Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"cannot find server" message on parts of pages/desktop flashing - am I infected?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Guitarguy999

Guitarguy999

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 04 March 2016 - 03:02 AM

PLEASE NOTE: Since the FRST log was too long to paste here, I have included it as an attachment instead.
 
Websites load very slowly, and some will not even fully load, i.e., I will see a white screen with a "cannot find server" message instead of a banner. I have also noticed recently that when my computer starts up, the desktop will sometimes flash several times. A virus scan/malwarebytes scan turned up nothing.
 
Many thanks in advance for checking this out!!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by NB (administrator) on PC (03-03-2016 23:23:28)
Running from C:\Users\NB\Downloads
Loaded Profiles: NB (Available Profiles: NB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop.exe
() C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop.exe
() C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop.exe
() C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\portProxy.exe
() C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(The OpenVPN Project) C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\openvpn\bin\openvpn.exe
(Google) C:\Users\NB\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-11] (NTI Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1078352 2011-02-23] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\...\Run: [Google Update] => C:\Users\NB\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-06] (Google Inc.)
HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2016-02-27] (Webroot)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-02-07]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-02-07]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.143.4.1 209.244.0.3
Tcpip\..\Interfaces\{16061404-7955-411C-818C-2E9B8F5B7FF1}: [DhcpNameServer] 10.10.25.1
Tcpip\..\Interfaces\{8699E9EF-3725-4516-980C-F82B39A83245}: [DhcpNameServer] 10.143.4.1 209.244.0.3
Tcpip\..\Interfaces\{DA7DC180-4557-4201-A726-E677EA8A8DAA}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2251973933-2728822110-1399843872-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2251973933-2728822110-1399843872-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2251973933-2728822110-1399843872-1000 -> {32516FAD-1A54-4682-92CD-BAA8BACC6114} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-03-03] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-03-03] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-07] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2016-03-03] (Webroot)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-03] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-03-03] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-07] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2016-03-03] (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-07] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-07] (Webroot)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-03] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\NB\AppData\Roaming\Mozilla\Firefox\Profiles\gxj41zna.default
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-2251973933-2728822110-1399843872-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\NB\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2251973933-2728822110-1399843872-1000: @talk.google.com/O1DPlugin -> C:\Users\NB\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2251973933-2728822110-1399843872-1000: @tools.google.com/Google Update;version=3 -> C:\Users\NB\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-2251973933-2728822110-1399843872-1000: @tools.google.com/Google Update;version=9 -> C:\Users\NB\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\NB\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\NB\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Disconnect - C:\Users\NB\AppData\Roaming\Mozilla\Firefox\Profiles\gxj41zna.default\extensions\2.0@disconnect.me.xpi [2016-02-05]
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2016-03-03]
FF Extension: Disconnect Search - C:\Users\NB\AppData\Roaming\Mozilla\Firefox\Profiles\gxj41zna.default\Extensions\search@disconnect.me.xpi [2016-02-05]
FF Extension: Webroot Password Manager - C:\Users\NB\AppData\Roaming\Mozilla\Firefox\Profiles\gxj41zna.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-02-07]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer

