Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Abnormal System Log on Lenovo Ideapad and now think Every Computer is compromise


  • This topic is locked This topic is locked
4 replies to this topic

#1 straylightfire

straylightfire

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 12 May 2016 - 03:10 PM

Windows 10 and 7 will not update from various outdated versions to the most recent patches, and Kaspersky refuses to run on my system leading me to believe it may be compromised.  Can anyone take a look at these FarBar scan logs and let me know if I'm just being paranoid?

 

Users shortcut scan result (x64) Version:09-05-2016
Ran by Admin (2016-05-12 10:34:03)
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
 
 
Shortcut: C:\Users\Admin\Links\Creative Cloud Files.lnk -> C:\Users\Admin\Creative Cloud Files ()
Shortcut: C:\Users\Admin\Links\Desktop.lnk -> C:\Users\Admin\Desktop ()
Shortcut: C:\Users\Admin\Links\Downloads.lnk -> C:\Users\Admin\Downloads ()
Shortcut: C:\Users\Admin\Links\Dropbox.lnk -> C:\Users\Admin\Dropbox ()
Shortcut: C:\Users\Admin\Links\OneDrive.lnk -> C:\Users\Admin\OneDrive ()
Shortcut: C:\Users\Admin\Links\ScanSnap Folder.lnk -> C:\Users\Admin\AppData\Local\PFU\SSFolderTemp ()
Shortcut: C:\Users\Admin\Desktop\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\Users\Admin\Desktop\join.me.lnk -> C:\Users\Admin\AppData\Local\join.me\join.me.exe (LogMeIn, Inc.)
Shortcut: C:\Users\Admin\Desktop\Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Shortcut: C:\Users\Admin\Desktop\TweakBit Driver Updater.lnk -> C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe (TweakBit)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk -> C:\Users\Admin\AppData\Local\join.me\join.me.exe (LogMeIn, Inc.)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image Composite Editor\Image Composite Editor.lnk -> C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}\_AA47ECE46A59EFF35D3345.exe ()
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Admin\Dropbox ()
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk -> C:\Windows\Installer\{AC76BA86-1033-FFFF-7760-0C0F074E4100}\_SC_Acrobat.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrodist.exe (Adobe Systems Incorporated.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk -> C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups 3.lnk -> C:\Program Files (x86)\Balsamiq Mockups 3\Balsamiq Mockups 3.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks 2016\Uninstall Vectorworks 2016.lnk -> C:\Program Files\Vectorworks 2016\uninstall.exe (Vectorworks)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorworks 2016\Vectorworks 2016.lnk -> C:\Program Files\Vectorworks 2016\Vectorworks2016.exe (Nemetschek Vectorworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USSCWebComponents\Uninstall USSC Web Components.lnk -> C:\Program Files (x86)\USSC Web Components\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit\Driver Updater\TweakBit Driver Updater.lnk -> C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe (TweakBit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cox Business Online Backup Status.lnk -> C:\Program Files\Online Backup\Cox_Business_CBOBstat.exe (Cox Business)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Receipt\Help.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Receipt\SsReceipt.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Receipt\License Agreement.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Receipt\license.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Receipt\Readme.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Receipt\readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Receipt\ScanSnap Receipt.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Receipt\SsReceipt.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer\Help.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\pfussorg.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer\License Agreement.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\0409\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer\PDF Conversion List.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcrList.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer\Readme.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\0409\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer\Scan to Mobile.lnk -> C:\Program Files (x86)\Common Files\PFU\ScanSnap\ScanToOffice\ScanToMobileStart.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer\ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrg.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Online Update\Help.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Update\ScanSnapUpdater.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Online Update\License Agreement.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Update\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Online Update\Notice page.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Update\NotificationHistory.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Online Update\Readme.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Update\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Online Update\Setting.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Update\SsUSetting.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manuals\iX500 Basic Operation Guide.lnk -> C:\Program Files (x86)\Common Files\PFU\ScanSnap\manual\basic\EN\ix500\top_basic.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manuals\iX500 Getting Started.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Manual\iX500\GettingStarted_EN.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manuals\iX500 Safety Precautions.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Manual\iX500\SafetyPrecautions_EN.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager\License Agreement.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\EULA.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager\Readme.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\0409\Readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager\Scan to Mobile.lnk -> C:\Program Files (x86)\Common Files\PFU\ScanSnap\ScanToOffice\ScanToMobileStart.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager\ScanSnap Manager Help.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\0409\pfussmon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager\ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager\ScanSnap Wireless Setup Tool.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\SsWifiTool\PfuSsWifiToolStart.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Backup\Cox Business Online Backup Configuration.lnk -> C:\Program Files\Online Backup\Cox_Business_CBOBconf.exe (Cox Business)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Backup\Cox Business Online Backup Status.lnk -> C:\Program Files\Online Backup\Cox_Business_CBOBstat.exe (Cox Business)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaBackup\MegaBackup.lnk -> C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe (MegaBackup Corp)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iVMS-4200 Station\iVMS-4200\iVMS-4200 Client.lnk -> C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Client\iVMS-4200.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iVMS-4200 Station\iVMS-4200\iVMS-4200 User Guide.lnk -> C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Client\iVMS-4200 User Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iVMS-4200 Station\iVMS-4200\Uninstall iVMS-4200.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{7697245D-2E00-4B83-AD27-C051DE314D1F}\setup.exe (hikvision)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files\FileZilla FTP Client\uninstall.exe (Tim Kosse)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardMinder\CardMinder.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardEntry.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardMinder\Edit Password for Database.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPassword.exe (PFU LIMITED)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardMinder\Help.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardMinder.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardMinder\License Agreement.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0409\License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardMinder\Readme.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0409\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\calibre 64bit - E-book management.lnk -> C:\Program Files\Calibre2\calibre.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\E-book viewer 64bit.lnk -> C:\Program Files\Calibre2\ebook-viewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\Edit E-book 64bit.lnk -> C:\Program Files\Calibre2\ebook-edit.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\LRF viewer 64bit.lnk -> C:\Program Files\Calibre2\lrfviewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader for ScanSnap ™ 5.0\ABBYY FineReader for ScanSnap ™ 5.0.lnk -> C:\Program Files (x86)\ABBYY FineReader for ScanSnap\ExporterSettings.exe (ABBYY Production LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader for ScanSnap ™ 5.0\User's Guide.lnk -> C:\Program Files (x86)\ABBYY FineReader for ScanSnap\FRFSS0.chm ()
Shortcut: C:\Users\Default\Links\OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Adobe Acrobat DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Balsamiq Mockups 3.lnk -> C:\Program Files (x86)\Balsamiq Mockups 3\Balsamiq Mockups 3.exe ()
Shortcut: C:\Users\Public\Desktop\Brother Creative Center.lnk -> C:\Program Files (x86)\Brother\CreativeCenter\Brother Creative Center.url ()
Shortcut: C:\Users\Public\Desktop\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk -> C:\Program Files\Calibre2\calibre.exe ()
Shortcut: C:\Users\Public\Desktop\CardMinder.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardEntry.exe (PFU LIMITED)
Shortcut: C:\Users\Public\Desktop\FileZilla Client.lnk -> C:\Program Files\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\iVMS-4200 Client.lnk -> C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Client\iVMS-4200.exe ()
Shortcut: C:\Users\Public\Desktop\MegaBackup.lnk -> C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe (MegaBackup Corp)
Shortcut: C:\Users\Public\Desktop\ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrg.exe (PFU LIMITED)
Shortcut: C:\Users\Public\Desktop\ScanSnap Receipt.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Receipt\SsReceipt.exe (PFU LIMITED)
Shortcut: C:\Users\Public\Desktop\Vectorworks 2016.lnk -> C:\Program Files\Vectorworks 2016\Vectorworks2016.exe (Nemetschek Vectorworks, Inc.)
 
