Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Experiencing black screen virus and new to FRST


  • This topic is locked This topic is locked
7 replies to this topic

#1 schnitzl

schnitzl

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 07 February 2016 - 02:37 AM

Hi!

 

About a week ago, my desktop booted into a black screen with a cursor. Thinking it was a hardware issue (oh, so naive), I hurriedly copied many files related to my ongoing thesis onto my laptop. I see now that was a terrible idea. Today, my laptop started booting into a black screen with a cursor...

 

It still boots into Safe Mode. I can also use the command prompt from the Windows recovery environment. I have downloaded and scanned with FRST, but I can't make heads or tails of the output.

 

I'm scrambling to finish my thesis, so this is a frustrating development, for sure! I am wondering if I should just buy a new laptop - but perhaps I risk infecting it, too. Any advice would be greatly appreciated, especially regarding interpreting the FRST output.

 

Thanks!


Edited by hamluis, 07 February 2016 - 06:52 AM.
Moved from AV/AM Software to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:52 AM

Posted 07 February 2016 - 09:09 AM

Hi schnitzl,
 
I deleted the posts above since I moved the topic into the logs section.
 
Please open the FRST.txt and Addition.txt text documents, and copy and paste the content of them into your next reply.

If you do not have an internet connection on the infected computer, copy the logs via a USB drive onto a clean computer and then copy the content into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 schnitzl

schnitzl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 07 February 2016 - 06:32 PM

Hi xXToffeeXx,

 

Thanks so much for your reply!

 

Today I was able to boot normally, following some arbitrary fiddling with FRST. (I replaced the file services.exe.) But that is a complete fluke on my part, so I am definitely concerned that something is still wrong.

 

I re-ran FRST, but I don't see how to generate the Addition.txt file. I have copied the FRST.txt file below.

 

Again, thanks so much for your time. I'm grateful to you and this community for being here to help.

 

schnitzl

 

