Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bloodhound Mal detected; lots of issues it seems..


  • This topic is locked This topic is locked
8 replies to this topic

#1 silencelicense

silencelicense

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 07 April 2016 - 10:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by glade (administrator) on GLADE-HP (07-04-2016 20:52:45)
Running from C:\Users\glade\Desktop
Loaded Profiles: glade (Available Profiles: glade)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccsvchst.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(PortableApps.com) G:\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) G:\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe
(PortableApps.com) G:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: K - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: {10723276-d711-11e5-afd5-0260b00d0601} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: {474a59ff-fb4f-11e4-9dd9-78acc098561c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: {54b7e79e-93d2-11e3-90d5-78acc098561c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: {8616247b-ef61-11e2-9db2-78acc098561c} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: {8f5bc904-8db5-11e3-b530-78acc098561c} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: {971adb1a-0259-11e2-af3a-78acc098561c} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: {b41c6a7b-fe61-11e4-9107-78acc098561c} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\...\MountPoints2: {eebb8f0c-def1-11e3-b36c-78acc098561c} - K:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\glade\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\glade\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\glade\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\glade\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\glade\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\glade\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-17] (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2 10.0.0.2
Tcpip\..\Interfaces\{B27F7C46-A0EA-4A4A-B6BB-C63714A180F9}: [DhcpNameServer] 10.0.0.2 10.0.0.2
Tcpip\..\Interfaces\{C765858C-81E6-4327-8428-C14B91214CCB}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=file_14_14_ie&cd=2XzuyEtN2Y1L1QzuyBzz0A0C0CtDzyzzyDyCtC0CyBtCzyzytN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0FtCtAtAyC0C0CtGzzyEtCtAtGtBtD0A0BtG0ByE0F0FtGyDyDtB0AzzyC0C0AyE0ByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEyDtBtBtA0DyDtG0F0DzzzytG0CtBtBtCtGtAyE0ByEtGyDtAyC0Bzzzy0CtAtDyEzzyD2Q&cr=152764872&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=file_14_14_ie&cd=2XzuyEtN2Y1L1QzuyBzz0A0C0CtDzyzzyDyCtC0CyBtCzyzytN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0FtCtAtAyC0C0CtGzzyEtCtAtGtBtD0A0BtG0ByE0F0FtGyDyDtB0AzzyC0C0AyE0ByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEyDtBtBtA0DyDtG0F0DzzzytG0CtBtBtCtGtAyE0ByEtGyDtAyC0Bzzzy0CtAtDyEzzyD2Q&cr=152764872&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.6.0.27
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.6.0.27
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.6.0.27
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U305&ocid=U305DHP&osmkt=en-us
HKU\S-1-5-21-1744051406-3026537142-3039376609-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=126&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=126&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=126&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=126&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2016-01-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2016-01-31] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: GamesFlight Games -> {9577EDED-C1C1-446F-BFBC-3C913BB0B18B} -> C:\Users\glade\AppData\Local\GamesFlight\flight.dll => No File
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll [2013-10-02] (AVG Secure Search)
BHO-x32: No Name -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{a957f810-b1f4-4c3b-8478-124dd69aad2c} -  No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{a957f810-b1f4-4c3b-8478-124dd69aad2c} -  No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2013-10-01] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll [2013-10-02] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\glade\AppData\Roaming\Mozilla\Firefox\Profiles\m0as8fx4.default-1435067203661
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2016-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2016-01-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll [2013-10-02] (AVG Technologies)
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2015-02-03] ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-02-03] (Unauthorized copy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Find All - C:\Users\glade\AppData\Roaming\Mozilla\Firefox\Profiles\m0as8fx4.default-1435067203661\extensions\findall@codedawn.com.xpi [2015-08-26]
FF Extension: Web2PDF converter - C:\Users\glade\AppData\Roaming\Mozilla\Firefox\Profiles\m0as8fx4.default-1435067203661\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2015-12-05]