 
 
 
ShortcutWithArgument: C:\Users\Admin\Desktop\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Chris - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Excel\Lenovo%20Windows%20Logs%20-%20System305170452249567450\Lenovo%20Windows%20Logs%20-%20System.csv.lnk -> C:\Users\Admin\Desktop\aparto\Lenovo Windows Logs - System.csv () -> 63
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Excel\Lenovo%20Windows%20Logs%20-%20Security305170452248631448\Lenovo%20Windows%20Logs%20-%20Security.csv.lnk -> C:\Users\Admin\Desktop\aparto\Lenovo Windows Logs - Security.csv () -> 63
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Excel\Lenovo%20Administrative%20Events305172012605108794\Lenovo%20Administrative%20Events.csv.lnk -> C:\Users\Admin\Desktop\aparto\Lenovo Administrative Events.csv () -> 63
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MegaBackup.lnk -> C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe (MegaBackup Corp) -> /autostart
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Online Update\Online Update.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Update\ScanSnapUpdater.exe (PFU LIMITED) -> -Menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager\ScanSnap Manager settings.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) -> "C:\Program Files (x86)\PFU\ScanSnap\Driver\ScanSnapLaunch.ini"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager\ScanSnap Support Tool.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\ScanSnapTool.exe (PFU LIMITED) -> -Manager
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Backup\Uninstall Online Backup.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {581EDAA9-10D6-23D8-8ACC-450FCF547507}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardMinder\CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) -> -FindTo
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
 