--

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by SYSTEM on MININT-45B6S3R (07-02-2016 16:13:51)
Running from g:\
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6734528 2015-06-05] (SoftPerfect Research)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-01] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-15] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [NI Update Service] => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [857888 2013-05-28] (National Instruments)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2586696 2016-01-26] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-12-15] (Adobe Systems Incorporated)
HKU\user\...\Run: [FreeRAM XP] => C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [1591808 2006-03-22] (YourWare Solutions ™)
HKU\user\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\user\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-17] (Skype Technologies S.A.)
HKU\user\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-04]
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-10] ()
S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [19552 2015-12-14] (Olof Lagerkvist)
S2 LkCitadelServer; C:\windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
S2 lkClassAds; C:\windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
S2 lkTimeSync; C:\windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
S2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
S2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [176512 2013-06-19] (National Instruments Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
S2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
S2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
S2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-01] (Synaptics Incorporated)
S2 vToolbarUpdater19.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.2.0\ToolbarUpdater.exe [1875528 2016-01-26] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-13] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [217824 2013-03-21] (AppEx Networks Corporation)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S2 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21048 2015-12-14] (Olof Lagerkvist)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2016-01-25] (Symantec Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-11-11] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\IPSDefs\20160205.001\IDSvia64.sys [767224 2016-02-05] (Symantec Corporation)
S2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [48704 2015-12-14] (Olof Lagerkvist)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160207.001\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160207.001\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
S1 networx; C:\Windows\System32\drivers\networx.sys [69608 2015-05-19] (NetFilterSDK.com)
S2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [42184 2015-09-01] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-11-11] (Symantec Corporation)
S0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-11-11] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-02-07] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-11-11] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-07 15:11 - 2016-02-07 15:11 - 00016148 _____ C:\Windows\System32\TOSHIBA_user_HistoryPrediction.bin
2016-02-07 15:05 - 2016-02-07 15:05 - 00122812 _____ C:\Windows\ntbtlog.txt
2016-02-07 14:52 - 2016-02-07 14:52 - 00001204 _____ C:\Users\user\Documents\cc_20160207_155201.reg
2016-02-07 14:51 - 2016-02-07 14:51 - 00070126 _____ C:\Users\user\Documents\cc_20160207_155132.reg
2016-02-07 10:42 - 2016-02-07 15:01 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-02-07 10:39 - 2016-02-07 10:39 - 00111344 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2016-02-07 10:39 - 2016-02-07 10:39 - 00008214 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2016-02-07 10:39 - 2016-02-07 10:39 - 00003404 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-02-07 10:39 - 2016-02-07 10:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-02-07 10:38 - 2016-02-07 10:38 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2016-02-07 10:38 - 2016-02-07 10:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-02-07 10:33 - 2016-02-07 10:33 - 01110728 _____ (Symantec Corporation) C:\Users\user\Downloads\NortonNISDownloader.exe
2016-02-07 10:33 - 2016-02-07 10:33 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-02-07 09:43 - 2016-02-07 09:43 - 00104384 _____ C:\Users\user\Documents\cc_20160207_104335.reg
2016-02-07 09:32 - 2016-02-07 09:34 - 00000000 ____D C:\Users\user\Desktop\Research
2016-02-07 02:03 - 2016-02-07 02:03 - 00588801 _____ C:\Users\user\AppData\Local\census.cache
2016-02-07 02:01 - 2016-02-07 02:01 - 00391903 _____ C:\Users\user\AppData\Local\ars.cache
2016-02-07 01:32 - 2016-02-07 01:32 - 00000036 _____ C:\Users\user\AppData\Local\housecall.guid.cache
2016-02-07 01:30 - 2016-02-07 01:30 - 00005654 _____ C:\Users\user\Documents\cc_20160207_023045.reg
2016-02-07 01:29 - 2016-02-07 01:29 - 00242952 _____ C:\Users\user\Documents\cc_20160207_022936.reg
2016-02-06 23:46 - 2016-02-07 00:47 - 00000000 ____D C:\FRST
2016-02-06 18:09 - 2016-02-07 00:49 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-02-06 18:08 - 2016-02-07 00:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-06 18:08 - 2016-02-06 18:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-06 18:08 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-02-06 18:08 - 2015-10-05 08:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2016-02-06 18:08 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-02-06 15:43 - 2016-02-06 18:00 - 00000519 _____ C:\Windows\System32\avgrep.txt
2016-02-06 15:39 - 2016-02-07 15:06 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-27 18:30 - 2016-02-05 00:20 - 00000033 _____ C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat
2016-01-27 18:30 - 2016-01-27 18:30 - 00003598 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-toshiba-user
2016-01-27 18:30 - 2016-01-27 18:30 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-27 18:25 - 2016-01-27 18:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-27 18:20 - 2016-01-27 18:20 - 00000000 ____D C:\Program Files\Adobe
2016-01-27 18:18 - 2016-02-07 15:00 - 00000000 ___RD C:\Users\user\Creative Cloud Files
2016-01-27 18:08 - 2016-01-27 18:09 - 00689344 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\CreativeCloudSet-Up.exe
2016-01-27 17:13 - 2016-01-27 17:14 - 00000000 ____D C:\Cambustion
2016-01-26 21:48 - 2016-01-26 21:48 - 00000000 ____D C:\ProgramData\Avg_Update_0116avz
2016-01-23 12:11 - 2016-01-23 12:11 - 02969817 _____ C:\Users\user\Downloads\SB16W3x.zip
2016-01-23 11:46 - 2015-12-14 15:20 - 00048704 _____ (Olof Lagerkvist) C:\Windows\System32\Drivers\imdisk.sys
2016-01-23 11:46 - 2015-12-14 15:20 - 00021048 _____ (Olof Lagerkvist) C:\Windows\System32\Drivers\awealloc.sys
2016-01-23 11:46 - 2015-12-14 15:19 - 00051304 _____ (Olof Lagerkvist) C:\Windows\SysWOW64\imdisk.exe
2016-01-23 11:46 - 2015-12-14 15:19 - 00051304 _____ (Olof Lagerkvist) C:\Windows\System32\imdisk.exe
2016-01-23 11:46 - 2015-12-14 15:19 - 00019552 _____ (Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
2016-01-23 11:46 - 2015-12-14 15:18 - 00119920 _____ (Olof Lagerkvist) C:\Windows\System32\imdisk.cpl
2016-01-23 11:46 - 2015-12-14 15:18 - 00108656 _____ (Olof Lagerkvist) C:\Windows\SysWOW64\imdisk.cpl
2016-01-23 11:46 - 2015-03-29 13:18 - 00001324 _____ C:\Windows\System32\uninstall_imdisk.cmd
2016-01-23 11:03 - 2016-01-23 11:03 - 00000000 ____D C:\Program Files (x86)\Monolith Productions
2016-01-23 11:02 - 2016-01-23 11:03 - 00051400 _____ C:\Users\user\Downloads\Install-NOLF.exe
2016-01-22 21:27 - 2016-01-22 21:27 - 00020480 _____ C:\Users\user\Downloads\Setup.exe
2016-01-22 13:24 - 2016-01-22 13:24 - 18446672 _____ (Microsoft Corporation) C:\Users\user\Downloads\MediaCreationTool.exe
2016-01-22 13:24 - 2016-01-22 13:24 - 00000000 ___HD C:\$Windows.~WS
2016-01-22 13:22 - 2016-01-22 13:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-22 13:21 - 2016-01-22 13:22 - 00867752 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\user\Downloads\rufus-2.6.exe
2016-01-21 10:10 - 2016-01-21 10:10 - 00180651 _____ C:\Users\user\Downloads\1mnexperiment.zip
2016-01-21 09:31 - 2016-01-21 09:31 - 00005451 _____ C:\Users\user\AppData\Local\recently-used.xbel
2016-01-18 09:41 - 2016-01-18 09:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-15 12:41 - 2011-09-30 02:58 - 01490656 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2016-01-15 12:41 - 2011-09-30 02:58 - 00708168 _____ (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2016-01-15 12:40 - 2016-01-15 12:40 - 00000000 ____D C:\Program Files\Ocean Optics
2016-01-15 12:31 - 2016-01-15 12:39 - 70263664 _____ (Ocean Optics, Inc.) C:\Users\user\Downloads\SpectraSuiteSetup_Windows64.exe
2016-01-14 13:11 - 2006-01-09 09:31 - 01340496 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6_32.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00924432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2016-01-14 13:11 - 2006-01-09 09:31 - 00579344 _____ (ComponentOne LLC) C:\Windows\SysWOW64\olch2d8.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00558672 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sb6ent.ocx
2016-01-14 13:11 - 2006-01-09 09:31 - 00329423 _____ C:\Windows\SysWOW64\Sbe6_000.hlp
2016-01-14 13:11 - 2006-01-09 09:31 - 00106496 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@ita.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00102400 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@ptb.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00102400 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@fra.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00102400 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@esp.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00098304 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@rus.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00098304 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@deu.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00094208 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@sve.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00094208 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@nor.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00081920 _____ (Polar Engineering and Consulting) C:\Windows\SysWOW64\Sbe6@jpn.dll
2016-01-14 13:11 - 2006-01-09 09:31 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2016-01-14 13:11 - 2006-01-09 09:31 - 00006539 _____ C:\Windows\SysWOW64\Sbe6_000.cnt
2016-01-14 13:10 - 2016-01-14 13:10 - 00000000 ____D C:\Users\user\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142060}
2016-01-14 13:10 - 2015-11-03 13:04 - 00191584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2016-01-14 13:10 - 2015-11-03 13:04 - 00191072 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2016-01-14 13:10 - 2015-11-03 13:04 - 00146432 _____ (Oracle Corporation) C:\Windows\SysWOW64\javacpl.cpl
2016-01-14 13:10 - 2006-01-09 09:33 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2016-01-14 13:10 - 2006-01-09 09:33 - 00017424 _____ (anchor chips) C:\Windows\ezusb.sys
2016-01-14 13:10 - 2006-01-09 09:33 - 00005413 _____ C:\Windows\OOIDRV.INI
2016-01-14 13:06 - 2016-01-14 13:09 - 21780865 _____ C:\Users\user\Downloads\OOIBase32setup.exe
2016-01-14 12:10 - 2016-01-14 12:10 - 48712830 _____ C:\Users\user\Downloads\USBProgrammer_Win32.exe
2016-01-14 12:04 - 2016-01-22 11:33 - 00000000 ____D C:\Users\user\userdir_v2-user
2016-01-14 12:03 - 2016-01-15 12:32 - 00000000 ____D C:\Program Files (x86)\Ocean Optics
2016-01-14 12:03 - 2006-01-09 09:33 - 00017424 _____ (anchor chips) C:\Windows\SysWOW64\Drivers\ezusb.sys
2016-01-14 12:01 - 2016-01-14 12:01 - 53431050 _____ C:\Users\user\Downloads\spectrasuitesetup_windows.exe
2016-01-13 13:50 - 2016-01-13 14:06 - 450862370 _____ C:\Users\user\Downloads\dfmod_2008.zip
2016-01-13 09:53 - 2016-01-13 10:01 - 06805440 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup513.exe
2016-01-13 09:00 - 2016-01-04 19:07 - 02463704 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2016-01-13 09:00 - 2016-01-04 19:07 - 00377592 _____ (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL
2016-01-13 09:00 - 2016-01-04 19:06 - 08022368 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2016-01-13 09:00 - 2016-01-04 19:06 - 01991120 _____ (Microsoft Corporation) C:\Windows\System32\WMVENCOD.DLL
2016-01-13 09:00 - 2016-01-04 19:06 - 01270104 _____ (Microsoft Corporation) C:\Windows\System32\mfnetsrc.dll
2016-01-13 09:00 - 2016-01-04 19:06 - 01063504 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2adec.dll
2016-01-13 09:00 - 2016-01-04 19:04 - 02824248 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2016-01-13 09:00 - 2016-01-04 19:04 - 02641928 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2016-01-13 09:00 - 2016-01-04 19:04 - 01150816 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2016-01-13 09:00 - 2016-01-04 19:04 - 00862056 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2016-01-13 09:00 - 2016-01-04 19:04 - 00787720 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOD.DLL
2016-01-13 09:00 - 2016-01-04 19:04 - 00779928 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2016-01-13 09:00 - 2016-01-04 19:04 - 00751992 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOE.DLL
2016-01-13 09:00 - 2016-01-04 19:04 - 00667856 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2016-01-13 09:00 - 2016-01-04 19:04 - 00233992 _____ (Microsoft Corporation) C:\Windows\System32\mftranscode.dll
2016-01-13 09:00 - 2016-01-04 19:04 - 00115704 _____ (Microsoft Corporation) C:\Windows\System32\VIDRESZR.DLL
2016-01-13 09:00 - 2016-01-04 19:04 - 00090912 _____ (Microsoft Corporation) C:\Windows\System32\devenum.dll
2016-01-13 09:00 - 2016-01-04 19:04 - 00083704 _____ (Microsoft Corporation) C:\Windows\System32\mfvdsp.dll
2016-01-13 09:00 - 2016-01-04 18:50 - 00345080 _____ (Microsoft Corporation) C:\Windows\System32\WMVSDECD.DLL
2016-01-13 09:00 - 2016-01-04 18:50 - 00205072 _____ (Microsoft Corporation) C:\Windows\System32\COLORCNV.DLL