Chrome:
=======
CHR Profile: C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-08]
CHR Extension: (Google Docs) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08]
CHR Extension: (Google Drive) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]
CHR Extension: (YouTube) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]
CHR Extension: (Google Search) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (Google Sheets) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-08]
CHR Extension: (Disconnect Search) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2016-02-08]
CHR Extension: (Disconnect) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-02-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-08]
CHR Extension: (Gmail) - C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]
CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-28] (Microsoft Corporation)
S3 Disconnect Desktop Updater; C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-09-23] (Disconnect)
R3 disconnect-openvpn; C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [338944 2014-08-31] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [835152 2016-02-04] (Valve Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-02-29] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-02-07] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [45592 2016-03-03] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-03 23:23 - 2016-03-03 23:24 - 00023309 _____ C:\Users\NB\Downloads\FRST.txt
2016-03-03 23:06 - 2016-03-03 23:23 - 00000000 ____D C:\FRST
2016-03-03 23:05 - 2016-03-03 23:05 - 02371584 _____ (Farbar) C:\Users\NB\Downloads\FRST64.exe
2016-03-03 23:03 - 2016-03-03 23:03 - 01722368 _____ (Farbar) C:\Users\NB\Downloads\FRST.exe
2016-03-03 21:41 - 2016-03-03 21:41 - 00002117 _____ C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-03 21:41 - 2016-03-03 21:41 - 00002068 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-03 21:41 - 2016-03-03 21:41 - 00002068 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-03 21:41 - 2016-03-03 21:41 - 00000000 ___RD C:\Users\NB\OneDrive
2016-03-03 21:41 - 2016-03-03 21:41 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-03-03 21:40 - 2016-03-03 21:40 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-03-03 21:18 - 2016-03-03 21:18 - 00002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-03 21:18 - 2016-03-03 21:18 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-03 21:18 - 2016-03-03 21:18 - 00002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-03 21:18 - 2016-03-03 21:18 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-03 21:18 - 2016-03-03 21:18 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-03 21:18 - 2016-03-03 21:18 - 00002330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-03 21:18 - 2016-03-03 21:18 - 00002322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-03 21:18 - 2016-03-03 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-03 21:03 - 2016-03-03 21:40 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-03 20:51 - 2016-03-03 20:51 - 00060216 _____ C:\WindowsPER_____.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 21543568 _____ C:\WindowsMSYH.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 14381616 _____ C:\WindowsMSYHBD.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 00222632 _____ C:\WindowsMSUIGHUR.tt2
2016-03-03 20:51 - 2016-03-03 20:48 - 14343024 _____ C:\WindowsMSJHBD.tt2
2016-03-03 20:51 - 2016-03-03 20:47 - 21302624 _____ C:\WindowsMSJH.tt2
2016-03-03 20:51 - 2016-03-03 20:47 - 00093836 _____ C:\WindowsLEELAWDB.tt2
2016-03-03 20:51 - 2016-03-03 20:46 - 00094064 _____ C:\WindowsLEELAWAD.tt2
2016-03-03 20:43 - 2016-03-03 20:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-03 20:41 - 2016-03-03 20:41 - 03202248 _____ (Microsoft Corporation) C:\Users\NB\Downloads\Setup.X86.en-US_O365HomePremRetail_462d805d-119e-4ba5-a9e5-b416344a71d3_TX_PR_.exe
2016-03-02 01:05 - 2016-03-02 01:05 - 00000000 ____D C:\Users\NB\Documents\CyberLink
2016-03-02 01:05 - 2016-03-02 01:05 - 00000000 ____D C:\Users\NB\AppData\Local\Cyberlink
2016-02-29 16:16 - 2016-02-29 17:00 - 00484626 _____ C:\Windows\ntbtlog.txt
2016-02-28 06:49 - 2016-02-28 06:49 - 00635112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-02-28 06:49 - 2016-02-28 06:49 - 00390400 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-02-28 06:49 - 2016-02-28 06:49 - 00333080 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-02-28 06:49 - 2016-02-28 06:49 - 00088816 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-02-28 05:01 - 2016-02-28 05:01 - 00439536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-02-28 05:01 - 2016-02-28 05:01 - 00267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-02-28 05:01 - 2016-02-28 05:01 - 00243480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-02-28 05:01 - 2016-02-28 05:01 - 00085232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-02-28 01:55 - 2016-02-28 01:55 - 02455153 _____ C:\Users\NB\Downloads\pg30601-images.mobi
2016-02-26 18:37 - 2016-02-26 18:37 - 00003600 _____ C:\Windows\System32\Tasks\Disconnect Desktop Updater
2016-02-26 18:37 - 2016-02-26 18:37 - 00001155 _____ C:\Users\NB\Desktop\Disconnect Desktop.lnk
2016-02-26 18:37 - 2016-02-26 18:37 - 00000000 ____D C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disconnect Desktop
2016-02-26 18:37 - 2016-02-26 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-02-26 13:56 - 2016-02-26 13:56 - 00000032 _____ C:\Users\NB\Desktop\Disconnect code.txt
2016-02-26 03:00 - 2016-02-27 02:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-26 03:00 - 2016-02-26 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-22 18:56 - 2016-02-22 18:56 - 00000000 ____D C:\ProgramData\RescueTime.com
2016-02-22 18:55 - 2016-02-22 18:55 - 01713720 _____ (RescueTime, Inc. ) C:\Users\NB\Downloads\RescueTimeInstaller.exe
2016-02-22 18:47 - 2016-02-22 18:47 - 00000000 ____D C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toggl
2016-02-22 18:46 - 2016-02-22 18:46 - 07795416 _____ C:\Users\NB\Downloads\TogglDesktopInstaller-7.3.252.exe
2016-02-22 14:33 - 2015-07-16 11:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-02-22 14:33 - 2015-07-16 11:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-02-22 14:33 - 2015-07-16 11:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-02-22 14:33 - 2015-07-16 11:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-02-22 14:33 - 2015-07-16 11:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-02-22 14:33 - 2015-07-16 11:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-02-22 14:33 - 2015-07-11 05:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-02-21 22:26 - 2016-02-21 22:26 - 00000000 ____D C:\ProgramData\Age of Empires 3
2016-02-21 22:20 - 2016-02-21 22:20 - 00002165 _____ C:\Users\Public\Desktop\Age of Empires III.lnk
2016-02-21 22:20 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-02-21 22:20 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-02-21 22:20 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-02-21 22:20 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-02-21 21:02 - 2015-12-20 10:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-21 21:02 - 2015-12-20 10:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-21 21:02 - 2015-12-20 06:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-21 19:31 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-02-21 18:38 - 2016-02-21 18:38 - 00000000 ____D C:\Users\NB\AppData\Local\ElevatedDiagnostics
2016-02-21 18:18 - 2016-02-21 18:18 - 00000960 _____ C:\Users\NB\Documents\Land Notes.txt
2016-02-21 18:17 - 2016-02-21 18:17 - 00000960 _____ C:\Users\NB\Documents\.txt
2016-02-21 16:09 - 2016-02-21 17:46 - 140783556 _____ C:\Users\NB\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-US.exe
2016-02-20 19:11 - 2016-03-03 22:08 - 00000000 ____D C:\Users\NB\AppData\Roaming\Skype
2016-02-20 19:11 - 2016-02-20 19:11 - 00000000 ____D C:\Users\NB\AppData\Local\Skype
2016-02-20 19:10 - 2016-02-20 19:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-20 19:10 - 2016-02-20 19:10 - 00000000 ____D C:\ProgramData\Skype
2016-02-20 19:10 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-02-20 19:10 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-02-20 19:10 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-02-20 19:10 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-02-20 19:10 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-02-20 19:10 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-02-20 19:10 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-02-20 19:10 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-02-20 19:10 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-02-20 19:10 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-02-20 19:09 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-02-20 19:09 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2016-02-20 19:09 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-20 19:07 - 2015-11-19 06:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-02-20 19:07 - 2015-08-05 09:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-02-20 19:07 - 2015-08-05 09:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-02-20 19:07 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-02-20 19:07 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2016-02-20 19:06 - 2016-01-11 11:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-02-20 19:06 - 2015-11-19 06:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-02-20 19:06 - 2015-11-19 06:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-20 19:05 - 2015-12-16 10:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-02-20 19:05 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-20 19:05 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-20 19:05 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-20 19:05 - 2015-12-16 10:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-02-20 19:05 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-02-20 19:05 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-02-20 19:05 - 2015-12-16 10:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-02-20 19:05 - 2015-12-16 06:38 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-02-20 19:05 - 2015-12-16 06:37 - 00419928 _____ C:\Windows\system32\locale.nls
