Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected laptop - Trojan.Zlob.Q and another, help needed please


  • This topic is locked This topic is locked
37 replies to this topic

#1 emmafifema

emmafifema

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 07 March 2016 - 06:56 AM

Hi,

My Norton is constantly flagging this "Trojan.Zlob.Q" and "Malicious WebSite, Domain, or URL(1)"

I have run the usual scan facility and after the 3rd scan it found some virus and other trojans which it removed but not these ones, the Norton eraser has not detected them either and neither has the Norton Bootable recovery tool!

I really do not know where to go from here???

Any help would be greatly appreciated.

Many thanks!

I have attached images of the Norton messages which are appearing:

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 07 March 2016 - 08:04 AM

Hello
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
1.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
2.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Edited by fireman4it, 07 March 2016 - 08:32 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 08 March 2016 - 05:08 AM

# AdwCleaner v5.101 - Logfile created 08/03/2016 at 09:53:37
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Emma Laptop - EMMALAPTOP-TOSH
# Running from : C:\Users\Emma Laptop\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\ByteFence
[-] Folder Deleted : C:\Program Files\aotech
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\ByteFence
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\dlohn
[-] Folder Deleted : C:\ProgramData\Avg_Update_0116avz
[-] Folder Deleted : C:\ProgramData\Avg_Update_0116tb
[-] Folder Deleted : C:\ProgramData\b07acb59-1357-0
[-] Folder Deleted : C:\ProgramData\b07acb59-46c3-0
[-] Folder Deleted : C:\ProgramData\f3a1350c-41a5-0
[-] Folder Deleted : C:\ProgramData\f3a1350c-7f43-1
[-] Folder Deleted : C:\ProgramData\{0237aae8-212c-0}
[-] Folder Deleted : C:\ProgramData\{07d1c457-612c-1}
[-] Folder Deleted : C:\Users\Connor\AppData\Local\SunnyDay2
[-] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn
[-] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma

***** [ Files ] *****

[-] File Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
[-] File Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal
[-] File Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com

***** [ Web browsers ] *****

[-] [C:\Users\Emma Laptop\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2udW5vgSL9IiesoFFHysLKKbwzq8cPyDd9kb30ql5iwWm_XOJcxaVCIZpzCDU7ihFnSoxkVj8wswB1D0ejejfByfY_Gfw8OWvbj9CujFdOtQrlvVkdFHCchHoH3_Mt7mnFNDUILPCSU5VrWisNvFLeAP212QDYgURlr9d3BUkO4,
[-] [C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip
[-] [C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2udW5vgSL9IiesoFFHysLKKbwzq8cPyDd9kb30ql5iwWm_XOJcxaVCIZpzCDU7ihFnSoxkVj8wswB1D0ejejfByfY_Gfw8OWvbj9CujFdOtQrlvVkdFHCchHoH3_Mt7mnFNDUILPCSU5VrWisNvFLeAP212QDYgURlr9d3BUkO4,
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://start.iminent.com/?appId=2DAD8A60-9DD7-496C-BE36-127B1666E224
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3325595&octid=EB_ORIGINAL_CTID&ISID=MB5FDD5FE-1A12-49FA-9FD3-C7F39BBFD846&SearchSource=55&CUI=&UM=5&UP=SP6FCBBE88-D21F-4D24-981C-588A6EFF2A72&SSPV=
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.v9.com/?type=hppp&ts=1403366595&from=amt&uid=WDCXWD800BD-00LRA0_WD-WMAM9KR9507295072&i=psd&t=34478bfa0
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.v9.com/?type=hppp&ts=1403556409&from=amt&uid=WDCXWD800BD-00LRA0_WD-WMAM9KR9507295072&i=psd&t=34495b641
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.v9.com/?type=hppp&ts=1403568421&from=amt&uid=WDCXWD800BD-00LRA0_WD-WMAM9KR9507295072&i=psd&t=344978b76
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.v9.com/?type=hppp&ts=1404235656&from=amt&uid=WDCXWD800BD-00LRA0_WD-WMAM9KR9507295072&i=psd&t=344fd5b56
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.v9.com/?type=hppp&ts=1404818312&from=amt&uid=WDCXWD800BD-00LRA0_WD-WMAM9KR9507295072&i=psd&t=345564352
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.omiga-plus.com/?type=hp&ts=1405970879&from=smt&uid=WDCXWD800BD-00LRA0_WD-WMAM9KR9507295072
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.v9.com/?type=hp&ts=1411052310&from=nsbuk&uid=SAMSUNGXHD250HJ_S19JJ9AQ500694&i=psd&t=3490d7ee4
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=1421150122&from=smt&uid=TOSHIBAXMK1652GSX_X8GCS027SXXX8GCS027S
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.delta-homes.com/?type=hp&ts=1428427175&from=wpm040732&uid=TOSHIBAXMK1652GSX_X8GCS027SXXX8GCS027S
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oglkiljdmflopemijdadoiepkhcaodjn
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [7888 bytes] - [08/03/2016 09:53:37]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [7683 bytes] - [08/03/2016 09:47:58]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [8074 bytes] ##########