2016-01-13 09:00 - 2016-01-04 18:30 - 02459096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 09:00 - 2016-01-04 18:30 - 02162064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 09:00 - 2016-01-04 18:30 - 01106872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 09:00 - 2016-01-04 18:30 - 00882208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 09:00 - 2016-01-04 18:30 - 00368776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 09:00 - 2016-01-04 18:28 - 00714808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 09:00 - 2016-01-04 18:28 - 00696192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 09:00 - 2016-01-04 18:28 - 00695752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 09:00 - 2016-01-04 18:28 - 00635312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 09:00 - 2016-01-04 18:28 - 00497896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 09:00 - 2016-01-04 18:28 - 00107952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 09:00 - 2016-01-04 18:28 - 00082096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 09:00 - 2016-01-04 18:28 - 00072808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 09:00 - 2016-01-04 18:18 - 21873152 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2016-01-13 09:00 - 2016-01-04 18:15 - 24592896 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2016-01-13 09:00 - 2016-01-04 18:15 - 00931328 _____ (Microsoft Corporation) C:\Windows\System32\MSMPEG2ENC.DLL
2016-01-13 09:00 - 2016-01-04 18:10 - 00305776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 09:00 - 2016-01-04 18:10 - 00188032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 09:00 - 2016-01-04 18:09 - 00205312 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2016-01-13 09:00 - 2016-01-04 18:02 - 01672192 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2016-01-13 09:00 - 2016-01-04 18:02 - 00678912 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2016-01-13 09:00 - 2016-01-04 17:57 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2016-01-13 09:00 - 2016-01-04 17:56 - 07523840 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2016-01-13 09:00 - 2016-01-04 17:51 - 01255936 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOE.DLL
2016-01-13 09:00 - 2016-01-04 17:51 - 01009664 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2016-01-13 09:00 - 2016-01-04 17:51 - 00634368 _____ (Microsoft Corporation) C:\Windows\System32\WMVXENCD.DLL
2016-01-13 09:00 - 2016-01-04 17:51 - 00463872 _____ (Microsoft Corporation) C:\Windows\System32\MFWMAAEC.DLL
2016-01-13 09:00 - 2016-01-04 17:51 - 00447488 _____ (Microsoft Corporation) C:\Windows\System32\WMVSENCD.DLL
2016-01-13 09:00 - 2016-01-04 17:43 - 19324928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 09:00 - 2016-01-04 17:42 - 00871936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 09:00 - 2016-01-04 17:32 - 01541632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 09:00 - 2016-01-04 17:32 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 09:00 - 2016-01-04 17:31 - 00563200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 09:00 - 2016-01-04 17:30 - 18802176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-01-13 09:00 - 2016-01-04 17:26 - 00373760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 09:00 - 2016-01-04 17:20 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 09:00 - 2016-01-04 17:19 - 01070080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 09:00 - 2016-01-04 17:19 - 00747008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 09:00 - 2016-01-04 17:19 - 00409088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 09:00 - 2016-01-04 17:19 - 00404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 08:59 - 2016-01-04 19:06 - 00119800 _____ (Microsoft Corporation) C:\Windows\System32\MP3DMOD.DLL
2016-01-13 08:59 - 2016-01-04 19:04 - 01591848 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2016-01-13 08:59 - 2016-01-04 19:04 - 00784136 _____ (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2016-01-13 08:59 - 2016-01-04 19:04 - 00772448 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2016-01-13 08:59 - 2016-01-04 19:04 - 00250520 _____ (Microsoft Corporation) C:\Windows\System32\MPG4DECD.DLL
2016-01-13 08:59 - 2016-01-04 19:04 - 00249464 _____ (Microsoft Corporation) C:\Windows\System32\RESAMPLEDMO.DLL
2016-01-13 08:59 - 2016-01-04 19:04 - 00243248 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2016-01-13 08:59 - 2016-01-04 18:59 - 00781976 _____ (Microsoft Corporation) C:\Windows\System32\mfds.dll
2016-01-13 08:59 - 2016-01-04 18:52 - 00441696 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2016-01-13 08:59 - 2016-01-04 18:50 - 01817064 _____ (Microsoft Corporation) C:\Windows\System32\WMALFXGFXDSP.dll
2016-01-13 08:59 - 2016-01-04 18:50 - 01083072 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2016-01-13 08:59 - 2016-01-04 18:50 - 00723648 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2016-01-13 08:59 - 2016-01-04 18:50 - 00251544 _____ (Microsoft Corporation) C:\Windows\System32\MP43DECD.DLL
2016-01-13 08:59 - 2016-01-04 18:31 - 01365576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 08:59 - 2016-01-04 18:30 - 02152744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 08:59 - 2016-01-04 18:30 - 00232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 08:59 - 2016-01-04 18:30 - 00100712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 08:59 - 2016-01-04 18:29 - 00208688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2016-01-13 08:59 - 2016-01-04 18:28 - 02445128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 08:59 - 2016-01-04 18:28 - 00645144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 08:59 - 2016-01-04 18:28 - 00277400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 08:59 - 2016-01-04 18:28 - 00116728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 08:59 - 2016-01-04 18:21 - 00658528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-01-13 08:59 - 2016-01-04 18:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\UserMgrProxy.dll
2016-01-13 08:59 - 2016-01-04 18:15 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\usermgrcli.dll
2016-01-13 08:59 - 2016-01-04 18:10 - 00539136 _____ (Microsoft Corporation) C:\Windows\System32\mfh264enc.dll
2016-01-13 08:59 - 2016-01-04 18:10 - 00278424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 08:59 - 2016-01-04 18:09 - 01234944 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2016-01-13 08:59 - 2016-01-04 18:02 - 00379392 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2016-01-13 08:59 - 2016-01-04 18:01 - 00305664 _____ (Microsoft Corporation) C:\Windows\System32\ksproxy.ax
2016-01-13 08:59 - 2016-01-04 18:00 - 00826880 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2016-01-13 08:59 - 2016-01-04 18:00 - 00771072 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2016-01-13 08:59 - 2016-01-04 17:59 - 00572928 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2016-01-13 08:59 - 2016-01-04 17:57 - 00712704 _____ (Microsoft Corporation) C:\Windows\System32\usermgr.dll
2016-01-13 08:59 - 2016-01-04 17:57 - 00578560 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2016-01-13 08:59 - 2016-01-04 17:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2016-01-13 08:59 - 2016-01-04 17:44 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usermgrcli.dll
2016-01-13 08:59 - 2016-01-04 17:38 - 00556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
2016-01-13 08:59 - 2016-01-04 17:31 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 08:59 - 2016-01-04 17:29 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 08:59 - 2016-01-04 17:29 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 08:59 - 2016-01-04 17:24 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-01-10 09:23 - 2016-01-10 09:33 - 00000000 ____D C:\Users\user\AppData\Local\Rats
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-07 15:11 - 2015-07-10 01:05 - 00262144 ___SH C:\Windows\System32\config\BBI
2016-02-07 15:04 - 2015-08-31 18:18 - 00065536 _____ C:\Windows\System32\spu_storage.bin
2016-02-07 15:03 - 2015-07-10 04:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-07 15:01 - 2015-08-31 18:26 - 00875126 _____ C:\Windows\System32\PerfStringBackup.INI
2016-02-07 15:01 - 2015-07-10 03:02 - 00000000 ____D C:\Windows\INF
2016-02-07 15:00 - 2014-07-25 10:56 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-02-07 15:00 - 2013-06-16 11:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-07 14:57 - 2015-12-15 12:32 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 14:53 - 2014-10-27 19:49 - 00000000 ____D C:\ProgramData\AVG2015
2016-02-07 14:53 - 2013-12-06 16:22 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-07 14:53 - 2013-12-06 16:20 - 00000000 ____D C:\ProgramData\MFAData
2016-02-07 14:50 - 2013-11-06 20:55 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-02-07 14:49 - 2013-11-06 20:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-07 14:48 - 2013-12-18 15:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-07 14:43 - 2015-12-15 12:32 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-07 14:27 - 2013-11-07 08:53 - 00000400 _____ C:\Windows\Tasks\WpsUpdateTask_user.job
2016-02-07 13:44 - 2015-07-10 01:05 - 00032768 ___SH C:\Windows\System32\config\ELAM
2016-02-07 13:37 - 2015-10-26 11:35 - 00004150 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{731E73BD-70D1-4644-8E8E-CF3506B43AAD}
2016-02-07 10:41 - 2013-06-16 11:08 - 00000000 ____D C:\ProgramData\Norton
2016-02-07 10:39 - 2015-07-10 03:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-07 10:38 - 2014-10-27 19:46 - 00000000 ____D C:\Users\user\AppData\Local\Avg2015
2016-02-07 10:37 - 2013-12-06 16:22 - 00000000 ___HD C:\$AVG
2016-02-07 10:35 - 2013-06-16 11:08 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-02-07 09:34 - 2014-02-18 17:03 - 00000000 ____D C:\Users\user\Documents\Finances and Maintenance
2016-02-07 09:25 - 2014-01-11 22:03 - 00000183 _____ C:\Windows\disney.ini
2016-02-07 09:25 - 2013-04-26 00:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-07 09:24 - 2013-11-06 18:30 - 00000000 ____D C:\Program Files (x86)\LucasArts
2016-02-07 09:04 - 2014-07-04 10:57 - 00000000 ____D C:\Hyper80
2016-02-07 09:04 - 2012-07-25 21:26 - 00000180 _____ C:\Windows\win.ini
2016-02-07 01:28 - 2015-08-31 19:47 - 00000000 ___DC C:\Windows\Panther
2016-02-07 01:28 - 2014-02-10 12:08 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2016-02-07 01:27 - 2014-01-10 20:31 - 00000000 ____D C:\Windows\Ubisoft
2016-02-07 00:10 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\AppReadiness
2016-02-07 00:03 - 2013-06-16 11:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-06 16:11 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\registration
2016-02-06 16:10 - 2015-07-10 03:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-04 22:30 - 2014-01-09 13:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Nitro PDF
2016-02-04 07:42 - 2014-02-18 17:04 - 00000000 ____D C:\Users\user\Documents\Family Projects
2016-02-02 13:42 - 2013-11-06 04:01 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-02-02 09:38 - 2015-12-15 12:32 - 00003980 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 09:38 - 2015-12-15 12:32 - 00003748 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 10:05 - 2014-09-02 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-28 17:49 - 2014-02-07 08:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-28 17:45 - 2015-07-10 04:20 - 00358168 _____ C:\Windows\System32\FNTCACHE.DAT
2016-01-27 20:09 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\System32\NDF
2016-01-27 18:31 - 2013-11-06 04:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2016-01-27 18:19 - 2013-04-26 00:46 - 00000000 ____D C:\ProgramData\Adobe
2016-01-27 18:13 - 2013-04-26 00:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-26 22:08 - 2015-10-31 01:42 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2016-01-26 22:08 - 2015-07-17 08:14 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2016-01-25 22:10 - 2013-11-27 21:12 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2016-01-23 13:54 - 2014-01-01 20:20 - 00000000 ____D C:\Users\user\AppData\Local\DOSBox
2016-01-22 13:22 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-01-22 13:22 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2016-01-21 10:07 - 2014-01-26 19:54 - 00000000 ____D C:\Users\user\.gimp-2.8
2016-01-18 09:46 - 2015-07-10 03:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-15 12:42 - 2013-12-03 13:24 - 00000000 ____D C:\Program Files\DIFX
2016-01-14 13:10 - 2014-11-13 09:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-14 12:08 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-13 13:23 - 2015-06-27 10:34 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 09:37 - 2014-01-29 17:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 09:37 - 2014-01-29 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 09:30 - 2015-07-10 02:55 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 09:16 - 2013-11-06 04:44 - 00000000 ____D C:\Windows\System32\MRT
2016-01-13 09:05 - 2015-08-31 17:53 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-13 09:05 - 2013-11-06 04:44 - 143671360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-01-13 07:36 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-13 02:31 - 2015-06-08 20:30 - 00038103 _____ C:\Windows\diagwrn.xml
2016-01-13 02:31 - 2015-06-08 20:30 - 00038103 _____ C:\Windows\diagerr.xml
2016-01-09 13:24 - 2015-08-06 16:50 - 00000000 ____D C:\Users\user\Documents\Outlook Files
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\user\AppData\Local\Temp\eauninstall.exe
C:\Users\user\AppData\Local\Temp\LOTR The Return of the King tm_uninst.exe
C:\Users\user\AppData\Local\Temp\rotk_uninst.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
[2015-07-10 02:59] - [2015-07-10 02:59] - 0435200 ____A (Microsoft Corporation) C:\Windows\System32\coml2.dll
[2015-07-10 03:00] - [2015-07-10 03:00] - 0339968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\coml2.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2016-01-13 08:59] - [2016-01-04 17:57] - 0578560 ____A (Microsoft Corporation) DA32F9BFA7851AD4247353EA03755DE6
 