2016-02-17 03:04 - 2016-02-17 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-17 03:03 - 2016-02-17 03:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-17 03:03 - 2016-02-17 03:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-16 21:56 - 2016-02-20 16:36 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2016-02-16 18:44 - 2016-02-17 03:52 - 00000000 ____D C:\Users\NB\AppData\Roaming\SoftGrid Client
2016-02-16 18:44 - 2016-02-17 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2016-02-16 18:44 - 2016-02-16 18:44 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-02-16 18:44 - 2016-02-16 18:44 - 00000000 ____D C:\Users\NB\AppData\Local\SoftGrid Client
2016-02-16 18:44 - 2016-02-16 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-02-16 18:44 - 2016-02-16 18:44 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-16 18:43 - 2016-02-16 18:45 - 00000000 ____D C:\Users\NB\AppData\Roaming\TP
2016-02-15 23:14 - 2016-02-25 03:36 - 00000000 ____D C:\Users\NB\AppData\Local\Spotify
2016-02-15 23:14 - 2016-02-15 23:14 - 00001756 _____ C:\Users\NB\Desktop\Spotify.lnk
2016-02-15 23:14 - 2016-02-15 23:14 - 00001742 _____ C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-02-15 23:13 - 2016-02-25 03:22 - 00000000 ____D C:\Users\NB\AppData\Roaming\Spotify
2016-02-15 23:11 - 2016-02-15 23:11 - 00234712 _____ (Spotify Ltd) C:\Users\NB\Downloads\SpotifySetup.exe
2016-02-11 16:53 - 2016-02-12 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-10 03:36 - 2016-02-10 03:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 03:36 - 2016-02-10 03:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-09 17:23 - 2016-01-16 11:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 17:23 - 2016-01-16 10:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 17:23 - 2016-01-11 11:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 17:23 - 2016-01-11 11:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 17:23 - 2016-01-11 11:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 17:23 - 2016-01-11 10:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 17:23 - 2016-01-11 10:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 17:23 - 2016-01-11 10:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 17:23 - 2016-01-11 10:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 17:23 - 2016-01-11 10:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 17:23 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 17:23 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 17:23 - 2016-01-11 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 17:23 - 2016-01-11 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 17:23 - 2016-01-11 10:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 17:23 - 2016-01-11 10:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 17:23 - 2016-01-11 10:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 17:23 - 2016-01-11 10:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 17:23 - 2016-01-11 06:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 17:23 - 2016-01-11 06:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 17:23 - 2016-01-11 06:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 17:23 - 2016-01-11 06:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 17:23 - 2016-01-11 06:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 17:23 - 2016-01-07 09:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 17:23 - 2016-01-07 09:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 17:23 - 2016-01-06 11:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 17:23 - 2016-01-06 11:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 17:23 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 17:23 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-02-09 17:23 - 2015-06-03 12:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-02-09 17:23 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2016-02-09 17:23 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2016-02-09 17:23 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2016-02-09 17:23 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2016-02-09 17:23 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2016-02-09 17:23 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2016-02-09 17:23 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2016-02-09 17:23 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2016-02-09 17:23 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2016-02-09 17:23 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2016-02-09 17:22 - 2016-01-21 22:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 17:22 - 2016-01-21 22:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 17:22 - 2016-01-21 22:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 17:22 - 2016-01-21 22:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 17:22 - 2016-01-21 22:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 17:22 - 2016-01-21 22:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 17:22 - 2016-01-21 22:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 17:22 - 2016-01-21 22:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 17:22 - 2016-01-21 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 17:22 - 2016-01-21 22:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 17:22 - 2016-01-21 22:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 17:22 - 2016-01-21 22:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 17:22 - 2016-01-21 22:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 17:22 - 2016-01-21 22:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 17:22 - 2016-01-21 22:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 17:22 - 2016-01-21 22:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 17:22 - 2016-01-21 22:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 17:22 - 2016-01-21 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 17:22 - 2016-01-21 22:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 17:22 - 2016-01-21 22:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 17:22 - 2016-01-21 22:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 17:22 - 2016-01-21 22:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 17:22 - 2016-01-21 22:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 17:22 - 2016-01-21 22:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 17:22 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 17:22 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 17:22 - 2016-01-21 22:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 22:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 17:22 - 2016-01-21 22:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 17:22 - 2016-01-21 22:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 17:22 - 2016-01-21 22:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 17:22 - 2016-01-21 22:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 17:22 - 2016-01-21 22:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 17:22 - 2016-01-21 22:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 17:22 - 2016-01-21 22:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 17:22 - 2016-01-21 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 17:22 - 2016-01-21 22:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 17:22 - 2016-01-21 22:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 17:22 - 2016-01-21 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 17:22 - 2016-01-21 22:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 17:22 - 2016-01-21 22:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 17:22 - 2016-01-21 22:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 17:22 - 2016-01-21 22:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 17:22 - 2016-01-21 22:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 17:22 - 2016-01-21 22:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 17:22 - 2016-01-21 22:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 17:22 - 2016-01-21 22:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 17:22 - 2016-01-21 22:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 17:22 - 2016-01-21 22:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 21:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 17:22 - 2016-01-21 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 17:22 - 2016-01-21 21:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-09 17:22 - 2016-01-21 21:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 17:22 - 2016-01-21 21:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 17:22 - 