FF Extension: NoScript - C:\Users\glade\AppData\Roaming\Mozilla\Firefox\Profiles\m0as8fx4.default-1435067203661\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-28]
FF Extension: ghostery - C:\Users\glade\AppData\Roaming\Mozilla\Firefox\Profiles\m0as8fx4.default-1435067203661\Extensions\firefox@ghostery.com.xpi [2016-02-28]
FF Extension: Print Edit - C:\Users\glade\AppData\Roaming\Mozilla\Firefox\Profiles\m0as8fx4.default-1435067203661\Extensions\printedit@DW-dev.xpi [2016-02-28]
FF Extension: Adblock Plus - C:\Users\glade\AppData\Roaming\Mozilla\Firefox\Profiles\m0as8fx4.default-1435067203661\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn [2016-04-07]
FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn [2013-04-30] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
S4 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S4 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-10-01] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2372080 2016-03-23] (IBM Corp.)
S4 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
S4 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Limited)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S4 StatusAgent4; C:\Windows\SysWOW64\SAgent4.exe [131072 2010-07-28] (SEIKO EPSON CORPORATION) [File not signed]
S4 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20160405.001\BHDrvx64.sys [1766640 2016-04-05] (Symantec Corporation)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-03-18] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-25] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20160406.001\IDSvia64.sys [767224 2016-04-06] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20160407.009\ENG64.SYS [138488 2016-04-06] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20160407.009\EX64.SYS [2148080 2016-04-06] (Symantec Corporation)
R1 RapportCerberus_1609035; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609035.sys [1156456 2016-04-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-03-23] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-03-23] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-03-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523432 2016-03-23] (IBM Corp.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-10-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 EraserUtilDrv11511; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 20:52 - 2016-04-07 20:53 - 00028188 _____ C:\Users\glade\Desktop\FRST.txt
2016-04-07 20:52 - 2016-04-07 20:52 - 00000000 ____D C:\FRST
2016-04-07 20:51 - 2016-04-07 20:51 - 02374144 _____ (Farbar) C:\Users\glade\Desktop\FRST64.exe
2016-04-07 20:40 - 2016-04-07 20:40 - 00009778 _____ C:\Users\glade\Desktop\hijackthislog.txt
2016-04-07 20:07 - 2016-04-07 20:07 - 00002544 _____ C:\{85462004-D14D-4DDC-BCE8-FE80B94D9948}
2016-04-07 17:37 - 2016-04-07 17:37 - 00000000 ___HD C:\ProgramData\Backup
2016-04-07 15:01 - 2016-04-07 15:03 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-07 01:16 - 2016-04-07 01:02 - 293840896 _____ C:\Users\glade\Desktop\rescue_system-common-en.iso
2016-04-07 00:37 - 2016-04-07 00:37 - 00000000 ____D C:\Users\glade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2016-04-07 00:37 - 2016-04-07 00:37 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2016-04-07 00:36 - 2016-04-07 00:36 - 06160320 _____ (LinuxLive USB Creator) C:\Users\glade\Desktop\LinuxLive USB Creator 2.9.4.exe
2016-04-06 23:00 - 2016-04-06 23:00 - 00003000 _____ C:\{BC27B9F3-1A19-4216-A21B-2C9C2E793984}
2016-04-06 22:57 - 2016-04-06 22:57 - 00002544 _____ C:\{4524259E-9D22-4213-AA2A-F267835F760A}
2016-04-06 22:40 - 2016-04-06 22:40 - 00003288 ____N C:\bootsqm.dat
2016-04-06 19:17 - 2016-04-06 19:17 - 00135977 _____ C:\Users\glade\Desktop\sfcdetails2.txt
2016-04-06 19:16 - 2016-04-06 19:16 - 00135977 _____ C:\Users\glade\Desktop\sfcdetails.txt
2016-04-06 17:49 - 2016-04-06 17:49 - 00000000 ____D C:\Avenger
2016-04-06 17:09 - 2016-04-06 23:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-06 17:09 - 2016-04-06 17:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-03 18:13 - 2016-04-06 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Time Freeze 2016
2016-04-03 18:13 - 2016-04-06 23:09 - 00000000 ____D C:\Program Files\Toolwiz Time Freeze 2016
2016-04-03 18:13 - 2016-04-03 18:13 - 00000000 ___HD C:\TOOLWIZTIMEFREEZE
2016-04-03 18:00 - 2016-04-03 18:00 - 23643507 _____ C:\Users\glade\Downloads\nirsoft_package_1.19.79.zip
2016-04-03 01:42 - 2016-04-06 23:10 - 00000000 ____D C:\Program Files (x86)\HD Tune
2016-04-03 01:36 - 2016-04-03 01:36 - 00000000 ____D C:\Users\glade\AppData\Roaming\4Discovery
2016-04-03 01:32 - 2016-04-03 01:33 - 06861929 _____ C:\Users\glade\Downloads\USB_Historian.zip
2016-04-03 01:28 - 2016-04-03 01:28 - 12444088 _____ C:\Users\glade\Downloads\testdisk-7.0.win.zip
2016-04-03 01:25 - 2016-04-03 01:25 - 00073875 _____ C:\Users\glade\Downloads\lastactivityview.zip