C:\Windows\System32\wininit.exe
[2015-08-31 19:38] - [2015-08-31 19:38] - 0290312 ____A (Microsoft Corporation) 7718A2A9B2BFB2C8E2BAEB03310CA3FD
 
C:\Windows\explorer.exe
[2015-12-08 16:26] - [2015-11-24 21:42] - 4532304 ____A (Microsoft Corporation) D2EAEC106F183572317AF7D68E381063
 
C:\Windows\SysWOW64\explorer.exe
[2015-12-08 16:26] - [2015-11-24 21:12] - 4047288 ____A (Microsoft Corporation) 4EEB94F7E1ABAB5503EEFEA7F2394370
 
C:\Windows\System32\svchost.exe
[2015-07-10 02:59] - [2015-07-10 02:59] - 0039856 ____A (Microsoft Corporation) A1AEAFC58DF7803B8AA2B09EA93C722F
 
C:\Windows\SysWOW64\svchost.exe
[2015-07-10 03:00] - [2015-07-10 03:00] - 0035176 ____A (Microsoft Corporation) A412DEDAC6A1FF7BA06FEB3B6725495E
 
C:\Windows\System32\services.exe
[2015-07-10 03:00] - [2015-07-10 02:30] - 0446336 ____A (Microsoft Corporation) BB3D8E1C108F7244613FF3993291A922
 
C:\Windows\System32\User32.dll
[2015-12-08 16:26] - [2015-11-24 21:27] - 1366680 ____A (Microsoft Corporation) 7F380DC90B8A045A3F4835D196C35EEB
 
C:\Windows\SysWOW64\User32.dll
[2015-12-08 16:26] - [2015-11-24 21:09] - 1310880 ____A (Microsoft Corporation) 74C8E141400F3B4CE12EE0E657FD91C9
 
C:\Windows\System32\userinit.exe
[2015-07-10 03:00] - [2015-07-10 03:00] - 0030720 ____A (Microsoft Corporation) 5F6D4F12EA33BFC0F0F8CEEAC332AB2B
 
C:\Windows\SysWOW64\userinit.exe
[2015-07-10 03:00] - [2015-07-10 03:00] - 0026112 ____A (Microsoft Corporation) A89C18F5E6D8981D5E937B325290915A
 
C:\Windows\System32\rpcss.dll
[2015-07-10 02:59] - [2015-07-10 02:59] - 0873984 ____A (Microsoft Corporation) 5E57B9FBB4E9C43EE5B69BEE01A1819F
 
C:\Windows\System32\dnsapi.dll
[2015-07-10 03:00] - [2015-07-10 03:00] - 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-07-10 03:00] - [2015-07-10 03:00] - 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7
 
C:\Windows\System32\Drivers\volsnap.sys
[2015-07-10 02:59] - [2015-07-10 02:59] - 0378720 ____A (Microsoft Corporation) 823A237D871CD652C6BFD47BECB6810A
 
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2016-02-04 15:37
Restore point date: 2016-02-07 09:02
Restore point date: 2016-02-07 14:38
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 7363.26 MB
Available physical RAM: 6357.89 MB
Total Virtual: 7363.26 MB
Available Virtual: 6393.32 MB
 
==================== Drives ================================
 
Drive c: (TI80141400B) (Fixed) (Total:918.31 GB) (Free:677.96 GB) NTFS
Drive f: () (Fixed) (Total:0.81 GB) (Free:0.33 GB) NTFS
Drive g: (STORE N GO) (Removable) (Total:14.4 GB) (Free:14.37 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 13206370)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 14.4 GB) (Disk ID: 2688BC6C)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
 
 
LastRegBack: 2016-02-04 09:01
 
==================== End of FRST.txt ============================


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:52 AM

Posted 10 February 2016 - 03:53 PM

Hi schnitzl,
 
Looking at the md5 of your services.exe file, it has not been modified maliciously.
 