2016-01-21 21:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 17:22 - 2016-01-21 20:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 17:22 - 2016-01-21 20:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 17:22 - 2016-01-21 20:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 17:22 - 2016-01-21 20:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 17:22 - 2016-01-21 20:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 17:22 - 2016-01-21 20:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 17:22 - 2016-01-21 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 17:22 - 2016-01-21 20:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 17:22 - 2016-01-21 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 17:22 - 2016-01-21 20:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 17:22 - 2016-01-21 20:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 20:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 20:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 17:22 - 2016-01-21 20:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 17:22 - 2016-01-16 11:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 17:22 - 2016-01-16 10:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-08 23:12 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-02-08 22:15 - 2016-02-17 03:02 - 00799376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-08 20:46 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-02-08 20:46 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-02-08 20:46 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-02-08 20:46 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-02-08 20:46 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-02-08 20:46 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-02-08 20:45 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-02-08 20:45 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-02-08 17:16 - 2015-04-17 19:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-08 17:16 - 2015-04-17 18:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-08 17:06 - 2015-02-17 23:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-02-08 17:06 - 2015-02-17 23:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-02-08 17:03 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-08 17:03 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-02-08 17:03 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-02-08 17:03 - 2012-06-05 22:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2016-02-08 17:03 - 2012-06-05 21:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2016-02-08 17:02 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-02-08 17:02 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-02-08 17:02 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-02-08 17:02 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-02-08 17:02 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-02-08 17:02 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-02-08 17:02 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-02-08 17:02 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-02-08 17:02 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-02-08 17:02 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-08 17:02 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-02-08 17:02 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-02-08 17:02 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-02-08 17:02 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-02-08 17:02 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-02-08 17:02 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-02-08 16:43 - 2015-02-03 19:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-02-08 16:43 - 2015-02-03 18:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-02-08 16:36 - 2016-02-19 17:40 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-08 16:36 - 2016-02-19 17:40 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-08 16:34 - 2016-03-03 22:58 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-08 16:34 - 2016-03-03 16:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-08 16:34 - 2016-02-08 16:36 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-08 16:34 - 2016-02-08 16:34 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-08 16:34 - 2016-02-08 16:34 - 00003634 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-08 16:33 - 2016-02-08 16:33 - 00987728 _____ (Google Inc.) C:\Users\NB\Downloads\ChromeSetup.exe
2016-02-08 16:26 - 2016-02-29 18:37 - 00000274 _____ C:\Windows\wininit.ini
2016-02-08 03:57 - 2016-02-21 02:23 - 00000000 ____D C:\Users\NB\AppData\Roaming\Audacity
2016-02-08 03:57 - 2016-02-08 03:57 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-02-08 03:57 - 2016-02-08 03:57 - 00001015 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-02-08 03:57 - 2016-02-08 03:57 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-02-08 03:55 - 2016-02-08 03:55 - 24210616 _____ (Audacity Team ) C:\Users\NB\Downloads\audacity-win-2.1.0.exe
2016-02-08 03:01 - 2016-02-08 03:01 - 00000000 ____D C:\Windows\system32\SPReview
2016-02-08 03:00 - 2016-02-08 03:00 - 00000000 ____D C:\Windows\system32\EventProviders
2016-02-07 16:14 - 2010-11-20 05:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2016-02-07 16:14 - 2010-11-20 05:33 - 01924480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-02-07 16:11 - 2010-11-04 18:20 - 00105559 _____ C:\Windows\SysWOW64\RacRules.xml
2016-02-07 16:11 - 2010-11-04 18:20 - 00105559 _____ C:\Windows\system32\RacRules.xml
2016-02-07 16:11 - 2009-06-10 13:39 - 00001041 _____ C:\Windows\SysWOW64\tcpbidi.xml
2016-02-06 18:21 - 2016-03-03 22:26 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2251973933-2728822110-1399843872-1000UA.job
2016-02-06 18:21 - 2016-03-03 18:26 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2251973933-2728822110-1399843872-1000Core.job
2016-02-06 18:21 - 2016-02-08 18:31 - 00000000 ____D C:\Users\NB\AppData\Local\Google
2016-02-06 18:21 - 2016-02-06 18:21 - 00987728 _____ (Google Inc.) C:\Users\NB\Downloads\GoogleVoiceAndVideoSetup.exe
2016-02-06 18:21 - 2016-02-06 18:21 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2251973933-2728822110-1399843872-1000UA
2016-02-06 18:21 - 2016-02-06 18:21 - 00003464 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2251973933-2728822110-1399843872-1000Core
2016-02-06 02:27 - 2016-02-07 01:30 - 00000000 ____D C:\Users\NB\Desktop\orig file
2016-02-06 02:04 - 2016-02-06 02:04 - 00000000 ____D C:\Users\NB\AppData\Local\Steam
2016-02-06 02:04 - 2016-02-06 02:04 - 00000000 ____D C:\Users\NB\AppData\Local\CEF
2016-02-06 02:01 - 2016-03-03 14:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-06 02:01 - 2016-02-06 02:01 - 01380712 _____ C:\Users\NB\Downloads\SteamSetup.exe
2016-02-06 02:01 - 2016-02-06 02:01 - 00000971 _____ C:\Users\Public\Desktop\Steam.lnk
2016-02-06 02:01 - 2016-02-06 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-05 20:58 - 2015-12-02 13:18 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-02-05 20:44 - 2016-02-07 21:46 - 00000000 ____D C:\Users\NB\AppData\LocalLow\LastPass
2016-02-05 20:44 - 2016-02-07 21:46 - 00000000 ____D C:\Users\NB\AppData\Local\lptmp
2016-02-05 20:43 - 2016-03-03 14:38 - 00045592 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2016-02-05 20:43 - 2016-02-27 02:17 - 00181688 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2016-02-05 20:43 - 2016-02-27 02:17 - 00117304 _____ (Webroot) C:\Windows\system32\WRusr.dll
2016-02-05 20:43 - 2016-02-07 21:45 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2016-02-05 20:43 - 2016-02-05 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-02-05 20:43 - 2016-02-05 20:43 - 00000000 ____D C:\Program Files\Webroot
2016-02-05 20:42 - 2016-03-03 22:59 - 00000000 ____D C:\ProgramData\WRData
2016-02-05 20:37 - 2016-02-10 03:20 - 00000000 ____D C:\Windows\system32\MRT
2016-02-05 20:37 - 2016-02-10 03:15 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-05 19:15 - 2016-02-05 19:15 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-02-05 16:38 - 2016-03-03 20:13 - 00000000 ____D C:\Users\NB\AppData\Local\DisconnectDesktop
2016-02-05 16:38 - 2016-02-05 16:38 - 00000000 ____D C:\Users\NB\AppData\Local\Caphyon
2016-02-05 16:38 - 2016-02-05 16:38 - 00000000 ____D C:\Program Files\TAP-Windows
2016-02-05 16:37 - 2016-02-05 16:37 - 00000000 ____D C:\Users\NB\AppData\Roaming\Disconnect
2016-02-05 16:36 - 2016-02-05 16:37 - 71515456 _____ (Disconnect) C:\Users\NB\Downloads\Disconnect+Desktop.exe
2016-02-05 16:34 - 2016-02-12 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-05 16:34 - 2016-02-06 18:22 - 00000000 ____D C:\Users\NB\AppData\Roaming\Mozilla
2016-02-05 16:34 - 2016-02-05 16:46 - 00000000 ____D C:\Users\NB\AppData\Local\Mozilla
2016-02-05 16:34 - 2016-02-05 16:34 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-05 16:34 - 2016-02-05 16:34 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-05 16:33 - 2016-02-05 16:33 - 00242000 _____ C:\Users\NB\Downloads\Firefox Setup Stub 44.0.exe
2016-02-05 16:32 - 2016-03-03 14:38 - 00000000 ____D C:\ProgramData\clear.fi
2016-02-05 03:07 - 2016-02-21 22:22 - 00000000 ____D C:\Users\NB\Documents\My Games
2016-02-05 03:07 - 2016-02-21 22:20 - 00000000 ____D C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-05 03:07 - 2016-02-21 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-02-05 03:07 - 2016-02-05 03:07 - 00000000 ____D C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-02-05 02:55 - 2016-02-21 22:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2016-02-05 02:55 - 2016-02-05 02:55 - 00000000 ____D C:\Windows\Watson