2016-04-03 00:25 - 2016-04-03 00:25 - 00000000 _RSHD C:\Users\glade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-04-03 00:25 - 2016-04-03 00:25 - 00000000 _RSHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-04-02 03:42 - 2016-04-02 03:42 - 00600439 _____ C:\Users\glade\Downloads\wifipasswords.zip
2016-04-02 03:41 - 2016-04-02 03:41 - 00851244 _____ C:\Users\glade\Downloads\netstalker.zip
2016-04-02 00:32 - 2016-04-06 23:08 - 00000000 ____D C:\Users\glade\Desktop\192_168_1_1 Admin Router Login_files
2016-04-02 00:32 - 2016-04-02 00:32 - 00022405 _____ C:\Users\glade\Desktop\192_168_1_1 Admin Router Login.htm
2016-04-02 00:31 - 2016-04-02 00:31 - 00000000 ____D C:\Users\glade\Desktop\SS64  Command line reference_files
2016-04-02 00:30 - 2016-04-02 00:31 - 00004140 _____ C:\Users\glade\Desktop\SS64  Command line reference.htm
2016-04-02 00:27 - 2016-04-06 23:08 - 00000000 ____D C:\Users\glade\Desktop\Free Help Forwarding Ports_files
2016-04-02 00:27 - 2016-04-02 00:27 - 00012135 _____ C:\Users\glade\Desktop\Free Help Forwarding Ports.htm
2016-04-02 00:22 - 2016-04-06 23:08 - 00000000 ____D C:\Users\glade\Desktop\VisionNet Router Passwords_files
2016-04-02 00:22 - 2016-04-02 00:22 - 00011409 _____ C:\Users\glade\Desktop\VisionNet Router Passwords.htm
2016-04-01 20:24 - 2016-04-01 20:24 - 00000000 ____D C:\Users\glade\AppData\Roaming\Trimble Connect for SketchUp
2016-03-28 15:25 - 2016-03-28 15:25 - 00559133 _____ C:\Users\glade\Downloads\Everything-1.3.4.686.x64.zip
2016-03-28 15:24 - 2016-03-28 15:24 - 00443240 _____ C:\Users\glade\Downloads\Everything-1.3.4.686.x86.zip
2016-03-28 15:24 - 2016-03-28 15:24 - 00023303 _____ C:\Users\glade\Downloads\es.zip
2016-03-28 15:20 - 2016-03-28 15:20 - 00150561 _____ C:\Users\glade\Downloads\Everything-SDK.zip
2016-03-28 11:15 - 2016-03-28 11:15 - 00000000 ____D C:\Users\glade\AppData\Roaming\Wise Registry Cleaner
2016-03-28 01:56 - 2016-03-28 01:56 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2016-03-28 01:56 - 2016-03-28 01:56 - 00000000 ____D C:\Users\glade\AppData\Local\Samsung
2016-03-28 01:55 - 2016-03-28 01:55 - 00000000 ____D C:\Users\glade\Documents\samsung
2016-03-28 01:55 - 2016-03-28 01:55 - 00000000 ____D C:\Users\glade\AppData\Roaming\Samsung
2016-03-28 01:29 - 2016-04-06 23:08 - 00000000 ____D C:\Users\glade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2016-03-28 01:28 - 2016-04-06 23:08 - 00000000 ____D C:\Verizon_Android
2016-03-28 01:28 - 2016-03-28 01:28 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2016-03-24 22:33 - 2016-03-24 22:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-03-24 22:33 - 2016-03-24 22:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-03-24 21:58 - 2016-03-24 21:58 - 00168164 _____ C:\Users\glade\Downloads\Erowid Psilocybin Mushroom Vaults   The Magic Mushroom Growers Guide.txt
2016-03-24 08:13 - 2016-03-24 08:13 - 00003992 _____ C:\{DB332926-81CC-4286-AF94-BC8E2AE17FC6}
2016-03-22 18:21 - 2016-03-22 18:21 - 00165115 _____ C:\Users\glade\Documents\Hearing Prep.pdf
2016-03-22 18:03 - 2016-04-06 23:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-03-19 17:52 - 2016-04-07 00:58 - 00000000 ____D C:\Users\glade\Desktop\probdelete
2016-03-19 17:49 - 2016-03-19 17:49 - 00000000 ____D C:\Users\glade\AppData\Local\CrashRpt
2016-03-19 17:48 - 2016-04-03 02:15 - 00000000 ____D C:\Users\glade\AppData\Local\DiskDrill
2016-03-19 17:48 - 2016-03-19 17:48 - 00000000 ____D C:\Users\glade\AppData\Roaming\Cleverfiles Software
2016-03-19 17:47 - 2016-04-06 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cleverfiles Disk Drill
2016-03-19 17:47 - 2016-03-19 17:47 - 00000000 ____D C:\Program Files (x86)\CleverFiles
2016-03-19 17:46 - 2016-03-19 17:46 - 16194048 _____ C:\Users\glade\Downloads\disk-drill-win.msi
2016-03-19 17:40 - 2016-03-19 17:42 - 15576432 _____ C:\Users\glade\Downloads\gu5setup-13776.exe
2016-03-19 05:31 - 2016-04-06 23:31 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForglade.job
2016-03-19 05:31 - 2016-03-19 05:31 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForglade
2016-03-19 00:14 - 2016-03-19 00:14 - 00000000 ____D C:\Users\glade\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2016-03-18 23:52 - 2016-03-18 23:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-03-17 14:41 - 2016-03-17 14:44 - 00022016 ___SH C:\Users\glade\Documents\Thumbs.db
2016-03-17 14:33 - 2016-03-17 14:33 - 00000872 _____ C:\Users\glade\Downloads\Downloads - Shortcut.lnk
2016-03-17 10:31 - 2016-03-17 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZTE Handset USB Driver
2016-03-17 10:31 - 2016-03-17 10:31 - 00000000 ____D C:\Program Files\ZTE_Handset_USB_Driver
2016-03-17 10:31 - 2014-03-17 09:58 - 00133960 _____ (ZTE Corporation) C:\Windows\system32\Drivers\zghsser.sys
2016-03-17 10:31 - 2013-09-11 14:26 - 00175808 _____ (ZTE Corporation) C:\Windows\system32\Drivers\zghsnet.sys
2016-03-17 10:31 - 2013-03-19 16:38 - 00821544 _____ C:\Windows\adb.exe
2016-03-17 10:31 - 2012-11-09 15:14 - 00062728 _____ (VIA Telecom) C:\Windows\system32\Drivers\viahsser.sys
