 00 8C FF FF FF 8D F3 55 00 8E 58 5B 00 8F .K.......U..X[..  <br>83 66 00 90 FF FF FF 91 FF FF FF 92 71 04 00 93 .f..........q...  <br>4C 0B 00 94 42 7B 00 95 07 83 00 96 74 BC 00 97 L...B{......t...  <br>52 E0 00 98 4A FC 00                            R...J..           <br>"
2/3/2016 5:29:44 PM,Info,Statistical Submission: Suspicious.Cloud.9 Exonerated,Pending,No Action Required,2/3/2016 5:29:44 PM,Norton Security Suite,Statistical Submission: Suspicious.Cloud.9 Exonerated,"_688ce06a60eef252f05737b5e20025b0  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 AA 62 A7 82 04 03 00 ..........b.....  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 91 00 08 ................  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 6D 01 7E FF FF FF 7F 8E 0C 00 80 F0 11 00 .2m.~...........  <br>81 FF FF FF 82 C3 23 00 83 1A 30 00 84 DD 33 00 ......#...0...3.  <br>85 E2 37 00 86 FF FF FF 87 D6 3D 00 88 58 41 00 ..7.......=..XA.  <br>89 17 44 00 8A FF FF FF 8B B0 4B 00 8C 21 50 00 ..D.......K..!P.  <br>8D FF FF FF 8E DD 5C 00 8F FF FF FF 90 EB 69 00 ......\.......i.  <br>91 FF FF FF 92 AB 01 00 93 29 09 00 94 7A 78 00 .........)...zx.  <br>95 B3 80 00 96 96 B8 00 97 FF FF FF 98 FA FB 00 ................  <br>"
2/3/2016 5:29:42 PM,Info,Statistical Submission: Suspicious.Cloud.7.L Exonerated,Pending,No Action Required,2/3/2016 5:29:42 PM,Norton Security Suite,Statistical Submission: Suspicious.Cloud.7.L Exonerated,"_7d5fb39dc28bfa3c6ea3d82d24bc6c7a  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 20 96 4F B6 04 03 00 ......... .O....  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 25 00 08 .............%..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 01 01                                     .2..              <br>"
2/3/2016 5:29:41 PM,Info,Statistical Submission: Suspicious.Cloud.7.L Exonerated,Pending,No Action Required,2/3/2016 5:29:41 PM,Norton Security Suite,Statistical Submission: Suspicious.Cloud.7.L Exonerated,"_2aa2e98072fdf505485023d3d1b52bfd  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 05 65 80 72 04 03 00 ..........e.r...  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 25 00 08 .............%..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 01 01                                     .2..              <br>"
2/3/2016 5:29:37 PM,Info,Statistical Submission: Suspicious.Cloud.7.L Exonerated,Pending,No Action Required,2/3/2016 5:29:37 PM,Norton Security Suite,Statistical Submission: Suspicious.Cloud.7.L Exonerated,"_5027f32079cc88372fa1f46307347adc  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 99 9A 98 C6 04 03 00 ................  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 25 00 08 .............%..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 01 01                                     .2..              <br>"
2/3/2016 5:29:36 PM,Info,Statistical Submission: Suspicious.Cloud.7.L Exonerated,Pending,No Action Required,2/3/2016 5:29:36 PM,Norton Security Suite,Statistical Submission: Suspicious.Cloud.7.L Exonerated,"_75e171fcd863ddea5ec6ad5b0b3d642e  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 23 50 60 C6 04 03 00 .........#P`....  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 25 00 08 .............%..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 01 01                                     .2..              <br>"