2016-02-05 02:46 - 2016-02-06 19:41 - 00000000 ____D C:\ProgramData\SecTaskMan
2016-02-05 02:46 - 2016-02-06 18:20 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2016-02-05 02:46 - 2016-02-06 18:20 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2016-02-05 02:46 - 2016-02-06 18:20 - 00001143 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2016-02-05 02:46 - 2016-02-06 18:20 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2016-02-05 02:45 - 2016-02-05 02:45 - 00000000 ____D C:\Users\NB\Desktop\ProcessExplorer
2016-02-05 02:44 - 2016-02-29 16:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-05 02:44 - 2016-02-29 16:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-05 02:44 - 2016-02-05 02:44 - 00000000 ____D C:\ProgramData\Panda Security
2016-02-05 02:44 - 2016-02-05 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-05 02:44 - 2016-02-05 02:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-05 02:44 - 2016-02-05 02:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-05 02:44 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-05 02:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-05 02:43 - 2016-02-05 02:43 - 00003072 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2016-02-05 02:43 - 2016-02-05 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-02-05 02:43 - 2016-02-05 02:43 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2016-02-05 02:42 - 2016-02-05 20:41 - 00000000 ____D C:\Users\NB\Desktop\Utilities
2016-02-05 01:53 - 2016-02-05 02:57 - 00000000 ____D C:\Users\NB\AppData\Local\Microsoft Games
2016-02-05 01:53 - 2016-02-05 01:53 - 00001451 _____ C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-05 01:53 - 2016-02-05 01:53 - 00001417 _____ C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-05 01:53 - 2016-02-05 01:53 - 00000000 ____D C:\Users\NB\AppData\Roaming\Intel Corporation
2016-02-05 01:53 - 2016-02-05 01:53 - 00000000 ____D C:\Users\NB\AppData\Local\EgisTec IPS
2016-02-05 01:51 - 2016-02-05 01:51 - 00002609 _____ C:\Users\Public\Desktop\eBay.lnk
2016-02-05 01:51 - 2016-02-05 01:51 - 00002102 _____ C:\Users\Public\Desktop\Netflix.lnk
2016-02-05 01:51 - 2016-02-05 01:51 - 00000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
2016-02-05 01:51 - 2016-02-05 01:51 - 00000915 _____ C:\Users\Public\Desktop\Times Reader.lnk
2016-02-05 01:51 - 2016-02-05 01:51 - 00000000 ____D C:\Users\NB\AppData\Roaming\CyberLink
2016-02-05 01:51 - 2016-02-05 01:51 - 00000000 ____D C:\Users\NB\AppData\Local\Acer
2016-02-05 01:51 - 2016-02-05 01:51 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-05 01:51 - 2016-02-05 01:51 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-05 01:51 - 2016-02-05 01:51 - 00000000 ____D C:\ProgramData\OEM_E471269A730D
2016-02-05 01:51 - 2016-02-05 01:51 - 00000000 ____D C:\Program Files (x86)\Times Reader
2016-02-05 01:51 - 2016-02-05 01:51 - 00000000 ____D C:\Program Files (x86)\OEM
2016-02-05 01:50 - 2016-03-03 21:41 - 00000000 ____D C:\Users\NB
2016-02-05 01:50 - 2016-02-10 03:40 - 00061592 _____ C:\Users\NB\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-05 01:50 - 2016-02-05 01:52 - 00000000 ____D C:\Users\NB\AppData\Local\PowerCinema
2016-02-05 01:50 - 2016-02-05 01:50 - 00000020 ___SH C:\Users\NB\ntuser.ini
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 _SHDL C:\Users\NB\My Documents
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 _SHDL C:\Users\NB\Documents\My Videos
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 _SHDL C:\Users\NB\Documents\My Pictures
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 _SHDL C:\Users\NB\Documents\My Music
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 ____D C:\Users\NB\AppData\Roaming\Macromedia
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 ____D C:\Users\NB\AppData\Roaming\Intel
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 ____D C:\Users\NB\AppData\Roaming\Adobe
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 ____D C:\Users\NB\AppData\Local\VirtualStore
2016-02-05 01:50 - 2016-02-05 01:50 - 00000000 ____D C:\Users\NB\AppData\Local\Adobe
2016-02-05 01:50 - 2009-07-13 23:44 - 00000000 ____D C:\Users\NB\AppData\Roaming\Media Center Programs
2016-02-04 20:55 - 2016-02-04 20:55 - 00001212 _____ C:\Users\Public\Desktop\NOOK for PC.lnk
2016-02-04 20:55 - 2016-02-04 20:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
2016-02-04 20:55 - 2016-02-04 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
2016-02-04 20:55 - 2016-02-04 20:55 - 00000000 ____D C:\Program Files (x86)\Barnes & Noble
2016-02-04 20:51 - 2016-02-04 20:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
2016-02-04 20:51 - 2016-02-04 20:51 - 00003418 _____ C:\Windows\System32\Tasks\clear.fi
2016-02-04 20:51 - 2016-02-04 20:51 - 00003366 _____ C:\Windows\System32\Tasks\DMREngine
2016-02-04 20:51 - 2016-02-04 20:51 - 00003348 _____ C:\Windows\System32\Tasks\clear.fiAgent
2016-02-04 20:51 - 2016-02-04 20:51 - 00002171 _____ C:\Users\Public\Desktop\clear.fi.lnk
2016-02-04 20:51 - 2016-02-04 20:51 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2016-02-04 20:50 - 2016-02-04 20:52 - 00000000 ____D C:\ProgramData\CLSK
2016-02-04 20:49 - 2016-03-02 01:06 - 00000000 ____D C:\ProgramData\CyberLink
2016-02-04 20:49 - 2016-02-04 20:55 - 00000000 ____D C:\ProgramData\Temp
2016-02-04 20:48 - 2016-02-04 20:48 - 00001024 ___RH C:\Users\Public\Documents\NTILiveUpdateV9.dll
2016-02-04 20:48 - 2016-02-04 20:48 - 00000000 ____D C:\ProgramData\NTI Launcher
2016-02-04 20:48 - 2016-02-04 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
2016-02-04 20:47 - 2016-02-04 20:47 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9REGET.dll
2016-02-04 20:47 - 2016-02-04 20:47 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll
2016-02-04 20:47 - 2016-02-04 20:47 - 00000000 ____D C:\Windows\en
2016-02-04 20:47 - 2016-02-04 20:47 - 00000000 ____D C:\ProgramData\FLEXnet
2016-02-04 20:46 - 2016-02-04 20:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-02-04 20:46 - 2016-02-04 20:47 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-02-04 20:46 - 2016-02-04 20:46 - 00002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-02-04 20:46 - 2016-02-04 20:46 - 00001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-04 20:46 - 2016-02-04 20:46 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-02-04 20:46 - 2016-02-04 20:46 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-02-04 20:46 - 2016-02-04 20:46 - 00000000 ____D C:\Windows\PCHEALTH
2016-02-04 20:46 - 2016-02-04 20:46 - 00000000 ____D C:\Program Files\Windows Live
2016-02-04 20:46 - 2016-02-04 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-02-04 20:46 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-02-04 20:46 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-02-04 20:46 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-02-04 20:46 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-02-04 20:46 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-02-04 20:46 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-02-04 20:45 - 2016-03-03 21:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-04 20:44 - 2016-02-04 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
2016-02-04 20:43 - 2016-03-03 22:58 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-04 20:40 - 2011-02-01 13:06 - 00008192 _____ C:\Windows\system32\Drivers\IntelMEFWVer.dll
2016-02-04 20:39 - 2016-02-06 18:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-02-04 20:39 - 2016-02-04 20:39 - 00000000 ____D C:\Program Files\Realtek
2016-02-04 20:39 - 2010-12-28 01:22 - 02688488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-02-04 20:39 - 2010-12-27 23:51 - 00608768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-02-04 20:39 - 2010-12-21 19:28 - 02828392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2016-02-04 20:39 - 2010-12-21 19:28 - 02328168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-02-04 20:39 - 2010-12-01 04:11 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX0.dat
2016-02-04 20:39 - 2010-11-30 19:03 - 00003206 _____ C:\Windows\system32\Drivers\RtPCEE4.DAT