It would be a best to get a new log from normal mode to get more information :)
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 schnitzl

schnitzl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 14 February 2016 - 02:57 PM

Hi xXToffeeXx,

 

Thanks so much for your reply!

 

My computer has been running fine lately, so maybe nothing is seriously wrong, after all.

 

As you said, I ran FRST in normal mode, just to be sure. Below is the FRST.txt file, followed by the Addition.txt file.

 

Thanks again for your insight!

 

schnitzl

 

==================== Start of FRST.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by user (administrator) on TOSHIBA (14-02-2016 12:27:07)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Olof Lagerkvist) C:\WINDOWS\System32\imdsksvc.exe
(National Instruments Corporation) C:\WINDOWS\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\WINDOWS\System32\TODDSrv.exe
(National Instruments, Inc.) C:\WINDOWS\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\WINDOWS\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\WINDOWS\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coNatHst.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-01] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-16] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [NI Update Service] => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [857888 2013-05-28] (National Instruments)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-12-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\Run: [FreeRAM XP] => C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [1591808 2006-03-23] (YourWare Solutions ™)
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-01-29]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2136180477-3859961542-3535771316-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{8c8d4177-c53b-4d4c-bf8e-25b39983aa84}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{b86ed361-c448-4379-97b4-155707e5f8bd}: [DhcpNameServer] 64.59.184.15 64.59.190.245