2/3/2016 5:28:41 PM,Info,Statistical Submission: SAPE.Heur.8E3C7 Exonerated,Pending,No Action Required,2/3/2016 5:28:41 PM,Norton Security Suite,Statistical Submission: SAPE.Heur.8E3C7 Exonerated,"_76d498dd2fd5e9e617d1719b103dcee5  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 69 EA 73 8A 04 03 00 .........i.s....  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 25 00 08 .............%..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 01 01                                     .2..              <br>"
2/3/2016 5:28:40 PM,Info,Statistical Submission: Suspicious.Cloud.9 Exonerated,Pending,No Action Required,2/3/2016 5:28:40 PM,Norton Security Suite,Statistical Submission: Suspicious.Cloud.9 Exonerated,"_04bdbb879a55152f3917117a77dd7ac2  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 BB 55 0D 23 04 03 00 ..........U.#...  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 91 00 08 ................  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 6D 01 7E 87 06 00 7F 1D 0C 00 80 25 11 00 .2m.~........%..  <br>81 D2 1F 00 82 76 23 00 83 04 2F 00 84 FF FF FF .....v#.../.....  <br>85 01 36 00 86 52 3A 00 87 FF FF FF 88 2F 40 00 ..6..R:....../@.  <br>89 4C 44 00 8A 01 48 00 8B 18 4D 00 8C CC 4E 00 .LD...H...M...N.  <br>8D CB 55 00 8E EC 59 00 8F E1 65 00 90 43 69 00 ..U...Y...e..Ci.  <br>91 1F 70 00 92 7F 00 00 93 5C 09 00 94 52 77 00 ..p......\...Rw.  <br>95 FF FF FF 96 71 B8 00 97 FD DD 00 98 97 FC 00 .....q..........  <br>"
2/3/2016 5:28:34 PM,Info,Statistical Submission: Suspicious.Cloud.7.L Exonerated,Pending,No Action Required,2/3/2016 5:28:34 PM,Norton Security Suite,Statistical Submission: Suspicious.Cloud.7.L Exonerated,"_3abdc4de582f1f34253605796c8a0e2c  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 03 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 63 77 6C 4F 04 03 00 .........cwlO...  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 25 00 08 .............%..  <br>01 12 04 00 00 00 00 1A 04 00 00 00 00 22 08 00 .............\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00 32 01 01                                     .2..              <br>"
2/3/2016 5:28:11 PM,Info,Statistical Submission: FSDUI_N360.exe,Pending,No Action Required,2/3/2016 5:28:11 PM,Norton Security Suite,Statistical Submission: FSDUI_N360.exe,"CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\fsdstore\fsdui_n360.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 13 71 49 A2 02 04 00 ..........qI....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 4C B7 85 47 1A 04 ..........L..G..  <br>01 B8 73 47 22 08 28 45 B6 71 B0 2F D1 01 2A 08 ..sG\".(E.q./..*.  <br>ED FF 09 5B CC 49 D1 01 32 6D 01 7E FF FF FF 7F ...[.I..2m.~....  <br>FF FF FF 80 A0 10 00 81 37 21 00 82 AF 23 00 83 ........7!...#..  <br>4E 2F 00 84 FF FF FF 85 1E 36 00 86 35 3B 00 87 N/.......6..5;..  <br>FF FF FF 88 6D 41 00 89 18 45 00 8A 87 48 00 8B ....mA...E...H..  <br>FF FF FF 8C 71 50 00 8D E8 56 00 8E 41 5B 00 8F ....qP...V..A[..  <br>83 66 00 90 FF FF FF 91 FF FF FF 92 AB 01 00 93 .f..............  <br>FF FF FF 94 43 77 00 95 A0 80 00 96 C9 B8 00 97 ....Cw..........  <br>E5 DD 00 98 CA FB 00                            .......           <br>"