#4 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 08 March 2016 - 05:15 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Emma Laptop (administrator) on EMMALAPTOP-TOSH (08-03-2016 10:11:02)
Running from C:\Users\Emma Laptop\Desktop
Loaded Profiles: Emma Laptop (Available Profiles: Emma Laptop & Connor & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coNatHst.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-07-26] (Toshiba Europe GmbH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\...\MountPoints2: {067bc07e-d4be-11e5-9a03-b888e315cd48} - F:\Startme.exe
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk [2011-07-26]
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk [2016-03-05]
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
Startup: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2015-12-16]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-07-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-07-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2016-01-08]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5F3AF821-BD77-455B-B8A7-9CECA8B4DDDB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-26] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3833727802-1621839553-3801273550-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-04] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Emma Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\ctntbi4h.default
FF Homepage: hxxp://www.google.co.uk/
FF Session Restore: -> is enabled.
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: Autofill - C:\Users\Emma Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\ctntbi4h.default\extensions\firefox-autofill@googlegroups.com.xpi [2016-02-09]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.5.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.5.15\coFFAddon [2016-02-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.5.15\coFFAddon

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/?gws_rd=ssl","hxxps://www.facebook.com/","hxxps://mail.google.com/mail/#inbox","hxxp://forums.moneysavingexpert.com/forumdisplay.php?s=&f=72&page=1&pp=20&sort=title&order=asc&daysprune=-1"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\gcswf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Emma Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR Profile: C:\Users\Emma Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Form Filler) - C:\Users\Emma Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackpeimfmiejdmhjpjhaaannpmcfcpll [2016-02-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\Emma Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-29]
CHR Extension: (Norton Identity Safe) - C:\Users\Emma Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Emma Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-29]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2016-02-12] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-11-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-29] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-02] ()
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2016-02-15] (Sony Mobile Communications)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\IPSDefs\20160304.001\IDSvia64.sys [767224 2016-02-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160307.003\ENG64.SYS [138488 2016-02-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.5.15\Definitions\VirusDefs\20160307.003\EX64.SYS [2148080 2016-02-29] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-11-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-02-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-11-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 10:11 - 2016-03-08 10:11 - 00027204 _____ C:\Users\Emma Laptop\Desktop\FRST.txt
2016-03-08 10:10 - 2016-03-08 10:11 - 00000000 ____D C:\FRST
2016-03-08 10:10 - 2016-03-08 10:10 - 02374144 _____ (Farbar) C:\Users\Emma Laptop\Desktop\FRST64.exe
2016-03-08 09:47 - 2016-03-08 09:53 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 09:46 - 2016-03-08 09:46 - 01524224 _____ C:\Users\Emma Laptop\Desktop\AdwCleaner.exe
2016-03-06 00:08 - 2016-03-08 00:10 - 00000988 _____ C:\Windows\ntbtlog.txt
2016-03-06 00:06 - 2016-03-06 00:07 - 03088296 _____ (Symantec Corporation) C:\Users\Emma Laptop\Downloads\NPE (2).exe
2016-03-05 23:26 - 2016-03-05 23:26 - 03088296 _____ (Symantec Corporation) C:\Users\Emma Laptop\Downloads\NPE (1).exe
2016-03-05 22:48 - 2016-03-05 22:49 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\{71CAEDBF-890D-41C7-9E8B-9E1AF85F7509}
2016-03-05 22:16 - 2016-03-05 22:16 - 00000000 ____D C:\Users\Connor\AppData\LocalLow\uTorrent
2016-03-05 06:13 - 2016-03-05 08:08 - 00000000 ____D C:\NBRT
2016-03-04 08:55 - 2016-03-04 09:27 - 00000000 ____D C:\Users\Emma Laptop\Desktop\USB
2016-03-04 08:46 - 2016-03-04 08:46 - 00000000 ____D C:\Windows\system32\Drivers\NBRTWizardx64
2016-03-04 08:46 - 2016-03-04 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2016-03-04 08:46 - 2016-03-04 08:46 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2016-03-04 08:43 - 2016-03-04 08:43 - 01110992 _____ (Symantec Corporation) C:\Users\Emma Laptop\Downloads\NBRT-Retail-Downloader.exe
2016-03-02 19:36 - 2016-03-02 19:36 - 00000000 _____ C:\autoexec.bat
2016-03-02 19:35 - 2016-03-02 19:35 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-02 01:18 - 2016-03-06 00:09 - 00000000 ____D C:\NPE
2016-03-02 01:15 - 2016-03-02 01:15 - 03088296 _____ (Symantec Corporation) C:\Users\Emma Laptop\Downloads\NPE.exe
2016-02-29 21:58 - 2016-03-06 00:16 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\NPE
2016-02-29 21:38 - 2016-02-29 21:38 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-02-29 21:34 - 2016-02-29 21:34 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-02-29 21:34 - 2016-02-29 21:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-02-29 21:18 - 2016-03-04 08:47 - 00000000 ____D C:\Users\Emma Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-02-29 21:18 - 2016-03-04 08:44 - 00001387 _____ C:\Users\Emma Laptop\Desktop\Norton Installation Files.lnk
2016-02-29 21:18 - 2016-02-29 21:18 - 01110728 _____ (Symantec Corporation) C:\Users\Emma Laptop\Downloads\NortonNISDownloader.exe
2016-02-29 16:22 - 2016-02-29 16:22 - 00011978 _____ C:\Users\Guest\Downloads\housingbenefitsBACSSchedule14_15_tcm9_57154.xlsx
2016-02-29 15:17 - 2016-02-29 15:17 - 00000000 ____D C:\Users\Guest\AppData\Roaming\AVG
2016-02-29 15:17 - 2016-02-29 15:17 - 00000000 ____D C:\Users\Guest\AppData\Local\Avg
2016-02-29 08:57 - 2016-02-29 08:57 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-29 08:57 - 2016-02-29 08:57 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-29 08:57 - 2016-02-29 08:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-29 01:24 - 2016-02-29 01:24 - 02895464 _____ (AVG Technologies) C:\Users\Emma Laptop\Downloads\AVG_Protection_Free_1115.exe
2016-02-27 22:25 - 2016-02-27 22:25 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\{8E5D07F1-FD40-4E45-BB25-02440BBD48A1}
2016-02-26 20:27 - 2016-02-26 20:27 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\Macromedia
2016-02-26 19:45 - 2016-02-26 19:46 - 00288505 _____ C:\Users\Emma Laptop\Downloads\Copy%20of%20NEW%20PRICING%20TEMPLATE%20(2014_12_21%2020_27_16%20UTC).xl.xlsx
2016-02-24 14:56 - 2016-02-24 14:56 - 40715126 _____ C:\Users\Emma Laptop\Downloads\ac_addin_win_975_228.zip
2016-02-21 21:54 - 2016-03-07 23:24 - 00000000 ____D C:\Users\Emma Laptop\Documents\COMPING DOCS
2016-02-18 02:04 - 2016-02-18 02:04 - 00000064 _____ C:\Users\Emma Laptop\Desktop\ADDRESS.txt
2016-02-15 02:12 - 2016-02-15 02:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2016-02-15 02:12 - 2016-02-15 02:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2016-02-15 02:08 - 2016-02-15 02:08 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2016-02-15 02:08 - 2016-02-15 02:08 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2016-02-15 02:08 - 2016-02-15 02:08 - 00000000 ____D C:\Users\Emma Laptop\.oracle_jre_usage