 
InternetURL: C:\Users\Admin\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Admin\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Admin\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Admin\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Admin\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Admin\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Admin\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Admin\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Admin\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Admin\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Admin\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Admin\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Admin\Desktop\Our Plans & Prices.url -> hxxp://depositphotos.com/subscribe.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit\Driver Updater\TweakBit Driver Updater on the Web.url -> hxxp://www.tweakbit.com/driver-updater
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manuals\Advanced Operation Guide.url -> hxxp://www.pfu.fujitsu.com/imaging/downloads/manual/advanced/v62/en/common/index.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Backup\Online Help.url -> hxxp://support.coxbusiness.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\Get Involved.url -> hxxp://calibre-ebook.com/get-involved
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\User Manual.url -> hxxp://manual.calibre-ebook.com/
 
==================== End of Shortcut.txt =============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Admin (administrator) on ADMIN-PC (12-05-2016 10:32:20)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(MegaBackup Corp) C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe
(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBstat.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TweakBit) C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-03] (Adobe Systems Inc.)
HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\MountPoints2: {052bba91-4c04-11e5-bcc8-e06995a696d5} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\MountPoints2: {8fbbf47c-41d4-11e5-95fc-e06995a696d5} - E:\VerizonSWUpgradeAssistantLauncher.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0.IconShell32] -> {94763686-13FB-47B5-A193-A9CD37391BAC} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\OverlayIconShell64.dll [2015-10-22] (MegaBackup Corp)
ShellIconOverlayIdentifiers: [Cox_Business_CBOB] -> {0c5ad048-552c-fbe6-c6b0-6a08559c9c7d} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll [2015-02-02] (Cox Business)
ShellIconOverlayIdentifiers: [Cox_Business_CBOB2] -> {660ab6ed-0dcb-8263-f187-c9e122de6608} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll [2015-02-02] (Cox Business)
ShellIconOverlayIdentifiers: [Cox_Business_CBOB3] -> {08e527d9-6623-f035-7753-07126ac1c440} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll [2015-02-02] (Cox Business)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cox Business Online Backup Status.lnk [2015-07-06]
ShortcutTarget: Cox Business Online Backup Status.lnk -> C:\Program Files\Online Backup\Cox_Business_CBOBstat.exe (Cox Business)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MegaBackup.lnk [2016-05-06]
ShortcutTarget: MegaBackup.lnk -> C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe (MegaBackup Corp)
GroupPolicyUsers\S-1-5-21-3570094928-320100918-4276683159-1003\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1869B4CC-00E6-4DEA-967E-06902BA65571}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-29] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-04-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-29] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-04-29] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jrisw4gr.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: USSC Web Components -> C:\Program Files (x86)\USSC Web Components\npUSSCWebVideoPlugin.dll [2014-07-03] ()
FF Plugin HKU\S-1-5-21-3570094928-320100918-4276683159-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-3570094928-320100918-4276683159-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jrisw4gr.default\user.js [2015-04-21]
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-10-19] (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-18]
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-04-21]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Drumpfinator) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2016-03-01]
CHR Extension: (Eml Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjpnegahhmlieielkpdoifigpdfnnkk [2015-09-18]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-10-19]
CHR Extension: (Boomerang for Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-12-04]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-14]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-14]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-14]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-14]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-14]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-14]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-17]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-17]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-17]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911464 2016-04-29] (Microsoft Corporation)