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=22.5.5.15
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=22.5.5.15
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=22.5.5.15
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshiba.ca/welcome/?w=23
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshiba.ca/welcome/?w=23
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-29] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-29] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-03] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-03] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001 -> No Name - {48314482-2357-4CD5-A208-7045F95054CA} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\17ecdxxb.default-1400914764479
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://ualberta.ca/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-12-15] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll [2012-07-13] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2013-09-10] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2013-10-09] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-05-21] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\17ecdxxb.default-1400914764479\searchplugins\norton-safe-search.xml [2016-02-07]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-01-26]
FF Extension: United States English Spellchecker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\17ecdxxb.default-1400914764479\Extensions\en-US@dictionaries.addons.mozilla.org [2016-01-04]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\17ecdxxb.default-1400914764479\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.5.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.5.15\coFFAddon [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.5.15\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-08]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-08]
CHR Extension: (Norton Identity Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-07]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [19552 2015-12-14] (Olof Lagerkvist)
R2 LkCitadelServer; C:\windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [176512 2013-06-19] (National Instruments Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-17] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-13] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [217824 2013-03-21] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21048 2015-12-14] (Olof Lagerkvist)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2016-01-25] (Symantec Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-11-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\IPSDefs\20160213.001\IDSvia64.sys [767224 2016-02-13] (Symantec Corporation)
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [48704 2015-12-14] (Olof Lagerkvist)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160213.001\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160213.001\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [42184 2015-09-01] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-11-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-02-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-11-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 12:27 - 2016-02-14 12:27 - 00031561 _____ C:\Users\user\Desktop\FRST.txt
2016-02-14 12:26 - 2016-02-14 12:26 - 02370560 _____ (Farbar) C:\Users\user\Desktop\frst64.exe
2016-02-14 11:45 - 2016-02-14 11:45 - 00267776 _____ (CANON INC.) C:\WINDOWS\system32\CNBLM4.DLL
2016-02-14 11:29 - 2016-02-14 11:29 - 00044480 _____ C:\Users\user\Documents\cc_20160214_112909.reg
2016-02-14 11:18 - 2016-02-14 11:18 - 00016148 _____ C:\WINDOWS\system32\TOSHIBA_user_HistoryPrediction.bin
2016-02-11 11:05 - 2016-02-11 11:05 - 00965904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJT3032.DLL
2016-02-11 11:05 - 2016-02-11 11:05 - 00302352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWNG300.DLL
2016-02-11 11:05 - 2016-02-11 11:05 - 00250640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X32.DLL
2016-02-11 11:05 - 2016-02-11 11:05 - 00243984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR2232.DLL
2016-02-11 11:05 - 2016-02-11 11:05 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBCTL32.DLL
2016-02-11 11:05 - 2016-02-11 11:05 - 00059504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBDB32.DLL
2016-02-11 11:05 - 2016-02-11 11:05 - 00035600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT32.DLL
2016-02-11 11:05 - 2016-02-11 11:05 - 00023824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER32.DLL
2016-02-11 11:05 - 2016-02-11 11:05 - 00001104 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fgheven.LNK
2016-02-11 11:05 - 2016-02-11 11:05 - 00000000 ____D C:\Program Files (x86)\fgheven
2016-02-11 11:04 - 2016-02-11 11:04 - 03063690 _____ C:\Users\user\Downloads\fgh.zip
2016-02-10 11:15 - 2016-01-30 23:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 11:15 - 2016-01-30 23:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 11:15 - 2016-01-30 23:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 11:15 - 2016-01-30 23:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 11:15 - 2016-01-30 23:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 11:15 - 2016-01-30 23:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 11:15 - 2016-01-30 23:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 11:15 - 2016-01-30 23:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 11:15 - 2016-01-30 23:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 11:15 - 2016-01-30 23:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 11:15 - 2016-01-30 22:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 11:15 - 2016-01-30 22:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 11:15 - 2016-01-30 22:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 11:15 - 2016-01-30 22:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 11:15 - 2016-01-30 22:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 11:15 - 2016-01-30 22:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-10 11:15 - 2016-01-30 22:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 11:15 - 2016-01-30 22:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 11:15 - 2016-01-30 22:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 11:15 - 2016-01-30 22:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 11:15 - 2016-01-30 22:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-10 11:15 - 2016-01-30 22:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 11:15 - 2016-01-30 22:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 11:15 - 2016-01-30 22:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-10 11:15 - 2016-01-30 22:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-10 11:15 - 2016-01-30 22:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 11:15 - 2016-01-30 22:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-10 11:15 - 2016-01-30 22:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 11:15 - 2016-01-30 22:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 11:15 - 2016-01-30 22:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-10 11:15 - 2016-01-30 22:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 11:15 - 2016-01-30 22:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 11:15 - 2016-01-30 22:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 11:15 - 2016-01-30 22:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 11:15 - 2016-01-30 22:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 11:15 - 2016-01-30 22:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 11:15 - 2016-01-30 22:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 11:15 - 2016-01-30 22:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 11:15 - 2016-01-30 22:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 11:15 - 2016-01-30 22:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 11:15 - 2016-01-30 22:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-10 11:15 - 2016-01-30 22:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 11:15 - 2016-01-30 22:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 11:15 - 2016-01-30 22:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 11:15 - 2016-01-30 22:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 11:15 - 2016-01-30 22:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 11:15 - 2016-01-30 22:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 11:15 - 2016-01-30 22:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 11:15 - 2016-01-30 22:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 11:15 - 2016-01-30 22:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-10 11:15 - 2016-01-30 22:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 11:15 - 2016-01-30 22:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 11:15 - 2016-01-30 22:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 11:15 - 2016-01-30 22:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 11:15 - 2016-01-30 22:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 11:15 - 2016-01-30 21:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 11:15 - 2016-01-30 21:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 01:15 - 2016-02-09 01:15 - 06828320 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup514.exe
2016-02-07 19:21 - 2016-02-07 19:21 - 00034134 _____ C:\Users\user\Documents\cc_20160207_192111.reg
2016-02-07 17:52 - 2016-02-07 19:25 - 00000000 ____D C:\NPE
2016-02-07 17:48 - 2016-02-07 20:00 - 00000000 ____D C:\Users\user\AppData\Local\NPE
2016-02-07 15:52 - 2016-02-07 15:52 - 00001204 _____ C:\Users\user\Documents\cc_20160207_155201.reg
2016-02-07 15:51 - 2016-02-07 15:51 - 00070126 _____ C:\Users\user\Documents\cc_20160207_155132.reg
2016-02-07 11:42 - 2016-02-14 11:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-02-07 11:39 - 2016-02-07 11:39 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-02-07 11:39 - 2016-02-07 11:39 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-02-07 11:39 - 2016-02-07 11:39 - 00003404 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-02-07 11:39 - 2016-02-07 11:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-02-07 11:38 - 2016-02-07 11:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-02-07 11:38 - 2016-02-07 11:38 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2016-02-07 11:38 - 2016-02-07 11:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-02-07 11:33 - 2016-02-07 11:33 - 01110728 _____ (Symantec Corporation) C:\Users\user\Downloads\NortonNISDownloader.exe
2016-02-07 11:33 - 2016-02-07 11:33 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-02-07 10:43 - 2016-02-07 10:43 - 00104384 _____ C:\Users\user\Documents\cc_20160207_104335.reg
2016-02-07 10:32 - 2016-02-11 11:05 - 00000000 ____D C:\Users\user\Desktop\Research
2016-02-07 03:03 - 2016-02-07 03:03 - 00588801 _____ C:\Users\user\AppData\Local\census.cache
2016-02-07 03:01 - 2016-02-07 03:01 - 00391903 _____ C:\Users\user\AppData\Local\ars.cache
2016-02-07 02:32 - 2016-02-07 02:32 - 00000036 _____ C:\Users\user\AppData\Local\housecall.guid.cache
2016-02-07 02:30 - 2016-02-07 02:30 - 00005654 _____ C:\Users\user\Documents\cc_20160207_023045.reg
2016-02-07 02:29 - 2016-02-07 02:29 - 00242952 _____ C:\Users\user\Documents\cc_20160207_022936.reg
2016-02-07 00:46 - 2016-02-14 12:27 - 00000000 ____D C:\FRST
2016-02-06 19:09 - 2016-02-07 01:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-06 19:08 - 2016-02-07 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-06 19:08 - 2016-02-07 01:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-06 19:08 - 2016-02-06 19:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-06 19:08 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-06 19:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-06 19:08 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-06 16:43 - 2016-02-06 19:00 - 00000519 _____ C:\WINDOWS\system32\avgrep.txt
2016-02-06 16:39 - 2016-02-07 16:45 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-27 19:30 - 2016-02-05 01:20 - 00000033 _____ C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat
2016-01-27 19:30 - 2016-01-27 19:30 - 00003598 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-toshiba-user
2016-01-27 19:30 - 2016-01-27 19:30 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-27 19:25 - 2016-01-27 19:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-27 19:25 - 2016-01-27 19:25 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-01-27 19:20 - 2016-01-27 19:20 - 00000000 ____D C:\Program Files\Adobe
2016-01-27 19:18 - 2016-02-10 10:51 - 00000000 ___RD C:\Users\user\Creative Cloud Files
2016-01-27 19:15 - 2016-01-27 19:15 - 00001313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-01-27 19:08 - 2016-01-27 19:09 - 00689344 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\CreativeCloudSet-Up.exe
2016-01-26 22:48 - 2016-01-26 22:48 - 00000000 ____D C:\ProgramData\Avg_Update_0116avz
2016-01-23 13:11 - 2016-01-23 13:11 - 02969817 _____ C:\Users\user\Downloads\SB16W3x.zip
2016-01-23 12:46 - 2015-12-14 16:20 - 00048704 _____ (Olof Lagerkvist) C:\WINDOWS\system32\Drivers\imdisk.sys
2016-01-23 12:46 - 2015-12-14 16:20 - 00021048 _____ (Olof Lagerkvist) C:\WINDOWS\system32\Drivers\awealloc.sys
2016-01-23 12:46 - 2015-12-14 16:19 - 00051304 _____ (Olof Lagerkvist) C:\WINDOWS\SysWOW64\imdisk.exe
2016-01-23 12:46 - 2015-12-14 16:19 - 00051304 _____ (Olof Lagerkvist) C:\WINDOWS\system32\imdisk.exe
2016-01-23 12:46 - 2015-12-14 16:19 - 00019552 _____ (Olof Lagerkvist) C:\WINDOWS\system32\imdsksvc.exe
2016-01-23 12:46 - 2015-12-14 16:18 - 00119920 _____ (Olof Lagerkvist) C:\WINDOWS\system32\imdisk.cpl
2016-01-23 12:46 - 2015-12-14 16:18 - 00108656 _____ (Olof Lagerkvist) C:\WINDOWS\SysWOW64\imdisk.cpl
2016-01-23 12:46 - 2015-03-29 14:18 - 00001324 _____ C:\WINDOWS\system32\uninstall_imdisk.cmd
2016-01-23 12:03 - 2016-01-23 12:03 - 00000000 ____D C:\Program Files (x86)\Monolith Productions
2016-01-23 12:02 - 2016-01-23 12:03 - 00051400 _____ C:\Users\user\Downloads\Install-NOLF.exe
2016-01-22 22:27 - 2016-01-22 22:27 - 00020480 _____ C:\Users\user\Downloads\Setup.exe
2016-01-22 14:24 - 2016-01-22 14:24 - 18446672 _____ (Microsoft Corporation) C:\Users\user\Downloads\MediaCreationTool.exe
2016-01-22 14:24 - 2016-01-22 14:24 - 00000000 ___HD C:\$Windows.~WS
2016-01-22 14:22 - 2016-01-22 14:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-22 14:21 - 2016-01-22 14:22 - 00867752 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\user\Downloads\rufus-2.6.exe
2016-01-21 11:10 - 2016-01-21 11:10 - 00180651 _____ C:\Users\user\Downloads\1mnexperiment.zip
2016-01-21 10:31 - 2016-01-21 10:31 - 00005451 _____ C:\Users\user\AppData\Local\recently-used.xbel
2016-01-18 10:43 - 2016-01-18 10:43 - 00002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-01-18 10:43 - 2016-01-18 10:43 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-01-18 10:43 - 2016-01-18 10:43 - 00002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-01-18 10:43 - 2016-01-18 10:43 - 00002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-01-18 10:43 - 2016-01-18 10:43 - 00002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-01-18 10:43 - 2016-01-18 10:43 - 00002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-01-18 10:43 - 2016-01-18 10:43 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-01-18 10:43 - 2016-01-18 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-01-18 10:41 - 2016-01-18 10:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-15 13:41 - 2011-09-30 03:58 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2016-01-15 13:41 - 2011-09-30 03:58 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2016-01-15 13:40 - 2016-01-15 13:40 - 00000000 ____D C:\Program Files\Ocean Optics
2016-01-15 13:31 - 2016-01-15 13:39 - 70263664 _____ (Ocean Optics, Inc.) C:\Users\user\Downloads\SpectraSuiteSetup_Windows64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 12:19 - 2015-08-31 19:26 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-14 12:19 - 2015-07-10 04:02 - 00000000 ____D C:\WINDOWS\INF
2016-02-14 12:01 - 2014-07-25 11:56 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-02-14 11:54 - 2015-10-26 12:35 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{731E73BD-70D1-4644-8E8E-CF3506B43AAD}
2016-02-14 11:49 - 2013-11-06 21:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-14 11:43 - 2015-12-15 13:32 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-14 11:42 - 2015-01-25 00:22 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-02-14 11:27 - 2014-02-10 13:08 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2016-02-14 11:27 - 2013-11-06 21:55 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-02-14 11:19 - 2015-12-15 13:32 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-14 11:17 - 2015-07-10 02:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-14 11:16 - 2015-08-31 19:18 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-02-14 11:16 - 2015-07-10 05:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-14 11:16 - 2015-07-10 02:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-14 11:16 - 2014-09-02 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-14 11:07 - 2014-02-07 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-13 15:12 - 2015-07-10 06:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 15:04 - 2015-02-26 22:54 - 00000000 ____D C:\GOG Games
2016-02-13 15:03 - 2013-12-18 16:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-13 15:01 - 2013-12-18 17:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-13 14:56 - 2014-01-12 00:19 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-02-13 14:55 - 2013-04-26 01:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-13 14:32 - 2015-08-06 17:50 - 00000000 ____D C:\Users\user\Documents\Outlook Files
2016-02-13 14:12 - 2013-11-06 05:01 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-02-13 11:50 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-12 14:06 - 2013-11-06 05:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 13:56 - 2013-11-06 05:44 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-12 10:02 - 2015-07-10 04:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-11 11:05 - 1999-02-03 10:26 - 00721168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB40032.DLL
2016-02-11 11:05 - 1999-02-03 10:26 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\setup132.exe
2016-02-11 11:05 - 1999-02-03 10:26 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\ST4UNST.EXE
2016-02-11 11:05 - 1999-02-03 10:26 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ven2232.olb
2016-02-11 11:05 - 1999-02-03 10:26 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stkit432.dll
2016-02-10 11:50 - 2015-12-15 13:33 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 11:23 - 2015-07-10 03:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 10:51 - 2013-06-16 12:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-07 19:17 - 2015-07-10 06:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-07 19:17 - 2013-11-07 09:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Kingsoft
2016-02-07 19:17 - 2013-11-07 09:53 - 00000000 ____D C:\Program Files (x86)\Kingsoft
2016-02-07 19:14 - 2015-08-13 09:59 - 00000000 ____D C:\ProgramData\Avg
2016-02-07 19:14 - 2015-08-13 09:58 - 00000000 ____D C:\Users\user\AppData\Local\AvgSetupLog
2016-02-07 19:14 - 2013-12-06 17:22 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-07 17:49 - 2013-06-16 12:08 - 00000000 ____D C:\ProgramData\Norton
2016-02-07 15:53 - 2014-10-27 20:49 - 00000000 ____D C:\ProgramData\AVG2015
2016-02-07 15:53 - 2014-01-10 21:31 - 00000000 ____D C:\WINDOWS\Ubisoft
2016-02-07 15:53 - 2013-12-06 17:20 - 00000000 ____D C:\ProgramData\MFAData
2016-02-07 11:39 - 2015-07-10 04:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-07 11:38 - 2014-10-27 20:46 - 00000000 ____D C:\Users\user\AppData\Local\Avg2015
2016-02-07 11:37 - 2013-12-06 17:22 - 00000000 ___HD C:\$AVG
2016-02-07 11:35 - 2013-06-16 12:08 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-02-07 10:34 - 2014-02-18 18:03 - 00000000 ____D C:\Users\user\Documents\Finances and Maintenance
2016-02-07 10:25 - 2014-01-11 23:03 - 00000183 _____ C:\WINDOWS\disney.ini
2016-02-07 10:24 - 2013-11-06 19:30 - 00000000 ____D C:\Program Files (x86)\LucasArts
2016-02-07 10:04 - 2012-07-25 22:26 - 00000180 _____ C:\WINDOWS\win.ini
2016-02-07 02:28 - 2015-08-31 20:47 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-07 01:03 - 2013-06-16 12:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-06 17:11 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\registration
2016-02-04 23:30 - 2014-01-09 14:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Nitro PDF
2016-02-04 08:42 - 2014-02-18 18:04 - 00000000 ____D C:\Users\user\Documents\Family Projects
2016-02-02 15:47 - 2015-10-01 02:06 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-02 15:47 - 2015-10-01 02:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 10:38 - 2015-12-15 13:32 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 10:38 - 2015-12-15 13:32 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-28 18:45 - 2015-07-10 05:20 - 00358168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-27 21:09 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-27 19:31 - 2013-11-06 05:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2016-01-27 19:19 - 2013-04-26 01:46 - 00000000 ____D C:\ProgramData\Adobe
2016-01-27 19:13 - 2013-04-26 01:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-25 23:10 - 2013-11-27 22:12 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2016-01-23 14:54 - 2014-01-01 21:20 - 00000000 ____D C:\Users\user\AppData\Local\DOSBox
2016-01-22 14:22 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-01-22 14:22 - 2013-08-22 08:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-01-22 12:33 - 2016-01-14 13:04 - 00000000 ____D C:\Users\user\userdir_v2-user
2016-01-21 11:07 - 2014-01-26 20:54 - 00000000 ____D C:\Users\user\.gimp-2.8
2016-01-18 10:46 - 2015-07-10 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-15 13:42 - 2013-12-03 14:24 - 00000000 ____D C:\Program Files\DIFX
2016-01-15 13:41 - 2016-01-14 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ocean Optics
2016-01-15 13:32 - 2016-01-14 13:03 - 00000000 ____D C:\Program Files (x86)\Ocean Optics