2016-02-15 02:06 - 2016-02-29 01:06 - 00000000 ____D C:\ProgramData\Sony Mobile
2016-02-15 02:06 - 2016-02-29 01:06 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2016-02-13 02:16 - 2016-02-13 02:16 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\{FF02A99B-79BC-4091-A07C-BB73604D9F9B}
2016-02-12 03:20 - 2016-02-12 03:20 - 00000222 _____ C:\Users\Emma Laptop\Documents\virgin complaint.txt
2016-02-12 02:31 - 2016-02-29 08:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 15:28 - 2016-02-11 15:28 - 00000000 ____D C:\Users\Emma Laptop\Documents\Sony
2016-02-10 21:16 - 2016-02-06 10:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 21:16 - 2016-02-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 21:16 - 2016-02-06 10:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 21:16 - 2016-02-06 10:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 21:16 - 2016-02-06 10:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 21:16 - 2016-02-06 10:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 21:16 - 2016-02-06 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 21:16 - 2016-02-06 09:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 21:16 - 2016-02-06 09:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 21:16 - 2016-02-06 09:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 21:16 - 2016-02-06 09:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 21:16 - 2016-02-06 09:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 21:16 - 2016-02-06 09:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 21:16 - 2016-02-06 08:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 21:16 - 2016-01-22 20:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 21:16 - 2016-01-22 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 21:16 - 2016-01-22 06:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 21:16 - 2016-01-22 06:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 21:16 - 2016-01-22 06:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 21:16 - 2016-01-22 06:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 21:16 - 2016-01-22 06:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 21:16 - 2016-01-22 06:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 21:16 - 2016-01-22 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 21:16 - 2016-01-22 05:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 21:16 - 2016-01-22 05:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 21:16 - 2016-01-22 05:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 21:16 - 2016-01-22 05:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 21:16 - 2016-01-22 05:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 21:16 - 2016-01-22 05:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 21:16 - 2016-01-16 19:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 21:16 - 2016-01-16 18:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 21:16 - 2016-01-11 14:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 21:16 - 2016-01-11 14:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 21:16 - 2016-01-11 14:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 21:16 - 2016-01-11 14:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 21:16 - 2016-01-11 14:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 21:16 - 2016-01-06 19:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 21:16 - 2016-01-06 19:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 21:16 - 2016-01-06 18:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 21:15 - 2016-01-22 20:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 21:15 - 2016-01-22 06:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 21:15 - 2016-01-22 06:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 21:15 - 2016-01-22 06:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 21:15 - 2016-01-22 06:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 21:15 - 2016-01-22 06:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 21:15 - 2016-01-22 06:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 21:15 - 2016-01-22 06:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 21:15 - 2016-01-22 06:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 21:15 - 2016-01-22 06:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 21:15 - 2016-01-22 06:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 21:15 - 2016-01-22 06:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 21:15 - 2016-01-22 06:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 21:15 - 2016-01-22 06:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 21:15 - 2016-01-22 06:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 21:15 - 2016-01-22 06:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 21:15 - 2016-01-22 06:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 21:15 - 2016-01-22 06:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 21:15 - 2016-01-22 06:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 21:15 - 2016-01-22 05:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 21:15 - 2016-01-22 05:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 21:15 - 2016-01-22 05:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 21:15 - 2016-01-22 05:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 21:15 - 2016-01-22 05:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 21:15 - 2016-01-22 05:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 21:15 - 2016-01-22 05:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 21:15 - 2016-01-22 05:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 21:15 - 2016-01-22 05:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 21:15 - 2016-01-22 05:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 21:15 - 2016-01-22 05:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 21:15 - 2016-01-22 05:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 21:15 - 2016-01-22 05:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 21:15 - 2016-01-22 05:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 21:15 - 2016-01-22 05:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 21:15 - 2016-01-22 05:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 21:15 - 2016-01-22 05:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 21:15 - 2016-01-22 05:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 21:15 - 2016-01-11 19:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 21:15 - 2016-01-11 19:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 21:15 - 2016-01-11 19:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 21:15 - 2016-01-11 18:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-10 21:15 - 2016-01-11 18:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 21:15 - 2016-01-11 18:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 21:15 - 2016-01-11 18:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 21:15 - 2016-01-11 18:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 21:15 - 2016-01-11 18:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 21:15 - 2016-01-11 18:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 21:15 - 2016-01-11 18:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 21:15 - 2016-01-11 18:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 21:15 - 2016-01-11 18:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 21:15 - 2016-01-11 18:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 21:15 - 2016-01-11 18:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 21:15 - 2016-01-11 18:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-10 21:15 - 2016-01-07 17:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 21:15 - 2016-01-07 17:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 