R2 Cox_Business_CBOBbackup; C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe [48424 2015-02-02] (Cox Business)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-20] (Dropbox, Inc.)
R2 DokanMbMounter; C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe [36176 2015-07-28] (MegaBackup Corp)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202288 2016-04-28] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Cox_Business_CBOBFilter; C:\Windows\System32\DRIVERS\Cox_Business_CBOB.sys [66592 2015-02-02] (Mozy, Inc.) [File not signed]
R2 DokanMb; C:\Windows\System32\DRIVERS\dokanMb.sys [65616 2015-07-28] (MegaBackup Corp)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2015-04-30] (Riverbed Technology, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 5F62E6CFD4FEA8D19110BDEB423BF510
C:\Windows\System32\DRIVERS\atikmpag.sys D93655EC3CA48FCBFFD9D4E6DF63737F
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 6474F8823C7188D2DA579F01FB6CED6B
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 33497249626E7787AA5CEA99B226CCA6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA3FB5A6B626D8A00A89E049CF95954E
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Cox_Business_CBOB.sys 14F243289E06BE2911454119C31097D8
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\DRIVERS\dokanMb.sys B4DEDFB3425DB9C732DED08E5A84D485
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys 459016E8A4FA6426EDB5A9456A6E5E58
C:\Windows\System32\DRIVERS\iaStorF.sys 72CCADEE91874E0C1F68D751345F0353
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 91ED47813243B455E2D81115A8255F0E
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 0878723427BA190E5ABA5AA0112FA4D4
C:\Windows\System32\Drivers\ksecpkg.sys C08CCCE2BE68D04E6C142614736959DA
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs64.sys 0C85B2B6FB74B36A251792D45E0EF860
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 035C0A9A63DF3F3A52B90D8F6BF0F166
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8308FC2E9147D7632221E3279BB14660
C:\Windows\System32\DRIVERS\mrxsmb20.sys 1F8DA4ECAEA7E2BCD97E738795817431
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 2EED549279D7FBD10B846B5397573967
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\npf64.sys DE7FCC77F4A503AF4CA6A47D49B3713D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-12 10:32 - 2016-05-12 10:33 - 00039377 _____ C:\Users\Admin\Downloads\FRST.txt
2016-05-12 10:32 - 2016-05-12 10:32 - 00000000 ____D C:\FRST
2016-05-12 10:31 - 2016-05-12 10:31 - 02381312 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-05-10 21:52 - 2016-05-10 21:52 - 00003544 ____N C:\bootsqm.dat
2016-05-10 18:22 - 2016-05-10 18:22 - 00264875 _____ C:\Users\Admin\Downloads\sfp.zip
2016-05-10 17:10 - 2016-05-10 17:10 - 00002658 _____ C:\Users\Admin\AppData\Local\recently-used.xbel
2016-05-10 16:50 - 2016-05-10 16:50 - 00007602 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2016-05-10 16:33 - 2016-05-10 16:33 - 00000000 ____D C:\$WINDOWS.~BT
2016-05-10 16:32 - 2016-05-10 16:32 - 18447464 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\MediaCreationTool (1).exe
2016-05-10 16:32 - 2016-05-10 16:32 - 00000491 _____ C:\Users\Admin\Desktop\schtuff.txt
2016-05-10 16:32 - 2016-05-10 16:32 - 00000000 ___HD C:\$Windows.~WS
2016-05-10 15:51 - 2016-05-10 15:51 - 00002986 _____ C:\Windows\System32\Tasks\{61A27125-BDF0-4B9B-9BF7-714DB4468467}
2016-05-10 15:51 - 2016-05-10 15:51 - 00002986 _____ C:\Windows\System32\Tasks\{0BD4D6EB-8785-4F33-BA36-F8DBE1E043D8}
2016-05-10 15:48 - 2016-05-10 15:48 - 00002986 _____ C:\Windows\System32\Tasks\{445A0957-A30A-480F-AC6C-B5FF4E49E73C}
2016-05-10 15:13 - 2016-05-10 15:13 - 00002978 _____ C:\Windows\System32\Tasks\{EE59B2D8-A0F0-4F5C-A176-E0EDF34AEA40}
2016-05-10 15:13 - 2016-05-10 15:13 - 00002978 _____ C:\Windows\System32\Tasks\{B59EF814-D5A3-4177-AA6B-CB5DC82ECAF1}
2016-05-10 15:13 - 2016-05-10 15:13 - 00002978 _____ C:\Windows\System32\Tasks\{1EC7B296-E1DC-4962-B91E-4EAEFEC4482B}
2016-05-10 14:56 - 2016-05-10 15:48 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\SysWOW64\Drivers\PROCEXP152.SYS
2016-05-10 14:54 - 2016-05-10 15:47 - 00000000 ____D C:\Users\Admin\Downloads\logonSessions
2016-05-10 14:54 - 2016-05-10 14:54 - 00108360 _____ C:\Users\Admin\Downloads\logonSessions.zip
2016-05-10 13:19 - 2016-04-14 06:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-10 13:19 - 2016-04-14 06:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-10 13:19 - 2016-04-09 00:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-10 13:19 - 2016-04-09 00:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-10 13:19 - 2016-04-08 23:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-10 13:19 - 2016-04-08 23:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-10 13:19 - 2016-04-08 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-10 13:19 - 2016-04-08 22:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-10 13:18 - 2016-04-23 10:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-10 13:18 - 2016-04-23 09:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-10 13:18 - 2016-04-22 22:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-10 13:18 - 2016-04-22 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-10 13:18 - 2016-04-22 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-10 13:18 - 2016-04-22 22:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-10 13:18 - 2016-04-22 22:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-10 