2016-03-17 10:31 - 2012-10-31 16:02 - 00032136 _____ (Via Telecom, Inc.) C:\Windows\system32\Drivers\viahsets.sys
2016-03-17 10:31 - 2012-06-20 11:51 - 00020232 _____ (HandSet Incorporated) C:\Windows\system32\Drivers\massfilter_hs.sys
2016-03-17 10:31 - 2011-10-26 15:31 - 00067608 _____ (Google, inc) C:\Windows\AdbWinUsbApi.dll
2016-03-17 10:31 - 2011-08-15 16:43 - 00102936 _____ (Google, inc) C:\Windows\AdbWinApi.dll
2016-03-09 13:28 - 2016-02-09 00:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 13:28 - 2016-02-09 00:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 13:28 - 2016-02-08 15:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 13:28 - 2016-02-08 14:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 13:28 - 2016-02-08 14:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 13:28 - 2016-02-08 14:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 13:28 - 2016-02-08 14:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 13:28 - 2016-02-08 14:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 13:28 - 2016-02-08 14:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 13:28 - 2016-02-08 14:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 13:28 - 2016-02-08 14:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 13:28 - 2016-02-08 14:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 13:28 - 2016-02-08 14:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 13:28 - 2016-02-08 14:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 13:28 - 2016-02-08 14:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 13:28 - 2016-02-08 14:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 13:28 - 2016-02-08 14:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 13:28 - 2016-02-08 14:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 13:28 - 2016-02-08 14:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 13:28 - 2016-02-08 14:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 13:28 - 2016-02-08 14:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 13:28 - 2016-02-08 14:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 13:28 - 2016-02-08 14:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 13:28 - 2016-02-08 14:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 13:28 - 2016-02-08 14:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 13:28 - 2016-02-08 14:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 13:28 - 2016-02-08 14:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 13:28 - 2016-02-08 14:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 13:28 - 2016-02-08 14:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 13:28 - 2016-02-08 14:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 13:28 - 2016-02-08 13:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 13:28 - 2016-02-08 13:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 13:28 - 2016-02-08 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 13:28 - 2016-02-08 12:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 13:28 - 2016-02-08 12:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 13:28 - 2016-02-08 12:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 13:28 - 2016-02-08 12:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 13:28 - 2016-02-08 12:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 13:28 - 2016-02-08 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 13:28 - 2016-02-08 12:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 13:28 - 2016-02-08 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 13:28 - 2016-02-08 12:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 13:28 - 2016-02-08 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 13:28 - 2016-02-08 12:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 13:28 - 2016-02-08 12:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 13:28 - 2016-02-08 12:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 13:28 - 2016-02-08 12:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 13:28 - 2016-02-08 12:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 13:28 - 2016-02-08 12:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 13:28 - 2016-02-08 12:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 13:28 - 2016-02-08 12:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 13:28 - 2016-02-08 11:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 13:28 - 2016-02-08 11:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 13:28 - 2016-02-08 11:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 13:28 - 2016-02-08 11:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 13:28 - 2016-02-08 11:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 13:28 - 2016-02-08 11:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 13:28 - 2016-02-08 11:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 13:28 - 2016-02-08 11:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 13:28 - 2016-02-08 11:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 13:28 - 2016-02-08 11:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 13:28 - 2016-02-08 11:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 13:28 - 2016-02-08 11:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 13:28 - 2016-02-08 11:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 13:28 - 2016-02-08 11:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 13:28 - 2016-02-08 10:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 09:59 - 2016-02-11 12:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 09:59 - 2016-02-11 12:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 09:59 - 2016-02-11 12:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 09:59 - 2016-02-11 12:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 09:59 - 2016-02-11 12:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 09:59 - 2016-02-11 12:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 09:59 - 2016-02-11 12:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 09:59 - 2016-02-11 12:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 09:59 - 2016-02-11 12:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 09:59 - 2016-02-11 12:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 09:59 - 2016-02-11 12:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 09:59 - 2016-02-11 12:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 09:59 - 2016-02-11 12:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 09:59 - 2016-02-11 12:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 09:59 - 2016-02-11 12:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 09:59 - 2016-02-11 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 09:59 - 2016-02-11 12:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 09:59 - 2016-02-11 12:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 09:59 - 2016-02-11 12:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 09:59 - 2016-02-11 12:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 09:59 - 2016-02-11 12:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 09:59 - 2016-02-11 12:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 09:59 - 2016-02-11 12:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 09:59 - 2016-02-11 12:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 09:59 - 2016-02-11 12:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 09:59 - 2016-02-11 12:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 09:59 - 2016-02-11 12:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 09:59 - 2016-02-11 12:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 09:59 - 2016-02-11 12:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 09:59 - 2016-02-11 12:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 09:59 - 2016-02-11 12:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 09:59 - 2016-02-11 12:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 09:59 - 2016-02-11 12:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 09:59 - 2016-02-11 12:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 09:59 - 2016-02-11 12:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 09:59 - 2016-02-11 12:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 09:59 - 2016-02-11 12:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 09:59 - 2016-02-11 12:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 09:59 - 2016-02-11 12:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 09:59 - 2016-02-11 12:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 09:59 - 2016-02-11 12:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 09:59 - 2016-02-11 12:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 09:59 - 2016-02-11 12:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 09:59 - 2016-02-11 12:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 09:59 - 2016-02-11 12:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 09:59 - 2016-02-11 12:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 11:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 09:59 - 2016-02-11 11:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 09:59 - 2016-02-11 11:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 09:59 - 2016-02-11 11:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 09:59 - 2016-02-11 11:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 09:59 - 2016-02-11 11:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 09:59 - 2016-02-11 11:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 09:59 - 2016-02-11 11:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 09:59 - 2016-02-11 11:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 09:59 - 2016-02-11 11:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 09:59 - 2016-02-11 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 09:59 - 2016-02-11 11:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 09:59 - 2016-02-11 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 09:59 - 2016-02-11 11:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 09:59 - 2016-02-11 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 09:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 09:48 - 2016-02-12 12:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 09:48 - 2016-02-12 12:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 09:48 - 2016-02-12 12:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 09:48 - 2016-02-12 12:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 09:48 - 2016-02-12 12:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 09:48 - 2016-02-12 12:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 09:48 - 2016-02-12 12:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 09:48 - 2016-02-12 12:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 09:48 - 2016-02-12 12:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 09:48 - 2016-02-12 12:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 09:48 - 2016-02-12 12:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 09:48 - 2016-02-12 12:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 09:48 - 2016-02-12 12:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 09:48 - 2016-02-12 12:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 09:48 - 2016-02-12 12:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 09:48 - 2016-02-12 12:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 09:48 - 2016-02-04 11:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 09:48 - 2016-02-03 12:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 09:48 - 2016-02-03 12:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 09:48 - 2016-02-03 12:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 09:48 - 2016-02-03 12:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 09:48 - 2016-02-03 12:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 09:48 - 2016-01-11 13:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 09:48 - 2015-11-19 08:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 09:48 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 09:42 - 2016-02-04 19:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 09:42 - 2016-02-04 12:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 09:36 - 2016-02-09 03:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 09:36 - 2016-02-09 03:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 09:36 - 2016-02-09 03:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 09:36 - 2016-02-09 03:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 09:36 - 2016-02-09 03:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 09:36 - 2016-02-09 03:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 09:36 - 2016-02-09 03:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 09:36 - 2016-02-09 03:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 09:36 - 2016-02-09 03:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 09:36 - 2016-02-09 03:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 09:36 - 2016-02-09 03:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 09:36 - 2016-02-05 12:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 09:36 - 2016-02-05 12:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 09:36 - 2016-02-05 12:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 09:36 - 2016-02-05 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 09:36 - 2016-02-05 12:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 09:36 - 2016-02-05 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 09:36 - 2016-02-05 12:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 09:36 - 2016-02-05 11:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 09:36 - 2016-02-05 11:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 09:36 - 2016-02-05 11:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 09:31 - 2016-02-19 13:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 09:31 - 2016-02-19 12:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 09:31 - 2016-02-19 08:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 09:31 - 2016-02-11 08:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 09:31 - 2016-02-05 08:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 09:31 - 2016-02-05 08:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 09:31 - 2016-02-05 08:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 20:53 - 2011-05-14 12:00 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7DA06A07-58B8-4ECC-9773-52841EC1FA72}
2016-04-07 20:44 - 2014-04-02 17:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-07 20:20 - 2012-06-19 07:09 - 00000000 ____D C:\Users\glade\AppData\Roaming\Mozilla
2016-04-07 20:12 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-07 20:12 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-07 20:09 - 2009-07-13 23:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-07 20:09 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-04-07 20:07 - 2015-07-31 03:35 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-04-07 20:02 - 2011-05-24 17:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-07 20:01 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 15:06 - 2009-07-24 13:22 - 00000000 ____D C:\Windows\Panther