21:14 - 2016-01-16 19:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 21:14 - 2016-01-16 18:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 21:13 - 2016-01-22 06:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 21:13 - 2016-01-22 06:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 21:13 - 2016-01-22 06:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 21:13 - 2016-01-22 06:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 21:13 - 2016-01-22 06:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 21:13 - 2016-01-22 06:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 21:13 - 2016-01-22 06:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 21:13 - 2016-01-22 06:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 21:13 - 2016-01-22 06:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 21:13 - 2016-01-22 06:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 21:13 - 2016-01-22 06:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 21:13 - 2016-01-22 06:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 21:13 - 2016-01-22 06:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 21:13 - 2016-01-22 06:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 21:13 - 2016-01-22 06:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 21:13 - 2016-01-22 06:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 21:13 - 2016-01-22 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 21:13 - 2016-01-22 06:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 21:13 - 2016-01-22 06:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 21:13 - 2016-01-22 06:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 21:13 - 2016-01-22 06:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 21:13 - 2016-01-22 06:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 21:13 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 21:13 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 21:13 - 2016-01-22 06:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 06:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 21:13 - 2016-01-22 06:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 21:13 - 2016-01-22 06:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 21:13 - 2016-01-22 06:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 21:13 - 2016-01-22 06:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 21:13 - 2016-01-22 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 21:13 - 2016-01-22 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 21:13 - 2016-01-22 06:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 21:13 - 2016-01-22 06:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 21:13 - 2016-01-22 06:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 21:13 - 2016-01-22 06:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 21:13 - 2016-01-22 06:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 21:13 - 2016-01-22 06:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 21:13 - 2016-01-22 06:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 21:13 - 2016-01-22 06:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 21:13 - 2016-01-22 06:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 21:13 - 2016-01-22 06:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 21:13 - 2016-01-22 06:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 21:13 - 2016-01-22 06:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 21:13 - 2016-01-22 06:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 21:13 - 2016-01-22 05:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 21:13 - 2016-01-22 05:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 21:13 - 2016-01-22 05:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 21:13 - 2016-01-22 04:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 21:13 - 2016-01-22 04:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 21:13 - 2016-01-22 04:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 21:13 - 2016-01-22 04:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 21:13 - 2016-01-22 04:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 21:13 - 2016-01-22 04:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 21:13 - 2016-01-22 04:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 21:13 - 2016-01-22 04:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 21:13 - 2016-01-22 04:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 21:13 - 2016-01-22 04:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 21:13 - 2016-01-22 04:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 04:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 04:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 21:13 - 2016-01-22 04:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 21:12 - 2016-01-22 06:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 21:12 - 2016-01-22 06:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 21:12 - 2016-01-22 06:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 21:12 - 2016-01-22 06:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 21:12 - 2016-01-22 06:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 21:12 - 2016-01-22 05:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 21:12 - 2016-01-22 05:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 21:12 - 2016-01-22 05:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-09 23:34 - 2016-02-29 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-02-09 23:34 - 2016-02-09 23:34 - 00002109 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2016-02-09 23:33 - 2016-02-29 01:06 - 00000000 ____D C:\ProgramData\Sony
2016-02-09 23:33 - 2016-02-29 01:06 - 00000000 ____D C:\Program Files (x86)\Sony
2016-02-09 23:33 - 2016-02-09 23:33 - 29511952 _____ (Sony Mobile Communications ) C:\Users\Emma Laptop\Downloads\Sony PC Companion_Web.exe
2016-02-09 15:58 - 2015-12-08 21:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-02-09 15:58 - 2015-12-08 21:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-02-09 15:58 - 2015-12-08 21:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-02-09 15:58 - 2015-12-08 21:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-02-09 15:58 - 2015-12-08 21:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-02-09 15:58 - 2015-12-08 21:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-02-09 15:58 - 2015-12-08 21:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-02-09 15:58 - 2015-12-08 21:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-02-09 15:58 - 2015-12-08 21:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-02-09 15:58 - 2015-12-08 21:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-09 15:58 - 2015-12-08 19:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-09 15:58 - 2015-12-08 19:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-02-09 15:58 - 2015-12-08 19:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-02-09 15:58 - 2015-12-08 19:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-09 15:58 - 2015-12-08 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-02-09 15:58 - 2015-12-08 19:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-02-09 15:58 - 2015-12-08 18:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-02-09 15:58 - 2015-12-08 18:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-09 15:58 - 2015-12-08 18:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-02-09 15:58 - 2015-11-16 20:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-02-09 15:58 - 2015-11-13 23:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-09 15:58 - 2015-11-13 23:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-09 15:58 - 2015-11-13 23:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-09 15:58 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-02-09 15:58 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-02-09 15:58 - 2015-11-13 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-02-09 15:57 - 2015-12-08 21:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-02-09 15:57 - 2015-12-08 19:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-09 14:33 - 2016-02-09 14:33 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-02-09 14:33 - 2016-02-09 14:33 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 10:05 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-08 10:05 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-08 09:59 - 2015-09-23 09:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-03-08 09:59 - 2014-12-15 15:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-08 09:56 - 2011-07-26 09:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-08 09:56 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-08 00:37 - 2011-07-26 09:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-08 00:12 - 2009-07-14 05:13 - 00006434 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-07 11:35 - 2014-09-17 15:05 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\Google