==================== Files in the root of some directories =======

2016-01-27 19:30 - 2016-02-05 01:20 - 0000033 _____ () C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat
2014-12-19 07:50 - 2014-12-31 16:13 - 0001463 _____ () C:\Users\user\AppData\Roaming\SpeedRunnersLog.txt
2014-12-19 07:50 - 2014-12-29 19:01 - 0003398 _____ () C:\Users\user\AppData\Roaming\TargetInvocationLog.txt
2015-09-24 15:19 - 2016-01-06 22:21 - 0000600 _____ () C:\Users\user\AppData\Roaming\winscp.rnd
2016-02-07 03:01 - 2016-02-07 03:01 - 0391903 _____ () C:\Users\user\AppData\Local\ars.cache
2016-02-07 03:03 - 2016-02-07 03:03 - 0588801 _____ () C:\Users\user\AppData\Local\census.cache
2015-08-01 21:18 - 2015-08-01 21:18 - 0004608 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-07 02:32 - 2016-02-07 02:32 - 0000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2015-09-24 15:19 - 2016-01-06 18:33 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2016-01-21 10:31 - 2016-01-21 10:31 - 0005451 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-01-06 02:03 - 2013-11-07 02:03 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-04 10:01

==================== End of FRST.txt ============================

 

==================== Start of Addition.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by user (2016-02-14 12:28:19)
Running from C:\Users\user\Desktop
Windows 10 Home (X64) (2015-09-01 15:42:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2136180477-3859961542-3535771316-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2136180477-3859961542-3535771316-503 - Limited - Disabled)
Guest (S-1-5-21-2136180477-3859961542-3535771316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2136180477-3859961542-3535771316-1004 - Limited - Enabled)
user (S-1-5-21-2136180477-3859961542-3535771316-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ACD/Labs Freeware in C:\ACD2012FREE\ (HKLM-x32\...\ACDLabs in C__ACD2012FREE_) (Version: v14.00, FREE - ACD/Labs)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.3.189 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aerosol Instrument Manager (HKLM-x32\...\{601A234E-C1DE-48BA-8482-614F6C4C2882}) (Version: 9.0.0 - TSI Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.2.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avogadro (HKLM-x32\...\Avogadro) (Version: 1.1.0 - Humanity)
Avogadro2 (HKLM-x32\...\Avogadro2) (Version: 0.7.2 - hxxp://openchemistry.org/)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cain 1.9 (HKLM-x32\...\Cain_is1) (Version:  - Sean Mauch, CACR, Caltech)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Client Activator 2.0 - English (HKLM-x32\...\Rainbow Client Activator 2.0 English) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0062 - DTS, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EPISUITE41 (HKLM-x32\...\{54A26C55-91F5-418B-AD32-16B6D77EF9E0}) (Version: 4.1.25 - SRC)
fgheven (HKLM-x32\...\ST4UNST #1) (Version:  - )
ftmwStudent (c:\Program Files (x86)\ftmwStudent2\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
ftmwStudent (HKLM-x32\...\ST6UNST #1) (Version:  - )
GaussView 5.0.8 (HKLM-x32\...\GaussView 5.0) (Version: 5.0 - Gaussian, Inc.)
GimpShop 2.8 (HKLM-x32\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
IDT Audio Driver (HKLM\...\{B1DBC61C-2044-4BC0-8225-1EC7A709EAAF}) (Version: 6.10.6469.0 - IDT)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: * - LTR Data)
Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41504) (Version: 3.8.0.41504.23 - Intel)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.2_06 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142060}) (Version: 1.4.2_06 - Sun Microsystems, Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Math Kernel Libraries (64-bit) (Version: 1.0.31.0 - National Instruments) Hidden
Math Kernel Libraries (64-bit) (Version: 13.0.13 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 1.0.31.0 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 13.0.13 - National Instruments) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NI .NET Framework 4.0 (x32 Version: 4.01.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (Version: 13.0.4 - National Instruments) Hidden
NI ActiveX Container (x32 Version: 13.0.4 - National Instruments) Hidden
NI Assistant Framework (x32 Version: 9.0.143 - National Instruments) Hidden
NI Assistant Framework 64-bit (Version: 9.0.143 - National Instruments) Hidden
NI Assistant Framework LabVIEW 2013 Support (x32 Version: 9.0.107 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2013 (x32 Version: 9.0.107 - National Instruments) Hidden
NI Authentication 13.0.0 (64-bit) (Version: 13.0.326 - National Instruments) Hidden
NI Authentication 13.0.0 (x32 Version: 13.0.326 - National Instruments) Hidden
NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden
NI Curl 13.0.0 (64-bit) (Version: 13.0.324 - National Instruments) Hidden
NI Curl 13.0.0 (x32 Version: 13.0.324 - National Instruments) Hidden
NI Customer Experience Improvement Program (x32 Version: 2.0.77 - National Instruments) Hidden
NI DataSocket 5.1 (64-bit) (Version: 5.1.227 - National Instruments) Hidden
NI DataSocket 5.1 (x32 Version: 5.1.227 - National Instruments) Hidden
NI Distributed System Manager 2013 (x32 Version: 13.0.338 - National Instruments) Hidden
NI Error Reporting 2013 (x32 Version: 13.0.324 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 for Windows 64-bit (Version: 5.50.49152 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.20.361 - National Instruments) Hidden
NI Example Finder 13.0 (x32 Version: 13.0.324 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 13.0.0 (x32 Version: 13.0.45.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 13.0.0 (Version: 13.0.45.0 - National Instruments) Hidden
NI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) Hidden
NI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 2013 32-bit (x32 Version: 1.0.14.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 13.0.336 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.5.198.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Deployable License (x32 Version: 12.1.52.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Run-Time Engine Non-English Support. (x32 Version: 12.1.52.0 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (x32 Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (x32 Version: 13.0.397 - National Instruments) Hidden
NI LabVIEW 2013 Deployable License (x32 Version: 13.0.303 - National Instruments) Hidden
NI LabVIEW 2013 Deployment Framework (x32 Version: 13.0.330 - National Instruments) Hidden
NI LabVIEW 2013 f2 (x32 Version: 13.0.339 - National Instruments) Hidden
NI LabVIEW 2013 Help (x32 Version: 13.0.338 - National Instruments) Hidden
NI LabVIEW 2013 Help File (x32 Version: 13.0.299 - National Instruments) Hidden
NI LabVIEW 2013 License (x32 Version: 13.0.342 - National Instruments) Hidden
NI LabVIEW 2013 Manuals (x32 Version: 13.0.326 - National Instruments) Hidden
NI LabVIEW 2013 MeasAppChm File (x32 Version: 13.0.299 - National Instruments) Hidden
NI LabVIEW 2013 Real-Time Error Dialog (x32 Version: 13.0.123 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Non-English Support. (x32 Version: 13.0.329 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Web Server (x32 Version: 13.0.321 - National Instruments) Hidden
NI LabVIEW 2013 Scripting Code Generator (x32 Version: 9.0.172 - National Instruments) Hidden
NI LabVIEW 2013 Search (x32 Version: 13.0.16 - National Instruments) Hidden
NI LabVIEW 2013 Simulation (x32 Version: 13.0.327 - National Instruments) Hidden
NI LabVIEW 2013 Variable Web Service (x32 Version: 13.0.326 - National Instruments) Hidden
NI LabVIEW 2013 Web Server (x32 Version: 13.0.327 - National Instruments) Hidden
NI LabVIEW Broker (64 bit) (Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW Broker (x32 Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden
NI LabVIEW Compare Utility 13.0.0 (x32 Version: 13.0.340 - National Instruments) Hidden
NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden
NI LabVIEW Merge Utility 13.0.0 (x32 Version: 13.0.339 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.448.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 SP1 f5 (x32 Version: 12.1.64.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2013 f2 (x32 Version: 13.0.337 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 6.1 (HKLM-x32\...\{CC8971B9-9132-4C04-A8D4-628663C9E9F0}) (Version: 6.1 - National Instruments)
NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.449.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 SP1 (x32 Version: 12.1.64.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2013 (x32 Version: 13.0.337 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden
NI LabVIEW Web Services Runtime (x32 Version: 13.0.314 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Code Generator (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2012 LabVIEW DLL Builder (x32 Version: 12.0.0422 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden
NI Launcher (x32 Version: 3.20.351 - National Instruments) Hidden
NI License Manager (x32 Version: 3.7.53 - National Instruments) Hidden
NI Logos 5.5 (64-bit) (Version: 5.5.293 - National Instruments) Hidden
NI Logos 5.5 (x32 Version: 5.5.293 - National Instruments) Hidden
NI Logos LabVIEW 2013 Support (x32 Version: 13.0.327 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.5.294 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.5.294 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.5 (Version: 5.50.49152 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.5 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI MAX Support for 64 Bit Windows (Version: 5.50.49152 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.20.361 - National Instruments) Hidden
NI mDNS Responder 2.2 for Windows 64-bit (Version: 2.20.49152 - National Instruments) Hidden
NI mDNS Responder 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden
NI Measurement & Automation Explorer 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio ComponentWorks UI (x32 Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden
NI MetaSuite Installer (x32 Version: 3.20.351 - National Instruments) Hidden
NI MXS 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI MXS 5.5.0 for 64 Bit Windows (Version: 5.50.49152 - National Instruments) Hidden
NI Network Discovery 5.5 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI Network Discovery 5.5 for Windows 64-bit (Version: 5.50.49152 - National Instruments) Hidden
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden
NI OPC Support (x32 Version: 13.0.296 - National Instruments) Hidden
NI OPCEnum Shared (x32 Version: 5.5.2018 - National Instruments) Hidden
NI Portable Configuration 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI Portable Configuration for 64 Bit Windows 5.5.0 (Version: 5.50.49152 - National Instruments) Hidden
NI Registration Wizard (x32 Version: 1.3.97.0 - National Instruments) Hidden
NI Remote Provider for MAX 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI Remote PXI Provider for MAX 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI Search Shared (x32 Version: 13.0.13 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Service Locator 13.0 (x32 Version: 13.0.307 - National Instruments) Hidden
NI SLCP 2.0 (x32 Version: 2.0.27 - National Instruments) Hidden
NI Software Provider for MAX 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI SSL LabVIEW 2013 Support (x32 Version: 13.0.328 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 SP1 Support (x32 Version: 12.5.8.0 - National Instruments) Hidden
NI SSL LabVIEW RTE 2013 Support (x32 Version: 13.0.317 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 13.0.319 - National Instruments) Hidden
NI SSL Support (x32 Version: 13.0.324 - National Instruments) Hidden
NI System API .NET 5.5.0 (x32 Version: 5.50.157 - National Instruments) Hidden
NI System API Client for WIF 5.5.0 (x32 Version: 5.50.419 - National Instruments) Hidden
NI System API Web-Service 32-bit 5.5.0 (x32 Version: 5.50.405 - National Instruments) Hidden
NI System API Windows 32-bit 5.5.0 (x32 Version: 5.50.589 - National Instruments) Hidden
NI System API Windows 64-bit 5.5.0 (Version: 5.50.588 - National Instruments) Hidden
NI System Configuration 5.5.0 LabVIEW Support (x32 Version: 5.50.186 - National Instruments) Hidden
NI System Configuration LV2013 Support 5.5.0 (x32 Version: 5.50.178 - National Instruments) Hidden
NI System Configuration Runtime 5.5.0 (x32 Version: 5.50.226 - National Instruments) Hidden
NI System Configuration Runtime 5.5.0 for Windows 64-bit (Version: 5.50.226 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 13.0.299 - National Instruments) Hidden
NI System State Publisher (x32 Version: 13.0.304 - National Instruments) Hidden
NI System Web Server 13.0 (x32 Version: 13.0.333 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (64-bit) (Version: 13.0.324 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (x32 Version: 13.0.324 - National Instruments) Hidden
NI TDM Excel Add-In 3.5 (x32 Version: 3.5.9 - National Instruments) Hidden
NI TDM Excel Add-In 3.5 64-bit (Version: 3.5.9 - National Instruments) Hidden
NI TDM Streaming 2.5 (64-bit) (Version: 2.5.36 - National Instruments) Hidden
NI TDM Streaming 2.5 (x32 Version: 2.5.36 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 13.0.324 - National Instruments) Hidden
NI Trace Engine (x32 Version: 13.0.324 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.20.361 - National Instruments) Hidden
NI Update Service 2.3 (64-bit) (Version: 2.30.53 - National Instruments) Hidden
NI Update Service 2.3 (x32 Version: 2.30.65 - National Instruments) Hidden
NI USI 2.0.1 (x32 Version: 2.0.15249 - National Instruments) Hidden
NI USI 2.0.1 64-Bit (Version: 2.0.15249 - National Instruments) Hidden
NI Variable Engine (64-bit) (Version: 2.7.297 - National Instruments) Hidden
NI Variable Engine 2.6.0 (x32 Version: 2.7.297 - National Instruments) Hidden
NI Variable Engine LabVIEW 2013 Support (x32 Version: 13.0.327 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden
NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden
NI VIPM Helper 2013 (x32 Version: 13.0.339 - National Instruments) Hidden
NI Web Application Server 13.0 (64-bit) (Version: 13.0.319 - National Instruments) Hidden
NI Web Application Server 13.0 (x32 Version: 13.0.324 - National Instruments) Hidden
NI Web Pipeline 3.3 (64-bit) (Version: 3.30.24 - National Instruments) Hidden
NI Web Pipeline 3.3 (x32 Version: 3.30.24 - National Instruments) Hidden
NI Web-Based Configuration and Monitoring 2013 (x32 Version: 13.0.306 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation 9.7.5 (x32 Version: 9.75.49152 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.7.5 (Version: 9.75.49152 - National Instruments) Hidden
NI-Mesa (Version: 12.0.7.0 - National Instruments) Hidden
NI-Mesa (x32 Version: 12.0.7.0 - National Instruments) Hidden
NI-RPC 4.4.0f0 (x32 Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for 64 Bit Windows (Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for Phar Lap ETS (x32 Version: 4.40.49152 - National Instruments) Hidden
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.15 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
Ocean Optics USBProgrammer (HKLM-x32\...\219f147efd391211ab31851a93ba604b1086405572) (Version:  - )
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
Origin91 (HKLM-x32\...\{ADC55813-F4DD-47AA-94F3-CA35E1447E26}) (Version: 9.10.00 - OriginLab Corporation)
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
POV-Ray for Windows v3.62 (HKLM-x32\...\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}) (Version: 3.62 - Persistence of Vision Raytracer Pty. Ltd.)
PuTTY release 0.65 (HKLM-x32\...\PuTTY_is1) (Version: 0.65 - Simon Tatham)
Python 2.7.10 (Anaconda 2.3.0 64-bit) (HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\Python 2.7.10 (Anaconda 2.3.0 64-bit)) (Version: 2.3.0 - Continuum Analytics, Inc.)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Reset NI Config 5.5.0 (x32 Version: 5.50.227 - National Instruments) Hidden
SILKYPIX Developer Studio 3.0 for PENTAX (HKLM-x32\...\InstallShield_{A7226DB3-6B7A-4D53-A0BC-9ED54B7763EB}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 for PENTAX (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
SoftPerfect WiFi Guard version 1.0.5 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.5 - SoftPerfect Research)
SpectraSuite (HKLM\...\SpectraSuite 2) (Version: 2 - Ocean Optics, Inc.)
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version:  - LucasArts)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.341 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TSIUSB 64bit Driver Set (HKLM\...\{27CDF42F-A6B6-4DA1-98C2-EB8D5A67A8DD}) (Version: 1.0.0 - TSI Incorporated)
UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 21.10.1027 - IDM Computer Solutions, Inc.)
UltraEdit (x32 Version: 21.10.1027 - IDM Computer Solutions, Inc.) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VI Package Manager 2013 (HKLM-x32\...\{BE5C124E-8659-47D6-BDD0-27DB34E0FB71}) (Version: 13.1.1905 - JKI)
VI Package Manager 2013 (x32 Version: 13.0.0 - National Instruments) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VMD 1.9.2 (HKLM-x32\...\{089F161A-EFCE-44D8-8D38-C401835D93E4}) (Version: 1.9.2 - University of Illinois)
WIF Core Dependencies Windows 5.5.0 (x32 Version: 5.50.155 - National Instruments) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (03/23/2011 1.2.0) (HKLM\...\108C24AA60529F11D7F95919E706DE14A74E0931) (Version: 03/23/2011 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (03/23/2011 1.2.0) (HKLM\...\398337EC460ED4B747F638EAB11FFFF3244422CF) (Version: 03/23/2011 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (03/23/2011 1.2.0) (HKLM\...\81B25B25A683CBCF53B8248657241CDCD47440A1) (Version: 03/23/2011 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (03/23/2011 1.2.0) (HKLM\...\F03648FB105F6F99C7927A2A1116F3D49A40B955) (Version: 03/23/2011 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\29DE0EDA6D3934C320738A786038F6A659246EE2) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\5C2CA2E78E0549DAD5A8D092CC9B1280E6918AF0) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\5CE9B3DB1E5DEC6B1B972385ED7D679E5BB44586) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\9EB1D222C06E311A5B97457292EC1BACC8BD3E1C) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\A5E55D4D1E9B0296BDF8BE93E5FA539478E93E3A) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\AA54E461EC03EF852E861364192543C232B7A2CD) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\BB72A109BCD20BF8200DD156A51F038748C1F92B) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\BD45D27BCDC57A2CD5FA4B63D5534FA73EEC9C11) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\E99E4F0F1A2992FB6BA9E272A967C402C47329C9) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Driver Package - Ocean Optics, Inc. (WinUSB) OceanOpticsUSBDevice  (07/15/2010 1.2.0) (HKLM\...\EECA6BCEAC84598F10247BA4CA7CC332559BD3A0) (Version: 07/15/2010 1.2.0 - Ocean Optics, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08B7DE44-04AD-425D-8814-30604214C2C0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0FC884DC-67B6-4FE4-935C-34B4AF45C3A0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {1BFD554B-A8C5-45F5-947F-17A13D5DC03B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1F2E2E0E-71B5-4E1A-A118-B1814D39F3EF} - System32\Tasks\{0B91FD00-676A-4A22-9258-B79321B7CC1A} => pcalua.exe -a E:\setup.exe -d E:\
Task: {2398E187-6325-4559-8E6E-E1DF03F8CF4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {255C2A37-6E37-48F0-AE47-A94EA3734E9A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {2596993A-D830-40C7-98E5-530C55BBDBAC} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {2796C1BB-1C59-46C6-AD91-52DDEC143AFF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {296610D1-5F75-42D5-BB91-A73075F3BF59} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {299561BE-CC77-490E-B252-17B8EDE237EE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {2AD87A8F-D9FD-4F98-9B31-D2964FFD500C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {30C68C65-E70E-40EE-A301-2AD36739FE5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {36F06E2D-5FC7-45E3-A9D5-6ACEB613AB2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-15] (Google Inc.)
Task: {3AC41608-B13E-4CE3-A2CF-BAFA83EFAD38} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {42D3CEC7-710A-4E07-9142-6693A5A0B118} - System32\Tasks\{F8AD107E-A149-4C50-BF3D-5B845F23BD9C} => pcalua.exe -a D:\Datas\BugsBunny.exe -d D:\Datas
Task: {5357A368-33B5-495F-A366-6F636587E67E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6F998A35-F445-41A8-A1C3-6D7A50993D17} - System32\Tasks\AdobeAAMUpdater-1.0-toshiba-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {76328367-45A9-4776-B30F-2E3172751139} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [2013-12-04] (JKI)
Task: {771060E1-1BF7-48E1-8A6A-7396084E96E9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7A3414DD-A8AA-4163-B450-3CAD11E3BA80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {80A7D412-D520-4588-8092-2D770E50DA2A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {80AD7F6F-D551-45DC-9FFB-2BEA6A1907F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-15] (Google Inc.)
Task: {821F3DDE-FA14-4530-8E3E-A87E8F847D01} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {82DF61E5-249E-4D6B-B57C-9CFB2399098B} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2013-05-28] (National Instruments)
Task: {8EE09760-686A-4D42-83CB-2EB2FA508F7F} - System32\Tasks\{D06692F7-54A2-4E8F-A7AD-0421F5EB8972} => pcalua.exe -a D:\FileRgn.exe -d D:\
Task: {90EFC1A9-7E04-478B-8E2C-3438EDB742EF} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {9814C1BC-C9CE-4398-8B8C-483735FB2B34} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {98E21006-039E-46B6-B2F7-D69C20DF1B58} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-29] (Microsoft Corporation)
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {B7FC9BE8-6EA5-447E-A003-5F9D19E30E92} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {C3ACEA80-1787-459A-867D-54755B63CDCF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-01] (Synaptics Incorporated)
Task: {CB7BCF35-B491-4E6D-8097-6D2D5F88BA4F} - System32\Tasks\{083AABC8-6A65-40DC-8D9C-518692A985E6} => pcalua.exe -a C:\Users\user\Downloads\pinnacle-setup.exe -d C:\Users\user\Downloads
Task: {E321638C-BA8F-439C-A63E-F4219FC69DC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E4AC69AB-6F43-46D5-B30A-6CB9D7C79D71} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
Task: {EA720A7C-BC8F-4F35-8488-65FD4B7B153D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {F9FC1413-7DD0-4FA6-BA58-CC3B575ABEF4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Anaconda Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\user\Anaconda\Scripts\anaconda.bat"