2016-04-07 14:44 - 2015-04-04 22:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-07 14:44 - 2015-04-04 22:27 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-07 14:28 - 2013-11-27 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-04-07 01:00 - 2011-05-12 17:01 - 00000000 ___RD C:\Users\glade\Desktop\Unused Desktop Shortcuts
2016-04-07 00:39 - 2016-01-16 09:55 - 00068600 _____ C:\Users\glade\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-07 00:27 - 2015-12-26 13:08 - 00000000 ____D C:\Users\glade\AppData\Local\GamesFlight
2016-04-06 23:52 - 2011-05-12 14:44 - 00000000 ____D C:\Users\glade
2016-04-06 23:37 - 2011-03-15 11:07 - 00000000 ____D C:\ProgramData\Norton
2016-04-06 23:10 - 2014-03-26 17:18 - 00000000 ____D C:\Program Files\SAMSUNG
2016-04-06 23:10 - 2014-03-24 15:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-06 23:10 - 2012-07-23 11:31 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2016-04-06 23:10 - 2012-04-20 22:25 - 00000000 ____D C:\Users\glade\AppData\LocalLow\FunWebProducts
2016-04-06 23:10 - 2011-11-29 08:57 - 00000000 ____D C:\Program Files (x86)\ShopAtHome
2016-04-06 23:10 - 2011-10-08 19:43 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-06 23:10 - 2011-03-15 10:42 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-04-06 23:10 - 2011-03-15 10:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-04-06 23:08 - 2009-07-14 01:45 - 00000000 ____D C:\Windows\ShellNew
2016-04-06 23:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-04-06 23:06 - 2014-05-04 15:04 - 00000000 ____D C:\Users\glade\AppData\Roaming\SketchUp
2016-04-06 23:06 - 2013-12-28 13:31 - 00000000 ____D C:\Users\glade\AppData\Local\Mozilla
2016-04-06 23:02 - 2016-01-10 20:51 - 00000000 ____D C:\ProgramData\IObit
2016-04-06 23:02 - 2014-05-04 15:02 - 00000000 ____D C:\ProgramData\SketchUp
2016-04-06 23:02 - 2012-07-19 15:20 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-04-06 22:45 - 2011-08-28 12:21 - 00000000 ____D C:\Users\glade\AppData\Local\CrashDumps
2016-04-06 17:27 - 2013-12-07 08:10 - 00000000 ____D C:\Users\glade\AppData\Local\NativeMessaging
2016-04-06 17:27 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system
2016-04-03 00:22 - 2015-05-19 14:07 - 00007670 _____ C:\Users\glade\AppData\Local\Resmon.ResmonCfg
2016-04-02 03:48 - 2016-01-22 02:09 - 00142848 ___SH C:\Users\glade\Downloads\Thumbs.db
2016-04-01 20:13 - 2015-02-22 13:50 - 00000000 ____D C:\ProgramData\Reprise
2016-03-31 16:52 - 2016-01-31 16:28 - 00000000 ____D C:\Users\glade\Desktop\Scan For Laura
2016-03-28 16:12 - 2013-10-31 14:07 - 00000000 ____D C:\Users\glade\AppData\Local\Adobe
2016-03-28 13:49 - 2016-02-27 16:31 - 00000000 ____D C:\Users\glade\Desktop\Coty
2016-03-28 01:51 - 2014-03-26 17:17 - 00000000 ____D C:\ProgramData\Samsung
2016-03-28 01:49 - 2012-05-31 11:11 - 00000000 ____D C:\Users\glade\AppData\Local\Downloaded Installations
2016-03-23 19:18 - 2015-06-03 14:17 - 00215560 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-03-23 19:18 - 2013-11-27 12:27 - 00470056 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-03-22 17:57 - 2011-05-25 18:01 - 00000000 __RHD C:\MSOCache
2016-03-21 13:43 - 2011-09-11 12:15 - 00000000 ____D C:\Users\glade\AppData\Local\ElevatedDiagnostics
2016-03-19 02:05 - 2016-02-13 16:27 - 00683266 _____ C:\Windows\ntbtlog.txt
2016-03-17 14:41 - 2011-05-12 16:53 - 00000000 ____D C:\Users\glade\Documents\hap
2016-03-17 14:37 - 2011-11-03 07:58 - 00000000 ____D C:\Users\Public\Documents\SCAN
2016-03-17 14:33 - 2014-08-06 14:32 - 00002164 _____ C:\Users\glade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-17 14:33 - 2014-08-06 14:32 - 00000000 ___RD C:\Users\glade\OneDrive
2016-03-17 14:08 - 2015-11-18 17:19 - 00000834 _____ C:\Users\glade\advanced_ip_scanner_MAC.bin
2016-03-17 13:52 - 2016-01-31 19:21 - 00000000 ____D C:\Users\glade\Desktop\Shhhooooot
2016-03-17 12:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-03-17 10:31 - 2015-04-21 17:04 - 00000000 ____D C:\Users\glade\.android
2016-03-16 22:43 - 2012-12-12 09:53 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGLADE-HP$
2016-03-16 22:43 - 2012-08-20 17:55 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForGLADE-HP$.job
2016-03-16 22:22 - 2011-12-26 09:59 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-03-13 13:09 - 2016-01-16 17:57 - 00298192 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 01:27 - 2013-08-15 03:02 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 01:23 - 2014-12-10 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 01:23 - 2011-05-12 15:14 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 07:21 - 2011-05-25 17:56 - 00775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2016-01-20 22:40 - 2016-01-20 22:40 - 0000096 _____ () C:\Users\glade\AppData\Roaming\version2.xml
2014-03-31 12:41 - 2014-03-31 12:41 - 0000043 _____ () C:\Users\glade\AppData\Roaming\WB.CFG
2015-05-19 14:07 - 2016-04-03 00:22 - 0007670 _____ () C:\Users\glade\AppData\Local\Resmon.ResmonCfg
2015-07-06 15:58 - 2015-07-06 15:58 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\glade\qbregistration.dat