2016-03-05 23:29 - 2015-12-01 01:23 - 00000000 ____D C:\Users\Connor\AppData\Roaming\uTorrent
2016-03-04 08:47 - 2014-09-17 15:12 - 00000000 ____D C:\ProgramData\Norton
2016-03-04 08:46 - 2014-09-17 15:12 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-03-04 08:44 - 2014-10-03 23:05 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-03-02 22:38 - 2011-07-26 09:42 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-02 22:38 - 2011-07-26 09:42 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-02 22:26 - 2011-07-26 09:24 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-03-02 22:26 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-02 22:25 - 2011-07-26 09:24 - 00000000 ____D C:\ProgramData\WildTangent
2016-03-02 22:15 - 2016-01-20 16:52 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\AvgSetupLog
2016-03-02 22:15 - 2016-01-20 16:52 - 00000000 ____D C:\ProgramData\Avg
2016-03-02 22:15 - 2016-01-20 16:52 - 00000000 ____D C:\Program Files (x86)\AVG
2016-03-02 19:58 - 2015-12-01 01:24 - 00002967 _____ C:\Users\Connor\Desktop\µTorrent.lnk
2016-03-02 00:13 - 2016-01-23 11:19 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\CrashDumps
2016-02-29 21:35 - 2014-09-17 15:12 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-02-29 21:34 - 2014-09-17 15:13 - 00002414 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2016-02-29 21:31 - 2014-09-17 15:13 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-02-29 21:31 - 2014-09-17 15:13 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-02-29 21:31 - 2014-09-17 15:13 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-02-29 21:28 - 2014-09-17 15:12 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-02-29 21:26 - 2016-01-20 16:52 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\Avg
2016-02-29 21:26 - 2016-01-20 16:51 - 00000000 ____D C:\Users\Connor\AppData\Local\Avg
2016-02-29 21:25 - 2016-01-20 16:54 - 00000000 ____D C:\ProgramData\MFAData
2016-02-29 12:21 - 2011-07-26 09:42 - 00000000 ____D C:\Program Files\Google
2016-02-29 12:21 - 2011-07-26 09:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-29 08:43 - 2011-07-26 09:41 - 00000000 ____D C:\ProgramData\Google
2016-02-29 01:42 - 2015-04-05 00:25 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-29 01:42 - 2015-04-05 00:25 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-29 01:17 - 2014-09-17 14:59 - 00000000 ____D C:\Users\Emma Laptop
2016-02-29 01:13 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\servicing
2016-02-29 01:11 - 2015-07-20 23:02 - 00000000 ____D C:\Users\Connor
2016-02-29 01:11 - 2014-09-21 12:10 - 00000000 ____D C:\Users\Guest
2016-02-29 01:11 - 2011-07-26 09:41 - 00000000 ____D C:\Program Files (x86)\Toshiba TEMPRO
2016-02-29 01:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-02-29 01:10 - 2015-04-05 10:42 - 00000000 ____D C:\Program Files\iTunes
2016-02-29 01:10 - 2015-04-05 10:01 - 00000000 ____D C:\Program Files\Bonjour
2016-02-29 01:10 - 2014-09-22 09:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2016-02-29 01:10 - 2014-09-17 15:02 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\Toshiba
2016-02-29 01:09 - 2015-04-05 10:01 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-29 01:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-02-29 01:08 - 2014-12-15 15:53 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-29 01:07 - 2014-09-17 15:28 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\TOSHIBA_Corporation
2016-02-29 01:07 - 2014-09-17 14:38 - 00000000 ____D C:\Windows\Downloaded Installations
2016-02-29 01:06 - 2014-09-23 21:35 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\Nero_AG
2016-02-26 20:25 - 2014-09-17 15:02 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\Adobe
2016-02-26 19:47 - 2014-09-25 20:49 - 00000000 ____D C:\Users\Emma Laptop\Documents\CHRIS - New Horizon
2016-02-15 13:37 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-02-15 13:36 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-11 17:43 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2016-02-11 11:27 - 2009-07-14 04:45 - 00301648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-11 11:24 - 2014-12-11 10:50 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-11 11:24 - 2014-09-19 17:42 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-11 11:24 - 2010-11-21 07:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-09 23:33 - 2011-07-26 09:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-09 22:59 - 2014-12-15 15:53 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 22:59 - 2014-12-15 15:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 22:59 - 2014-12-15 15:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 22:43 - 2014-09-20 23:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-09 22:43 - 2014-09-20 23:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-09 16:13 - 2014-09-20 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-09 15:32 - 2011-07-26 09:42 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-09 15:32 - 2011-07-26 09:42 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-09 15:28 - 2014-09-27 23:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-09 15:18 - 2015-12-01 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-02-09 15:18 - 2015-12-01 01:23 - 00000000 ____D C:\Users\Emma Laptop\AppData\Roaming\uTorrent
2016-02-09 15:18 - 2015-07-21 02:49 - 00000000 ____D C:\Users\Connor\AppData\Local\TOSHIBA_Corporation
2016-02-09 15:18 - 2015-07-21 02:32 - 00000000 ____D C:\Users\Connor\AppData\Local\Toshiba
2016-02-09 15:18 - 2014-10-09 21:14 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\Microsoft Help
2016-02-09 15:18 - 2014-09-27 23:10 - 00000000 ____D C:\Users\Emma Laptop\AppData\Roaming\Skype
2016-02-09 15:18 - 2014-09-17 15:02 - 00000000 ____D C:\Users\Emma Laptop\AppData\Roaming\Adobe
2016-02-09 15:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2016-02-09 15:18 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-09 15:17 - 2016-01-24 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-09 15:17 - 2016-01-20 02:44 - 00000000 ____D C:\ProgramData\Airtostrong
2016-02-09 15:16 - 2016-01-28 02:45 - 00000000 ____D C:\Users\Connor\AppData\Local\Nero_AG
2016-02-09 15:16 - 2016-01-27 23:38 - 00000000 ____D C:\Users\Connor\Downloads\Hannibal[2001]DvDrip[Eng.Subs]-kirklestat
2016-02-09 15:16 - 2016-01-24 17:20 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\{867EB022-A2D6-DC9A-CF4E-F972EB2605EA}
2016-02-09 15:16 - 2015-07-20 23:04 - 00000000 ____D C:\Users\Connor\AppData\Local\VirtualStore