2016-02-04 20:39 - 2010-11-29 02:47 - 02578576 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2016-02-04 20:39 - 2010-11-29 02:47 - 01868944 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2016-02-04 20:39 - 2010-11-23 02:45 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-02-04 20:39 - 2010-11-21 19:39 - 00626792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-02-04 20:39 - 2010-11-17 19:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-02-04 20:39 - 2010-11-10 21:27 - 00083048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2016-02-04 20:39 - 2010-11-07 15:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-02-04 20:39 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-02-04 20:39 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-02-04 20:39 - 2010-11-07 15:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-02-04 20:39 - 2010-11-07 15:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-02-04 20:39 - 2010-11-07 15:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-02-04 20:39 - 2010-11-03 02:31 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-02-04 20:39 - 2010-11-03 02:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-02-04 20:39 - 2010-11-03 02:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 01327208 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 01179752 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 00491112 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 00475752 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 00317032 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 00269928 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 00126056 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 00125544 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-02-04 20:39 - 2010-11-03 02:29 - 00125032 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-02-04 20:39 - 2010-11-01 17:35 - 01718616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-02-04 20:39 - 2010-11-01 17:35 - 00127832 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-02-04 20:39 - 2010-11-01 17:34 - 00421720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-02-04 20:39 - 2010-11-01 17:34 - 00108888 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-02-04 20:39 - 2010-11-01 17:34 - 00074584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-02-04 20:39 - 2010-10-28 18:29 - 01937312 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-02-04 20:39 - 2010-10-02 21:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-02-04 20:39 - 2010-09-26 17:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-02-04 20:39 - 2010-09-23 01:21 - 00039672 _____ C:\Windows\system32\Drivers\RtPCEE3.DAT
2016-02-04 20:39 - 2010-07-22 00:48 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFNHK64.dll
2016-02-04 20:39 - 2010-07-22 00:48 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCOM64.dll
2016-02-04 20:39 - 2010-07-22 00:48 - 00078160 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFAPO64.dll
2016-02-04 20:39 - 2010-07-22 00:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-02-04 20:39 - 2010-05-06 01:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-02-04 20:39 - 2010-03-21 21:21 - 00247560 _____ C:\Windows\system32\Drivers\RTConvEQ.dat
2016-02-04 20:39 - 2010-03-21 21:21 - 00001448 _____ C:\Windows\system32\Drivers\RtHdatEx.dat
2016-02-04 20:39 - 2010-03-15 00:59 - 00000024 _____ C:\Windows\system32\Drivers\rtkhdaud.dat
2016-02-04 20:39 - 2010-02-10 23:45 - 00000176 _____ C:\Windows\system32\Drivers\RTHDAEQ1.dat
2016-02-04 20:39 - 2010-01-26 05:52 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX3.dat
2016-02-04 20:39 - 2009-11-23 17:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-02-04 20:39 - 2009-11-23 17:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-02-04 20:39 - 2009-11-23 17:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-02-04 20:39 - 2009-11-23 17:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-02-04 20:39 - 2009-11-18 02:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2016-02-04 20:39 - 2008-08-20 21:43 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX2.dat
2016-02-04 20:39 - 2005-06-26 13:29 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX1.dat
2016-02-04 20:38 - 2016-02-06 18:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-02-04 20:38 - 2016-02-06 18:25 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-02-04 20:38 - 2010-11-03 02:29 - 01111656 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-02-04 20:38 - 2010-11-03 02:29 - 00504936 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-02-04 20:38 - 2010-11-03 02:29 - 00266856 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-02-04 20:38 - 2010-07-22 00:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-02-04 20:38 - 2009-11-17 02:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-02-04 20:37 - 2016-02-04 20:37 - 00000000 ____D C:\Program Files\Elantech
2016-02-04 20:36 - 2016-02-04 20:36 - 00000184 _____ C:\Windows\LMv4.UNI
2016-02-04 20:36 - 2016-02-04 20:36 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2016-02-04 20:34 - 2016-02-04 20:35 - 00000000 ____D C:\Program Files\Broadcom
2016-02-04 20:34 - 2016-02-04 20:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_b57xdbd_01009.Wdf
2016-02-04 20:33 - 2016-02-04 20:33 - 00002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Wireless Display.lnk
2016-02-04 20:33 - 2016-02-04 20:33 - 00002104 _____ C:\Users\Public\Desktop\Intel® Wireless Display.lnk
2016-02-04 20:33 - 2016-02-04 20:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WDKMD_01009.Wdf
2016-02-04 20:33 - 2016-02-04 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-02-04 20:33 - 2016-02-04 20:33 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2016-02-04 20:30 - 2016-02-04 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2016-02-04 20:30 - 2016-02-04 20:30 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-02-04 20:29 - 2016-02-04 20:30 - 00000000 ____D C:\Program Files\Intel
2016-02-04 20:28 - 2010-10-03 21:02 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-02-04 20:27 - 2010-09-13 18:24 - 00437272 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2016-02-04 20:25 - 2016-02-04 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2016-02-04 20:25 - 2016-02-04 20:25 - 00000000 ____D C:\ProgramData\EgisTec
2016-02-04 20:25 - 2016-02-04 20:25 - 00000000 ____D C:\book
2016-02-04 20:24 - 2016-02-04 20:33 - 00000000 ____D C:\ProgramData\Intel
2016-02-04 20:24 - 2016-02-04 20:24 - 00015762 _____ C:\Windows\system32\results.xml
2016-02-04 20:22 - 2016-02-04 20:22 - 00000003 _____ C:\Windows\system32\PLD_Framework.cmd
2016-02-04 20:21 - 2016-02-04 20:40 - 00000000 ____D C:\Program Files (x86)\Intel
2016-02-04 20:21 - 2016-02-04 20:30 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-02-04 20:21 - 2016-02-04 20:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-02-04 20:20 - 2016-02-04 20:20 - 00000000 ____D C:\Intel
2016-02-04 20:15 - 2016-02-04 20:15 - 00000000 ____D C:\Windows\NAPP_Dism_Log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-03 21:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-03-03 20:43 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-03 14:52 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 14:52 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-03 14:43 - 2009-07-13 21:13 - 00782680 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-03 14:37 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-02 16:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-29 18:40 - 2011-05-11 04:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-26 18:32 - 2011-05-11 04:47 - 00000000 ____D C:\ProgramData\WildTangent
2016-02-26 18:32 - 2011-05-11 04:47 - 00000000 ____D C:\Program Files (x86)\Acer Games
2016-02-26 18:32 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-26 14:17 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-22 22:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-21 15:25 - 2009-07-13 20:45 - 00277016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-21 03:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-20 19:10 - 2011-05-11 04:52 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-20 19:10 - 2011-05-11 04:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-11 15:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2016-02-10 03:36 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-08 03:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-08 03:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-08 03:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-08 03:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-08 03:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-02-08 03:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-08 03:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-08 03:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Setup
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\oobe
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\manifeststore
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Dism
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-08 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2016-02-08 03:07 - 2009-07-13 18:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2016-02-08 03:07 - 2009-07-13 18:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2016-02-05 20:40 - 2011-05-11 04:52 - 00000000 ____D C:\ProgramData\McAfee
2016-02-05 01:53 - 2011-05-11 04:59 - 00000000 ____D C:\ProgramData\oem
2016-02-05 01:52 - 2011-05-11 05:13 - 00000000 ___HD C:\OEM
2016-02-05 01:51 - 2011-05-11 05:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-05 01:50 - 2011-05-11 05:00 - 00000000 ____D C:\ProgramData\Adobe
2016-02-04 21:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-02-04 21:10 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2016-02-04 20:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2016-02-04 20:55 - 2011-05-11 04:55 - 00000000 ____D C:\Program Files\Acer
2016-02-04 20:55 - 2011-05-11 04:54 - 00000000 ____D C:\Program Files (x86)\Acer
2016-02-04 20:48 - 2011-05-11 05:02 - 00000000 ____D C:\Program Files (x86)\NTI
2016-02-04 20:44 - 2011-05-11 04:52 - 00000000 ____D C:\Program Files\Preload
2016-02-04 20:34 - 2011-05-11 04:45 - 00000000 ____D C:\Windows\Downloaded Installations
2016-02-04 20:25 - 2011-02-11 19:12 - 00000000 ____D C:\Windows\DeployWinRE2
2016-02-04 20:24 - 2011-05-11 04:57 - 00000000 ____D C:\ProgramData\EgisTec IPS
2016-02-04 20:00 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template