Some files in TEMP:
====================
C:\Users\glade\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\glade\AppData\Local\Temp\BlackBerryLauncher.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 15:35

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 PM

Posted 08 April 2016 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features applet.
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: - Trusted Software) <==== ATTENTION
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{774C0434-9948-4DEE-A14E-69CDD316E36C}) (Version: 4.6.0003 - SweetIM Technologies Ltd.) <==== ATTENTION


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=file_14_14_ie&cd=2XzuyEtN2Y1L1QzuyBzz0A0C0CtDzyzzyDyCtC0CyBtCzyzytN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0FtCtAtAyC0C0CtGzzyEtCtAtGtBtD0A0BtG0ByE0F0FtGyDyDtB0AzzyC0C0AyE0ByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEyDtBtBtA0DyDtG0F0DzzzytG0CtBtBtCtGtAyE0ByEtGyDtAyC0Bzzzy0CtAtDyEzzyD2Q&cr=152764872&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=file_14_14_ie&cd=2XzuyEtN2Y1L1QzuyBzz0A0C0CtDzyzzyDyCtC0CyBtCzyzytN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0FtCtAtAyC0C0CtGzzyEtCtAtGtBtD0A0BtG0ByE0F0FtGyDyDtB0AzzyC0C0AyE0ByD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEyDtBtBtA0DyDtG0F0DzzzytG0CtBtBtCtGtAyE0ByEtGyDtAyC0Bzzzy0CtAtDyEzzyD2Q&cr=152764872&ir=
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=126&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=126&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=126&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=126&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO-x32: GamesFlight Games -> {9577EDED-C1C1-446F-BFBC-3C913BB0B18B} -> C:\Users\glade\AppData\Local\GamesFlight\flight.dll => No File
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll [2013-10-02] (AVG Secure Search)
BHO-x32: No Name -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> No File
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{a957f810-b1f4-4c3b-8478-124dd69aad2c} -  No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{a957f810-b1f4-4c3b-8478-124dd69aad2c} -  No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1744051406-3026537142-3039376609-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll [2013-10-02] (AVG Secure Search)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)
S3 EraserUtilDrv11511; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X
Task: {06E6A625-C94C-4E0B-97A8-178BCEC4D531} - \Driver Support-RTMUpdater -> No File <==== ATTENTION
Task: {34B21D94-B2D9-4BA5-8619-D74C52C36751} - \Driver Support-RTMScanRunOnce -> No File <==== ATTENTION
Task: {5DDB0DC8-9A83-4156-8428-69AEF9F7911C} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-02-28] () <==== ATTENTION
Task: {737390E8-C243-4AC9-9768-958C47F39B96} - \Driver Support-RTMRules -> No File <==== ATTENTION
Task: {93EA92DA-7373-406C-A477-71012EDCF473} - \Driver Support-RTMScan -> No File <==== ATTENTION
2016-04-07 20:20 - 2016-04-07 20:20 - 00011264 _____ () C:\Users\glade\AppData\Local\Temp\nsn52C3.tmp\System.dll
2016-04-07 20:20 - 2016-04-07 20:20 - 00029696 _____ () C:\Users\glade\AppData\Local\Temp\nsn52C3.tmp\registry.dll
2016-04-07 20:20 - 2016-04-07 20:20 - 00008704 _____ () C:\Users\glade\AppData\Local\Temp\nsn52C3.tmp\newadvsplash.dll
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [276]
AlternateDataStreams: C:\ProgramData\Temp:4C33F119 [146]
AlternateDataStreams: C:\ProgramData\Temp:5A05820A [732]
C:\Program Files (x86)\File Type Assistant
C:\Users\glade\AppData\Local\Temp\nsn52C3.tmp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

p.s..
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Please post the logs and let me know what problem pesrists.

#3 silencelicense

silencelicense
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 08 April 2016 - 08:33 PM

Still super slow boot, not as slow as before.

Adobe keeps saying its ready to install an update, but when I do...nothing changes. Still get the same message.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 PM

Posted 09 April 2016 - 07:27 AM

Download and run the Revo Uninstaller tool.

http://www.revouninstaller.com/revo_uninstaller_free_download.html

Remove everything associated with Java.

Restart the computer normally when completed.

Reinstall Java

How is the computer running now?

#5 silencelicense

silencelicense
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 11 April 2016 - 01:40 AM

There are not any Java entries to remove.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 PM

Posted 11 April 2016 - 08:57 AM

Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SA Log.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
Note: The link to the most current version of the program will always be in the first post of this topic.
Note: Windows 10 may pop up a warning message.
Note: The current java version on XP will show as "out of date".
Note: Flash Player ActiveX is pre-installed with Internet Explorer in Windows 10 and updates Automatically.

#7 silencelicense

silencelicense
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 12 April 2016 - 09:38 PM

Result of Security Analysis by Rocket Grannie (x86) version: 28th March 2016
Running from:C:\Users\glade\Desktop (20:36:58 - 04/12/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
***-----------------Anti-Virus - Firewall-------------------***
Norton 360 Disabled - up to Date!
Windows Firewall is Enabled!
Searching for any other Firewall
Norton 360
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin (version 20.0.0.306) is *out of Date*
Java (version 8.0.77.3)
Microsoft Silverlight (version 5)
Mozilla Firefox -- An older version than '45' is installed.
Windows Live Essentials (version 16.4)
Mozilla Firefox 44.0.2 (x86 en-US) (version 44.0.2) is *out of Date*

***----------------Analysis Complete-------------------------***



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 PM

Posted 13 April 2016 - 07:47 AM

Your Java (version 8.0.77.3) looks OK.

Check the Flash version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

If the problem persists please post the Exact error message that you get.
It may help to identify the reason you are receiving the message.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 PM

Posted 19 April 2016 - 06:49 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users