2016-02-09 15:15 - 2009-07-14 03:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-02-09 15:15 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-02-09 15:09 - 2014-09-17 14:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-02-09 15:09 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-02-09 15:09 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-02-09 15:09 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-02-09 15:09 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-02-09 15:09 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\winrm
2016-02-09 15:09 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Web
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Vss
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-02-09 15:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-02-09 15:08 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\WCN
2016-02-09 15:08 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\slmgr
2016-02-09 15:08 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-02-09 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-02-09 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\spool
2016-02-09 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\SMI
2016-02-09 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\oobe
2016-02-09 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\MUI
2016-02-09 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-02-09 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-09 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\IME
2016-02-09 15:07 - 2014-10-05 10:27 - 00000000 ____D C:\Windows\Msagent
2016-02-09 15:07 - 2014-10-02 20:41 - 00000000 ____D C:\Windows\system32\advent
2016-02-09 15:07 - 2014-09-17 14:51 - 00000000 ____D C:\Windows\OemDrv
2016-02-09 15:07 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\Performance
2016-02-09 15:07 - 2009-07-14 04:45 - 00000000 ____D C:\Windows\Setup
2016-02-09 15:07 - 2009-07-14 04:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-02-09 15:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Dism
2016-02-09 15:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\com
2016-02-09 15:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\security
2016-02-09 15:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\schemas
2016-02-09 15:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Resources
2016-02-09 15:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-09 15:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PLA
2016-02-09 15:06 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Media
2016-02-09 15:06 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\IME
2016-02-09 15:06 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Help
2016-02-09 15:06 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Globalization
2016-02-09 15:06 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Branding
2016-02-09 15:05 - 2014-11-20 19:13 - 00000000 ____D C:\Users\Emma Laptop\AppData\LocalLow\Google
2016-02-09 15:05 - 2014-09-22 09:52 - 00000000 ____D C:\Users\Emma Laptop\AppData\Roaming\SoftGrid Client
2016-02-09 15:04 - 2014-09-27 23:15 - 00000000 ____D C:\Users\Emma Laptop\AppData\Local\Skype
2016-02-09 15:03 - 2015-12-16 02:16 - 00000000 ____D C:\Users\Connor\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2016-02-09 15:03 - 2015-07-26 13:04 - 00000000 ____D C:\Users\Connor\AppData\Roaming\Skype
2016-02-09 15:03 - 2015-07-26 13:04 - 00000000 ____D C:\Users\Connor\AppData\Local\Skype
2016-02-09 15:03 - 2015-07-20 23:05 - 00000000 ____D C:\Users\Connor\AppData\Roaming\Adobe
2016-02-09 15:03 - 2015-07-20 23:02 - 00000000 ____D C:\Users\Connor\AppData\Roaming\Macromedia
2016-02-09 15:03 - 2014-09-17 15:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-09 15:03 - 2014-09-17 15:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-09 15:02 - 2015-09-23 09:34 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-09 15:02 - 2015-09-16 17:54 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-02-09 15:02 - 2015-07-20 23:05 - 00000000 ____D C:\Users\Connor\AppData\Local\Google
2016-02-09 15:02 - 2015-04-05 10:42 - 00000000 ____D C:\ProgramData\Apple Computer
2016-02-09 15:02 - 2015-04-05 10:42 - 00000000 ____D C:\Program Files\iPod
2016-02-09 15:02 - 2015-04-05 10:00 - 00000000 ____D C:\ProgramData\Apple
2016-02-09 15:02 - 2015-04-05 10:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-09 15:02 - 2014-11-22 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-02-09 15:02 - 2014-11-22 17:56 - 00000000 ____D C:\ProgramData\EPSON
2016-02-09 15:02 - 2014-11-22 17:56 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-02-09 15:02 - 2014-10-09 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-02-09 15:02 - 2014-09-22 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-02-09 15:02 - 2014-09-22 09:51 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-09 15:02 - 2014-09-17 14:44 - 00000000 ____D C:\ProgramData\Toshiba
2016-02-09 15:02 - 2014-09-17 14:42 - 00000000 ____D C:\Program Files\Synaptics
2016-02-09 15:02 - 2014-09-17 14:38 - 00000000 ____D C:\ProgramData\win7_64
2016-02-09 15:02 - 2014-09-17 14:38 - 00000000 ____D C:\ProgramData\win7_32
2016-02-09 15:02 - 2014-09-17 14:38 - 00000000 ____D C:\ProgramData\vista64
2016-02-09 15:02 - 2014-09-17 14:38 - 00000000 ____D C:\ProgramData\vista32
2016-02-09 15:02 - 2014-09-17 14:36 - 00000000 ____D C:\Program Files\Realtek
2016-02-09 15:02 - 2011-07-26 09:36 - 00000000 ____D C:\Program Files\Windows Live
2016-02-09 15:02 - 2011-07-26 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-02-09 15:02 - 2011-07-26 09:31 - 00000000 ____D C:\ProgramData\McAfee
2016-02-09 15:02 - 2011-07-26 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-02-09 15:02 - 2011-07-26 09:28 - 00000000 ____D C:\ProgramData\Nero
2016-02-09 15:02 - 2011-07-26 09:26 - 00000000 ____D C:\ProgramData\Skype
2016-02-09 15:02 - 2011-07-26 09:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2016-02-09 15:02 - 2011-07-26 09:12 - 00000000 ____D C:\Program Files\TOSHIBA
2016-02-09 15:02 - 2011-07-26 08:21 - 00000000 ____D C:\Toshiba
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\MSBuild
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-09 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-09 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Windows NT
2016-02-09 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-09 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-02-09 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-02-09 15:01 - 2015-12-01 01:27 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-02-09 15:01 - 2015-04-05 10:42 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-02-09 15:01 - 2014-10-09 21:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-02-09 15:01 - 2014-09-17 14:43 - 00000000 ____D C:\Program Files (x86)\Realtek WLAN Driver
2016-02-09 15:01 - 2014-09-17 14:36 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-02-09 15:01 - 2014-09-17 14:28 - 00000000 ____D C:\Program Files (x86)\Intel
2016-02-09 15:01 - 2011-07-26 09:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-09 15:01 - 2011-07-26 09:37 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-02-09 15:01 - 2011-07-26 09:29 - 00000000 ____D C:\Program Files (x86)\Nero
2016-02-09 15:01 - 2011-07-26 09:17 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-02-09 15:01 - 2011-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-09 15:01 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-09 15:01 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-09 15:00 - 2015-04-05 10:02 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-02-09 15:00 - 2014-11-22 23:14 - 00000000 ____D C:\Program Files (x86)\Epson Software
2016-02-09 15:00 - 2011-07-26 09:18 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2016-01-20 01:42 - 2016-01-20 01:42 - 0041472 _____ () C:\Users\Emma Laptop\AppData\Local\Scot-lax.dat
2015-03-12 11:44 - 2015-03-12 11:44 - 0000000 _____ () C:\Users\Emma Laptop\AppData\Local\{95123981-37A3-4825-B332-688745620459}