==================== Files in the root of some directories =======

2016-02-05 20:44 - 2016-02-07 21:46 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-02-04 20:49 - 2016-02-04 20:52 - 0016108 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some files in TEMP:
====================
C:\Users\NB\AppData\Local\Temp\0057521454733200mcinst.exe
C:\Users\NB\AppData\Local\Temp\COMAP.EXE
C:\Users\NB\AppData\Local\Temp\MSN3EE5.exe
C:\Users\NB\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-29 17:33

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by NB (2016-03-03 23:25:44)
Running from C:\Users\NB\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-05 09:49:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2251973933-2728822110-1399843872-500 - Administrator - Disabled)
Guest (S-1-5-21-2251973933-2728822110-1399843872-501 - Limited - Disabled)
NB (S-1-5-21-2251973933-2728822110-1399843872-1000 - Administrator - Enabled) => C:\Users\NB

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Mythology Gold (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: 1.0 - Microsoft)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1229.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1229.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Ion Storm)
Disconnect Desktop (HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\...\Disconnect Desktop 2.0.5) (Version: 2.0.5 - Disconnect)
Disconnect Desktop (x32 Version: 2.0.5 - Disconnect) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® Wireless Display (HKLM-x32\...\{626663EE-B9E6-4982-995F-02C31E84F8FC}) (Version: 2.0.29.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.3 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2034 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
OpenVPN 2.3.8-I601 (HKLM-x32\...\OpenVPN) (Version: 2.3.8-I601 - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6276 - Realtek Semiconductor Corp.)
Security Task Manager 2.1e (HKLM-x32\...\Security Task Manager) (Version: 2.1e - Neuber Software)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.72 - Webroot)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2251973933-2728822110-1399843872-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\NB\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2251973933-2728822110-1399843872-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\NB\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01AC9D22-8543-4274-8006-DA66D5DEA716} - System32\Tasks\Disconnect Desktop Updater => C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [2015-09-23] (Disconnect)
Task: {1FE4B38A-814C-4238-8410-428A3E83920C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {24B89F6E-0A79-4E47-A55A-E43170BB51AB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-03] (Microsoft Corporation)
Task: {2E843436-0F89-478B-BA74-ECB61DC61345} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {52329EDC-3C4F-47C1-952F-B16D55A5EE09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2251973933-2728822110-1399843872-1000Core => C:\Users\NB\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-06] (Google Inc.)
Task: {64655B56-2178-46E7-A0CE-043549E5F360} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2251973933-2728822110-1399843872-1000UA => C:\Users\NB\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-06] (Google Inc.)
Task: {88BDE777-4E99-43BD-B526-4C16FAE85E73} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-29] (Acer Incorporated)
Task: {8A608FD9-042B-45E5-922C-1B79273E9E22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-08] (Google Inc.)
Task: {A2779CD6-24AC-42AE-8B3B-EFA32433CE65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-08] (Google Inc.)
Task: {CF9C614F-8590-4C4C-A8EE-17B5743F60D1} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-29] (CyberLink Corp.)
Task: {D163818D-8A68-44FF-BFDC-874C6D9AF79B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-29] (CyberLink)
Task: {D8D5880A-C6FF-4786-9D99-D87C9329BAFA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2251973933-2728822110-1399843872-1000Core.job => C:\Users\NB\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2251973933-2728822110-1399843872-1000UA.job => C:\Users\NB\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2009-01-21 15:45 - 2009-01-21 15:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-03-03 03:52 - 2011-01-27 08:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-09-23 15:40 - 2015-09-23 15:40 - 79825768 _____ () C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop.exe
2015-04-22 18:04 - 2015-04-22 18:04 - 03502080 _____ () C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\portProxy.exe
2014-08-31 08:34 - 2014-08-31 08:34 - 00338944 _____ () C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe
2016-03-03 20:43 - 2016-02-28 02:20 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-11-11 16:22 - 2010-11-11 16:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-11 16:22 - 2010-11-11 16:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-11 16:22 - 2010-11-11 16:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-29 14:56 - 2010-12-29 14:56 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2016-02-10 17:43 - 2016-02-10 17:43 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\be3c2bb5c4e873b19c13326eb7266ea1\IsdiInterop.ni.dll
2016-02-04 20:27 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-08-04 05:25 - 2015-08-04 05:25 - 00175144 _____ () C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\openvpn\bin\liblzo2-2.dll
2015-08-04 05:25 - 2015-08-04 05:25 - 00112736 _____ () C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\openvpn\bin\libpkcs11-helper-1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2251973933-2728822110-1399843872-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.143.4.1 - 209.244.0.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{925125A5-2DE9-4941-9F82-4E6F172E6A28}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{249A871E-0F0C-44F5-A8E2-88A52005D001}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{4B1F4388-0ED1-4119-A7B0-B80047C6E560}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6F1B9B00-1DDB-4D15-9BAB-A8F0141235C8}] => (Allow) LPort=2869
FirewallRules: [{790178CF-19CE-4BFA-9395-782D7914E028}] => (Allow) LPort=1900
FirewallRules: [{A873D422-EB18-4BE8-903B-139CAC95F88B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{08ECCF9F-B017-41AD-BE7A-CC65D5CB3C16}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3609E249-9BD6-4480-989A-807A2F052653}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{36A2047B-1677-477A-8F6E-6E7ACFC2DBD4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{56EDE34E-F0CA-46E7-A67B-C834B923E6E2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{87B610E6-F5AA-4A78-8510-2921C5B194A4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{2E9193C4-19CB-47EB-B2B6-CEC16CD419EF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{3E8A381C-DE3C-43C9-908D-B7EF11B30409}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{6707F485-BFB5-4B80-B8A0-4C04E5823467}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{22877782-800E-4760-A935-F0DF7E1EFA4E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{6634AA94-F7C9-4B41-9DC3-B432F9C0D384}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Mythology\aomx.exe
FirewallRules: [{5E238079-84C7-4D33-930C-46A9D259E0E9}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Mythology\aomx.exe
FirewallRules: [{66E0330A-2E59-4627-B451-7D6B44B9CAB3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2ABF0FF6-8FBC-459D-942F-5394C0661D74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2486B92-E4B8-4C2D-891F-32FAC64D6F2E}] => (Allow) C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{140F9016-957F-4771-B60F-DB26E664780E}] => (Allow) C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{873F8D64-58AA-40B7-A53D-1F6A9023C5DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C7E44DE-008F-41A6-BD13-8A25A0BF6033}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7789E7F1-FF2F-4698-A2EE-68504BEDCB63}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{66F9EDD0-C074-4043-A148-F9BE4807ABFB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FF50D836-E5E1-455C-8441-0F0CDA107A35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{3D3E71F9-2A4C-481D-AF47-B5D19EC36593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [TCP Query User{E413B137-121E-45C5-BCCB-A3578B665D2F}C:\users\nb\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nb\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5824A043-B43D-4712-B6AF-9A8DD00734F7}C:\users\nb\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nb\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7D64A785-1191-41B5-A5B6-EB0396641BF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{440773D3-2ACD-4FE7-A888-1C8CB611CF36}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{DE9A2D4A-9FA4-4C62-A508-2DFBC8EDE813}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [UDP Query User{F4618F80-8D5B-4272-9E88-1753029F4C9F}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [{094BF533-7A75-4094-B216-42E53A81CFAB}] => (Allow) C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{34253363-A045-4A10-B840-B1C73D76A800}] => (Allow) C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{43982B0E-4A2A-435D-A4F1-BEF3E478DD5B}] => (Allow) C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{391016E7-4919-418D-A20C-31CE147AD41F}] => (Allow) C:\Users\NB\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{03BD7BDE-EB47-4935-A7CA-5A947616A516}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3BF55A58-D1E3-4690-B665-CC8BDE96BA67}] => (Allow) C:\Users\NB\AppData\Local\Microsoft\OneDrive\OneDrive.exe

==================== Restore Points =========================

21-02-2016 18:54:48 Windows Update
21-02-2016 19:31:23 Windows Update
21-02-2016 22:05:37 Installed Age of Empires III
22-02-2016 03:00:11 Windows Update
22-02-2016 06:24:51 Windows Update
23-02-2016 03:00:11 Windows Update
26-02-2016 03:00:15 Windows Update
26-02-2016 14:14:30 Removed Disconnect Desktop
26-02-2016 14:16:43 Installed Disconnect Desktop
26-02-2016 18:34:26 Removed Disconnect Desktop
26-02-2016 18:37:21 Installed Disconnect Desktop
29-02-2016 18:39:04 Configured eSobi v2
02-03-2016 20:13:58 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2016 11:15:37 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (03/03/2016 10:26:29 PM) (Source: nssm) (EventID: 1063) (User: )
Description: Failed to rotate output file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config.log for service disconnect-openvpn.
MoveFile() failed for file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config-20160304T062629.511.log:
The system cannot find the path specified.

Error: (03/03/2016 08:13:12 PM) (Source: nssm) (EventID: 1063) (User: )
Description: Failed to rotate output file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config.log for service disconnect-openvpn.
MoveFile() failed for file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config-20160304T041312.069.log:
The system cannot find the path specified.

Error: (03/03/2016 02:47:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (03/03/2016 02:37:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (03/03/2016 02:37:48 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=B18}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7166.5001.sft' (rc 16D1160A-0000E002, original rc 16D1160A-0000E002).

Error: (03/02/2016 09:47:17 PM) (Source: nssm) (EventID: 1063) (User: )
Description: Failed to rotate output file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config.log for service disconnect-openvpn.
MoveFile() failed for file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config-20160303T054717.985.log:
The system cannot find the path specified.

Error: (03/02/2016 08:10:25 PM) (Source: nssm) (EventID: 1063) (User: )
Description: Failed to rotate output file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config.log for service disconnect-openvpn.
MoveFile() failed for file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config-20160303T041025.382.log:
The system cannot find the path specified.

Error: (03/02/2016 08:09:37 PM) (Source: nssm) (EventID: 1063) (User: )
Description: Failed to rotate output file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config.log for service disconnect-openvpn.
MoveFile() failed for file C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\config\config-20160303T040937.981.log:
The system cannot find the path specified.

Error: (03/02/2016 08:05:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Click-2-Run package registration failure.


System errors:
=============
Error: (03/02/2016 05:57:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WRSVC service failed to start due to the following error:
%%109

Error: (03/02/2016 05:57:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/29/2016 06:04:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The disconnect-openvpn service terminated unexpectedly. It has done this 1 time(s).