2/3/2016 5:28:11 PM,Info,Statistical Submission: FSDUI.exe,Pending,No Action Required,2/3/2016 5:28:11 PM,Norton Security Suite,Statistical Submission: FSDUI.exe,"CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\stage\fsdui.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 13 71 49 A2 02 04 00 ..........qI....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 C3 2E 87 47 1A 04 .............G..  <br>01 B8 73 47 22 08 31 FB 55 AE B3 30 D1 01 2A 08 ..sG\".1.U..0..*.  <br>E7 CA 9A B2 DC 5E D1 01 32 6D 01 7E FF FF FF 7F .....^..2m.~....  <br>FF FF FF 80 A0 10 00 81 37 21 00 82 AF 23 00 83 ........7!...#..  <br>4E 2F 00 84 FF FF FF 85 1E 36 00 86 35 3B 00 87 N/.......6..5;..  <br>FF FF FF 88 6D 41 00 89 18 45 00 8A 87 48 00 8B ....mA...E...H..  <br>FF FF FF 8C 71 50 00 8D E8 56 00 8E 41 5B 00 8F ....qP...V..A[..  <br>83 66 00 90 FF FF FF 91 FF FF FF 92 AB 01 00 93 .f..............  <br>FF FF FF 94 43 77 00 95 A0 80 00 96 C9 B8 00 97 ....Cw..........  <br>E5 DD 00 98 CA FB 00                            .......           <br>"
2/3/2016 5:28:11 PM,Info,Statistical Submission: FSDUI.exe,Pending,No Action Required,2/3/2016 5:28:11 PM,Norton Security Suite,Statistical Submission: FSDUI.exe,"CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_22.5.2.15\remediation\fsdstore\fsdui.exe  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 04 00 00 00 00 00 00 00 00 ................  <br>00 00 00 00 00 00 00 00 00 13 71 49 A2 02 04 00 ..........qI....  <br>2B A6 00 00 04 03 00 00 C8 19 03 06 00 01 02 04 +...............  <br>00 00 00 06 91 00 08 01 12 04 4C B7 85 47 1A 04 ..........L..G..  <br>01 B8 73 47 22 08 28 45 B6 71 B0 2F D1 01 2A 08 ..sG\".(E.q./..*.  <br>8D 9E 07 5B CC 49 D1 01 32 6D 01 7E FF FF FF 7F ...[.I..2m.~....  <br>FF FF FF 80 A0 10 00 81 37 21 00 82 AF 23 00 83 ........7!...#..  <br>4E 2F 00 84 FF FF FF 85 1E 36 00 86 35 3B 00 87 N/.......6..5;..  <br>FF FF FF 88 6D 41 00 89 18 45 00 8A 87 48 00 8B ....mA...E...H..  <br>FF FF FF 8C 71 50 00 8D E8 56 00 8E 41 5B 00 8F ....qP...V..A[..  <br>83 66 00 90 FF FF FF 91 FF FF FF 92 AB 01 00 93 .f..............  <br>FF FF FF 94 43 77 00 95 A0 80 00 96 C9 B8 00 97 ....Cw..........  <br>E5 DD 00 98 CA FB 00                            .......           <br>"


Category: File Cleanup
Date & Time,Risk,Activity,Status,Recommended Action,Category,Result,Space Cleaned
2/5/2016 10:54:17 AM,Info,Windows Temporary Files,Succeeded,No Action Required,Tuneup,Fixed: 37,7 MB
2/5/2016 10:53:57 AM,Info,Internet Explorer Temporary Files,Succeeded,No Action Required,Tuneup,Fixed: 2,


Category: Disk Optimization
Date & Time,Risk,Activity,Status,Recommended Action,Category,Result,Details
2/3/2016 12:04:43 AM,Info,Disk Optimization,Succeeded,No Action Required,Tuneup,No problems detected.,"System Reserved Drive:  Optimization not required, current disk fragmentation is 1%., Drive E:  Optimization not required, current disk fragmentation is 0%."
2/2/2016 11:54:06 PM,Info,Disk Optimization,Canceled,No Action Required,Tuneup,,"System Reserved Drive:  Optimization not required, current disk fragmentation is 1%., Drive E:  Canceled."
2/2/2016 4:53:40 AM,Info,Optimizer,Succeeded,No Action Required,Tuneup,No problems detected.,No drives require optimization.
2/2/2016 4:53:40 AM,Info,Optimizer,Error,No Action Required,Tuneup,,

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users