Some files in TEMP:
====================
C:\Users\Emma Laptop\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-04 17:10

==================== End of FRST.txt ============================

#5 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 08 March 2016 - 05:16 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Emma Laptop (2016-03-08 10:11:56)
Running from C:\Users\Emma Laptop\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-17 14:59:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3833727802-1621839553-3801273550-500 - Administrator - Disabled)
Connor (S-1-5-21-3833727802-1621839553-3801273550-1003 - Limited - Enabled) => C:\Users\Connor
Emma Laptop (S-1-5-21-3833727802-1621839553-3801273550-1000 - Administrator - Enabled) => C:\Users\Emma Laptop
Guest (S-1-5-21-3833727802-1621839553-3801273550-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3833727802-1621839553-3801273550-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.15 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.2.201601251738 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.30C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.10C - TOSHIBA CORPORATION)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {243F5B7B-9541-4850-8F39-3D22C810B090} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {66A0582F-2797-4956-A011-BB02FBC84D6B} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {6DC1DF04-3118-4F38-A0B9-90884796034D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.)
Task: {80729DEE-BC7E-4E86-A667-2A14705C4FE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.)
Task: {9BBD4483-0AF7-4448-BD3D-988CC9BDDA69} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {A574A369-A35D-48A8-93F8-5D024BFF1952} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
Task: {D182B7DF-1B75-4D38-B27D-41898A26CA59} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe [2016-01-06] (Symantec Corporation)
Task: {FE22B32C-7B17-476F-897D-B4ABCA96FD4B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-07 15:07 - 2010-04-07 15:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-07-26 09:12 - 2010-08-31 14:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 18:08 - 2009-03-12 18:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 15:38 - 2009-07-25 15:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2011-07-26 09:23 - 2011-02-22 11:06 - 00563576 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\en\Humphrey.resources.dll
2011-07-26 09:41 - 2011-04-21 09:57 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2016-02-09 23:33 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2016-02-09 23:33 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2016-02-09 23:33 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00093568 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00143232 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 00167296 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2015-09-07 16:02 - 2015-09-07 16:02 - 00212352 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2016-02-09 23:33 - 2015-04-21 12:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-09-07 16:01 - 2015-09-07 16:01 - 00056704 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2015-09-07 16:01 - 2015-09-07 16:01 - 00237440 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-11-06 11:46 - 2015-11-06 11:46 - 02385280 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2015-11-13 11:52 - 2015-11-13 11:52 - 00824192 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2016-03-02 22:38 - 2016-03-02 04:47 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\libglesv2.dll
2016-03-02 22:38 - 2016-03-02 04:47 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3833727802-1621839553-3801273550-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Emma Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DDD1EC5C-72FD-4191-A406-3A5D92E059F7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A92BD2AA-25CF-4F10-852C-6313758372B6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{68387475-7EED-40E0-9BE2-7F8B421781FD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{5338AFAF-B7D3-4751-B835-25E33AFE7657}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{15755E0D-B552-4471-9A1F-D3C109C88AA2}] => (Allow) LPort=2869
FirewallRules: [{2DE5A8F8-A971-41B0-B66D-2724010C514F}] => (Allow) LPort=1900
FirewallRules: [{A1E26DD9-0D78-46CA-A8D0-09A6191D7576}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DD9C8F3D-0A31-4452-8689-17DA44779246}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FE0AAD75-9101-4BCC-B563-F6086E4CBCC3}] => (Allow) LPort=5353
FirewallRules: [{4C2FF53A-FD6A-4E33-B70D-B8D8ADE2BAE7}] => (Allow) LPort=9333
FirewallRules: [{147EF69E-1D3A-4EE4-A89C-01A97F4526FF}] => (Allow) LPort=5353
FirewallRules: [{2C22620F-25BD-4EDC-B76B-EE79FA04084B}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{84A96A21-3B25-4927-A930-6D859544E82A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{78B9E836-3A43-4465-8C2A-389705802EBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{925D45B8-52BD-4272-ACDE-DF565E7670D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{228BB891-8170-4C23-A958-96D3853D9B05}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1D1A58C-A5F0-4408-9EB7-D1CC0AE933EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9BB80CC8-4061-4F5D-BFCE-FB3A97CEF3D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D02C42DF-63AC-4BB5-9505-B30569AE52F1}] => (Allow) C:\Users\Connor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6F0A0742-9AA4-4C5E-BE3E-2458F483C6B5}] => (Allow) C:\Users\Connor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30438E49-DBF0-4E32-BBCF-4BA9041300CD}] => (Allow) C:\Users\Connor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{812449AB-C8E1-41EA-BAC3-BF8FA56FEA16}] => (Allow) C:\Users\Connor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{05A19470-0E7F-4CA8-8125-9E33A8E1269D}] => (Allow) C:\Users\Connor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BBCDE125-4076-48DF-A02D-B93A76B52498}] => (Allow) C:\Users\Connor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4685E1E5-ED2D-4CF0-AA90-780B217CAC6B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1861A72-07BC-4562-BA32-9F93B4D425AC}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{366F1864-9584-4D3A-A85D-CFA432962886}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{F8A97160-E8B1-4B45-820C-57894AF97903}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{74F0D495-F406-43A0-B145-4E4552C6672C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{91D521E2-75FD-45FF-80E2-79BC5A35C75E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-02-2016 21:20:01 Removed AVG
29-02-2016 21:22:15 Removed AVG 2016
02-03-2016 22:16:13 Removed Visual Studio 2012 x64 Redistributables
02-03-2016 22:16:59 Removed Visual Studio 2012 x86 Redistributables