Error: (02/29/2016 04:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/29/2016 04:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/29/2016 04:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/29/2016 04:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/29/2016 04:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/29/2016 04:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/29/2016 04:37:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 38%
Total physical RAM: 5995.86 MB
Available physical RAM: 3681.73 MB
Total Virtual: 11989.93 MB
Available Virtual: 9520.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:378.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5A6CF349)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 04 March 2016 - 02:48 PM.
Removed valid MSFT files from report


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 04 March 2016 - 02:50 PM

Greetings Guitarguy999 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
2016-03-03 20:51 - 2016-03-03 20:51 - 00060216 _____ C:\WindowsPER_____.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 21543568 _____ C:\WindowsMSYH.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 14381616 _____ C:\WindowsMSYHBD.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 00222632 _____ C:\WindowsMSUIGHUR.tt2
2016-03-03 20:51 - 2016-03-03 20:48 - 14343024 _____ C:\WindowsMSJHBD.tt2
2016-03-03 20:51 - 2016-03-03 20:47 - 21302624 _____ C:\WindowsMSJH.tt2
2016-03-03 20:51 - 2016-03-03 20:47 - 00093836 _____ C:\WindowsLEELAWDB.tt2
2016-03-03 20:51 - 2016-03-03 20:46 - 00094064 _____ C:\WindowsLEELAWAD.tt2
C:\Users\NB\AppData\Local\Temp\0057521454733200mcinst.exe
C:\Users\NB\AppData\Local\Temp\COMAP.EXE
C:\Users\NB\AppData\Local\Temp\MSN3EE5.exe
C:\Users\NB\AppData\Local\Temp\procexp64.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • MiniToolBox report
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Guitarguy999

Guitarguy999
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 05 March 2016 - 06:56 PM

Alright, here it is. I accidentally ran JFO twice...I hope that doesn't cause a problem.

Thank you Gary for the help!!


MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by NB (administrator) on 05-03-2016 at 15:18:32
Running from "C:\Users\NB\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Aspire 5750 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ==============================
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
TAP-Windows Adapter V9 = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-86-99-E9-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.wa.comcast.net.
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : DC-0E-A1-0F-F6-CF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:600:8f01:52ff:644a:56:7b03:a140(Preferred)
   IPv6 Address. . . . . . . . . . . : 2601:600:8f01:52ff:e10e:cced:ff30:6618(Preferred)
   Lease Obtained. . . . . . . . . . : Saturday, March 05, 2016 3:10:40 PM
   Lease Expires . . . . . . . . . . : Wednesday, March 09, 2016 2:55:34 PM
   Temporary IPv6 Address. . . . . . : 2601:600:8f01:52ff:ed50:201a:2e5c:4382(Preferred)
   Link-local IPv6 Address . . . . . : fe80::644a:56:7b03:a140%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, March 05, 2016 3:10:39 PM
   Lease Expires . . . . . . . . . . : Saturday, March 12, 2016 3:10:39 PM
   Default Gateway . . . . . . . . . : fe80::ba9b:c9ff:fe5a:2972%14
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 702287521
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-45-DD-EB-10-0B-A9-2A-B5-10
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 10-0B-A9-2A-B5-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 10-0B-A9-2A-B5-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : soulfoodcoffeehouse.com
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
   Physical Address. . . . . . . . . : 10-0B-A9-2A-B5-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{8699E9EF-3725-4516-980C-F82B39A83245}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{E3C50F62-C8BB-4EB0-B079-8324F347FD04}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.soulfoodcoffeehouse.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A906D3B6-BCA5-4E42-B3D4-124B92847A62}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hsd1.wa.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.wa.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:400a:806::200e
                  172.217.0.142
 
 
Pinging google.com [2607:f8b0:400a:801::200e] with 32 bytes of data:
Reply from 2607:f8b0:400a:801::200e: time=17ms
Reply from 2607:f8b0:400a:801::200e: time=15ms
 
Ping statistics for 2607:f8b0:400a:801::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 17ms, Average = 16ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
                  2001:4998:c:a06::2:4008
                  2001:4998:44:204::a7
                  98.139.183.24
                  98.138.253.109
                  206.190.36.45
 
 
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=117ms
Reply from 2001:4998:58:c02::a9: time=98ms
 
Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 98ms, Maximum = 117ms, Average = 107ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...00 ff 86 99 e9 ef ......TAP-Windows Adapter V9
 14...dc 0e a1 0f f6 cf ......Broadcom NetLink ™ Gigabit Ethernet
 13...10 0b a9 2a b5 11 ......Microsoft Virtual WiFi Miniport Adapter #2
 12...10 0b a9 2a b5 11 ......Microsoft Virtual WiFi Miniport Adapter
 11...10 0b a9 2a b5 10 ......Intel® Centrino® Advanced-N 6205
  1...........................Software Loopback Interface 1
 37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.7     20
         10.0.0.0    255.255.255.0         On-link          10.0.0.7    276
         10.0.0.7  255.255.255.255         On-link          10.0.0.7    276
       10.0.0.255  255.255.255.255         On-link          10.0.0.7    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.7    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.7    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14    276 ::/0                     fe80::ba9b:c9ff:fe5a:2972
  1    306 ::1/128                  On-link
 14     28 2601:600:8f01:52ff::/64  On-link
 14    276 2601:600:8f01:52ff:644a:56:7b03:a140/128
                                    On-link
 14    276 2601:600:8f01:52ff:e10e:cced:ff30:6618/128
                                    On-link
 14    276 2601:600:8f01:52ff:ed50:201a:2e5c:4382/128
                                    On-link
 14    276 fe80::/64                On-link
 14    276 fe80::644a:56:7b03:a140/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
**** End of log ****
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by NB (Administrator) on Sat 03/05/2016 at 15:33:46.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0
 
 
 
 
Registry: 0
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/05/2016 at 15:35:19.94

End of JRT log

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 05 March 2016 - 08:53 PM

I do not see the FRST Fixlog or the Adwcleaner report. Did you run those programs as instructed? If so please post the logs. Also let me know how your computer is running.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Guitarguy999

Guitarguy999
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 08 March 2016 - 05:47 PM

My computer is acting pretty much the same. :(

 

FRST log is too long to paste into a single post, so I have attached it. AdwCleaner reports are below.

 

Sorry I have not gotten back to you earlier. I had a number of family commitments last weekend. Please let me know if there is any further information I could provide that might be helpful.

 

Thanks again for your help!!!

 

# AdwCleaner v5.037 - Logfile created 05/03/2016 at 15:24:43
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : NB - PC
# Running from : C:\Users\NB\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\SecTaskMan

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Web browsers ] *****

[-] [C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1128 bytes] - [05/03/2016 15:24:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1161 bytes] - [05/03/2016 15:22:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1274 bytes] ##########

 

# AdwCleaner v5.037 - Logfile created 05/03/2016 at 15:22:29
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : NB - PC
# Running from : C:\Users\NB\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\SecTaskMan

***** [ Files ] *****

File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Web browsers ] *****

[C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\NB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1009 bytes] - [05/03/2016 15:22:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1082 bytes] ##########


 

Attached Files

  • Attached File  FRST.txt   237.7KB   1 downloads

Edited by Guitarguy999, 08 March 2016 - 05:53 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 08 March 2016 - 08:36 PM

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
2016-03-03 20:51 - 2016-03-03 20:51 - 00060216 _____ C:\WindowsPER_____.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 21543568 _____ C:\WindowsMSYH.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 14381616 _____ C:\WindowsMSYHBD.tt2
2016-03-03 20:51 - 2016-03-03 20:50 - 00222632 _____ C:\WindowsMSUIGHUR.tt2
2016-03-03 20:51 - 2016-03-03 20:48 - 14343024 _____ C:\WindowsMSJHBD.tt2
2016-03-03 20:51 - 2016-03-03 20:47 - 21302624 _____ C:\WindowsMSJH.tt2
2016-03-03 20:51 - 2016-03-03 20:47 - 00093836 _____ C:\WindowsLEELAWDB.tt2
2016-03-03 20:51 - 2016-03-03 20:46 - 00094064 _____ C:\WindowsLEELAWAD.tt2
C:\Users\NB\AppData\Local\Temp\0057521454733200mcinst.exe
C:\Users\NB\AppData\Local\Temp\COMAP.EXE
C:\Users\NB\AppData\Local\Temp\MSN3EE5.exe
C:\Users\NB\AppData\Local\Temp\procexp64.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 11 March 2016 - 10:30 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:33 AM

Posted 13 March 2016 - 08:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users