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 04:00 - 2015-07-10 04:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-31 20:38 - 2015-08-31 20:38 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2013-03-27 15:53 - 2013-03-27 15:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2015-08-03 14:59 - 2015-08-03 14:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-31 20:39 - 2015-08-31 20:39 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-06 06:28 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-09-30 12:55 - 2015-09-16 23:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 12:55 - 2015-09-16 23:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-12-06 06:34 - 2016-01-29 11:37 - 08913088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-04-28 20:10 - 2014-04-28 20:10 - 00111616 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2015-04-15 13:13 - 2015-04-15 13:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-09-30 12:55 - 2015-09-16 22:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-08-03 14:59 - 2015-08-03 14:59 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-12-08 17:26 - 2015-11-24 21:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 17:26 - 2015-11-24 21:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 17:26 - 2015-11-24 21:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 12:55 - 2015-09-16 22:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2013-10-09 12:11 - 2013-10-09 12:11 - 08044544 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2013\NIQtGui_2013.dll
2013-10-09 12:11 - 2013-10-09 12:11 - 02214912 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2013\NIQtCore_2013.dll
2012-01-26 10:36 - 2012-01-26 10:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-12-03 04:37 - 2015-12-03 04:37 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-12-07 01:04 - 2015-12-07 01:04 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-12-03 04:37 - 2015-12-03 04:37 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\100_0823\IMGP1709.JPG
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NetWorx"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\StartupApproved\Run: => "FreeRAM XP"
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\StartupApproved\Run: => "NIRegistrationWizard"
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2136180477-3859961542-3535771316-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5CD65C20-EC11-4CD4-90D7-172503A583FE}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{D0BF592F-881A-4A9C-9FFB-B42FE5D8F738}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8D475B8-C269-40A4-851D-619E91F5A8AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [TCP Query User{6EE05977-DBBC-456E-A251-E213A2583486}C:\program files (x86)\national instruments\max\nimax.exe] => (Block) C:\program files (x86)\national instruments\max\nimax.exe
FirewallRules: [UDP Query User{68C45C19-C64E-425F-8136-794BFFD01C07}C:\program files (x86)\national instruments\max\nimax.exe] => (Block) C:\program files (x86)\national instruments\max\nimax.exe
FirewallRules: [{ED2C7787-CF4F-413C-A0AC-28E70FB07DCB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{27ABE07E-A41B-4BB5-A753-D2E6255B7965}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4C4C029-010C-49CB-94A4-26A592BE0F3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3096C319-FE4B-4168-B6C8-9FAF0ED8EC27}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0FDD62BE-E802-47BC-AEA8-E2A6B21BD7EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{2E2529F4-611C-4C80-8537-D1BF156C4D8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{8B79852A-51D3-4DB5-8F2B-35AE59EB8EFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{C72294DB-F37B-4451-95D2-9A36FE3B0271}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{C423CE91-C6E7-42CE-98B0-4AAAE1DC52CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{A0E49253-2883-4871-A176-51BFC3303599}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{78C4A1B1-9F7A-49BA-845E-0C68896865DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{10E11A10-CA46-42DE-95B2-55A6A6584FD7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{FDD58B0C-E489-4F26-BD81-C4FB64D036BB}] => (Allow) C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe
FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
FirewallRules: [{B24B5EEF-6219-43FC-A044-8C2F74393429}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{797C8A59-7EFC-4487-A423-F677A7C5ED57}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A5F858A2-6CFF-41CD-8CEF-ACBB3C781D78}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{06D87905-5482-43B0-B0E5-EC39F9BB702B}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FF11A3D0-0814-4CF5-99FE-7A57BE8ECD2E}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3E3B7FFB-1453-4EB9-9C7F-65F8AA39BFD9}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{33264108-2EBF-4CB6-8CD6-B72C63266EE1}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B69E2D42-7983-45CB-9F7E-961BC06C8CCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08431BBD-AB29-4BA1-99D6-97F6658C53D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{77BEB70B-ECF8-478B-8FE7-E57E2D5C681D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5B3CFC5A-7138-49C7-B19F-C0EA0FD37223}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F5878BD9-2F5C-4C78-9B7C-EB1436370496}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{071472CB-D53A-4866-B9AC-32412910BD24}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0F6219F9-A53E-4944-AC37-FB2B18A226A0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0286CCAA-2A90-415B-9D02-676C6E58E839}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{48BF9C65-B8A7-4C66-B87F-2F2753C7A84F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5EFC6E1B-2A6F-40DE-9B3E-2368CC97069E}] => (Allow) LPort=2869
FirewallRules: [{8ABB6496-ABE0-4FA9-9920-28867F17C75A}] => (Allow) LPort=1900
FirewallRules: [{A5E8EAE1-1862-495C-A4A0-1E542456DB7D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D74B9A83-F3C2-4F8E-928A-2BC3E0017989}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5997725B-5000-47A1-B6CC-90DE3B943FE0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A581C319-E6C6-4156-BDB8-372C38A2A51D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76F60C9E-C6CB-4107-8945-4E847A06AF0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4EC468D-91D6-4631-900D-7D7BE15216D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D80EB159-064F-48DB-B3FE-B26F156372F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB513412-0835-42A5-9ED6-ABE0AC80CB9C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9EF2C37F-AC08-4730-A6CF-A08D33BCA670}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Forces\DosBox\dosbox.exe
FirewallRules: [{E5198154-843B-4C4E-8A05-2230766D42C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Forces\DosBox\dosbox.exe
FirewallRules: [{E73AE27D-12E3-4195-8E0E-C6F27059D0DF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{37910828-B69C-4021-B2FC-328214B974A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-02-2016 10:01:44 Installed Game Elements Game Controller
10-02-2016 11:18:29 Windows Update
10-02-2016 11:19:45 Windows Update
13-02-2016 14:53:42 Removed Game Elements Game Controller

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2016 11:22:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16603 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1978

Start Time: 01d167541719cd45

Termination Time: 4294967295

Application Path: C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: cb2454ab-d347-11e5-bf54-7c0507dfb016

Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (02/14/2016 11:21:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: toshiba)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (02/14/2016 11:15:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: toshiba)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/14/2016 11:14:13 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (02/13/2016 08:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18162953

Error: (02/13/2016 08:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18162953

Error: (02/13/2016 08:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2016 08:23:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18161734

Error: (02/13/2016 08:23:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18161734

Error: (02/13/2016 08:23:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/14/2016 11:17:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DTS APO Service service failed to start due to the following error:
%%1053

Error: (02/14/2016 11:17:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DTS APO Service service to connect.

Error: (02/14/2016 11:16:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (02/14/2016 11:16:58 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (02/14/2016 11:15:40 AM) (Source: DCOM) (EventID: 10010) (User: toshiba)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (02/14/2016 11:15:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/13/2016 03:20:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (02/13/2016 03:18:57 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (02/13/2016 03:17:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (02/13/2016 03:17:40 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)


==================== Memory info ===========================

Processor: AMD A10-5745M APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 7363.26 MB
Available physical RAM: 4305.76 MB
Total Virtual: 8643.26 MB
Available Virtual: 5558.43 MB

==================== Drives ================================

Drive c: (TI80141400B) (Fixed) (Total:918.31 GB) (Free:770.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 13206370)

Partition: GPT.

==================== End of Addition.txt ============================



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:52 AM

Posted 16 February 2016 - 07:08 AM

Hi schnitzl,
 
Just a couple of lines to deal with, but I do not see any signs of active malware:
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
ProxyServer: [S-1-5-21-2136180477-3859961542-3535771316-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
Toolbar: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-2136180477-3859961542-3535771316-1001 -> No Name - {48314482-2357-4CD5-A208-7045F95054CA} -  No File
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Your version of Adobe Reader is out of date.
 
Please follow these steps to remove older version Adobe Reader components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Reader uninstaller.
  • Reboot your computer once Adobe Reader is removed.
  • Then from your desktop double-click on the Adobe Reader installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
  • If offered any unwanted software or toolbars during installation (such as the McAfee Security Plan Plus); just uncheck the box before continuing unless you want it.
  • Adobe Reader is updated frequently. If you want to be automatically notified of future updates, or automatically have them installed then make sure to check the option in the installer

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 schnitzl

schnitzl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 27 February 2016 - 11:40 PM

Hi xXToffeeXx,

 

I ran the fix and updated Adobe Reader, and everything seems to be running smoothly.

 

Thanks again for your help over the last couple weeks!

 

All the best,

schnitzl



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:52 AM

Posted 09 March 2016 - 04:55 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users