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2016 10:06:35 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (03/08/2016 09:57:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2016 09:40:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2016 12:12:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/08/2016 12:12:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/08/2016 12:10:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2275914

Error: (03/08/2016 12:10:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2275914

Error: (03/08/2016 12:10:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2016 11:33:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10249

Error: (03/07/2016 11:33:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10249


System errors:
=============
Error: (03/08/2016 09:57:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/08/2016 09:56:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (03/08/2016 09:54:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (03/08/2016 09:53:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/08/2016 09:53:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 09:53:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/08/2016 09:53:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 09:53:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 09:53:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 09:53:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ConfigFree WiMAX Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3890.67 MB
Available physical RAM: 1738.11 MB
Total Virtual: 7779.55 MB
Available Virtual: 5185.5 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:298.09 GB) (Free:197.55 GB) NTFS
Drive d: (Data) (Fixed) (Total:297.69 GB) (Free:289.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 56E67E82)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#6 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 08 March 2016 - 05:18 AM

May be a totally stupid question but....do I now need to click on the FIX button on Farbar?

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 09 March 2016 - 09:17 AM

 

May be a totally stupid question but....do I now need to click on the FIX button on Farbar?

No, I just need the log to look for malware.

 

 

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

 

Let me know how the computer is running after this scan.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 09 March 2016 - 10:22 AM

Emsisoft Emergency Kit - Version 11.0
Last update: 09/03/2016 15:11:20
User account: EmmaLaptop-TOSH\Emma Laptop

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 09/03/2016 15:12:20
Key: HKEY_USERS\S-1-5-21-3833727802-1621839553-3801273550-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 detected: Application.AdReg (A)
C:\ProgramData\Airtostrong\Airtostrong.dat detected: Adware.Linkury.BG ( B)

Scanned 75496
Found 6

Scan end: 09/03/2016 15:18:42
Scan time: 0:06:22

C:\ProgramData\Airtostrong\Airtostrong.dat Adware.Linkury.BG ( B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-3833727802-1621839553-3801273550-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Application.Win32.WSearch (A)

Quarantined 4

#9 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 09 March 2016 - 10:24 AM

hi,

The laptop is still running the same, exactly the same problems.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 09 March 2016 - 11:05 AM

Norton still detecting trojan zlob?

 

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.

  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.

  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.

Providing the MalwareBytes' Anti-Malware log file


  • Attach the log file you just saved to your next reply for further review.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 09 March 2016 - 11:32 AM

Yes still detecting Zlob and the other one too - will do the above now

#12 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 09 March 2016 - 12:25 PM

Hi,

I have attached the log file from the scan to this message - Trojan.Zlob.Q is still a problem at this point.

Attached Files



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 09 March 2016 - 01:11 PM

bwebb7v.jpgDownload Delfix from here and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    delfix.jpg
  • Click the Run button.
When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.
 
 
 
Please run ADWcleaner and select the uninstall button
 
 
after these 2 programs have been ran is the still a zlob problem?

Edited by fireman4it, 09 March 2016 - 01:12 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 emmafifema

emmafifema
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 09 March 2016 - 03:57 PM

Norton is saying delfix is not safe and it keeps removing it - not allowing me to download??

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 09 March 2016 - 04:10 PM

Disable Norton and download the file. Delfix is a good program. It deletes all of our tools and quarantines. This way iIcan see if Norton is picking up on them.

Edited by fireman4it, 09 March 2016 - 04:10 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users