13:18 - 2016-04-22 22:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-10 13:18 - 2016-04-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-10 13:18 - 2016-04-22 22:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-10 13:18 - 2016-04-22 22:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-10 13:18 - 2016-04-22 21:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-10 13:18 - 2016-04-22 21:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-10 13:18 - 2016-04-22 21:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-10 13:18 - 2016-04-22 21:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-10 13:18 - 2016-04-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-10 13:18 - 2016-04-22 21:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-10 13:18 - 2016-04-22 21:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-10 13:18 - 2016-04-22 21:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-10 13:18 - 2016-04-22 21:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-10 13:18 - 2016-04-22 21:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-10 13:18 - 2016-04-22 21:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-10 13:18 - 2016-04-22 21:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-10 13:18 - 2016-04-22 21:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-10 13:18 - 2016-04-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-10 13:18 - 2016-04-22 21:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-10 13:18 - 2016-04-22 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-10 13:18 - 2016-04-22 21:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-10 13:18 - 2016-04-22 21:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-10 13:18 - 2016-04-22 21:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-10 13:18 - 2016-04-22 21:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-10 13:18 - 2016-04-22 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-10 13:18 - 2016-04-22 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-10 13:18 - 2016-04-22 21:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-10 13:18 - 2016-04-22 21:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-10 13:18 - 2016-04-22 21:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-10 13:18 - 2016-04-22 21:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-10 13:18 - 2016-04-22 21:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-10 13:18 - 2016-04-22 21:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-10 13:18 - 2016-04-22 21:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-10 13:18 - 2016-04-22 21:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-10 13:18 - 2016-04-22 21:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-10 13:18 - 2016-04-22 21:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-10 13:18 - 2016-04-22 20:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-10 13:18 - 2016-04-22 20:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-10 13:18 - 2016-04-22 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-10 13:18 - 2016-04-22 20:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-10 13:18 - 2016-04-22 20:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-10 13:18 - 2016-04-22 20:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-10 13:18 - 2016-04-22 20:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-10 13:18 - 2016-04-22 20:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-10 13:18 - 2016-04-22 20:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-10 13:18 - 2016-04-22 20:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-10 13:18 - 2016-04-22 20:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-10 13:18 - 2016-04-22 20:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-10 13:18 - 2016-04-22 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-10 13:18 - 2016-04-22 20:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-10 13:18 - 2016-04-22 20:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-10 13:18 - 2016-04-22 20:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-10 13:18 - 2016-04-22 20:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-10 13:18 - 2016-04-22 20:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-10 13:18 - 2016-04-22 20:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-10 13:18 - 2016-04-22 20:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-10 13:18 - 2016-04-22 20:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-10 13:18 - 2016-04-22 20:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-10 13:18 - 2016-04-22 20:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-10 13:18 - 2016-04-08 23:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-10 13:18 - 2016-04-08 23:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-10 13:18 - 2016-04-06 08:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-10 13:17 - 2016-04-09 00:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-10 13:17 - 2016-04-09 00:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-10 13:17 - 2016-04-09 00:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-10 13:17 - 2016-04-09 00:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-10 13:17 - 2016-04-09 00:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-10 13:17 - 2016-04-08 23:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-10 13:17 - 2016-04-08 23:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-10 13:17 - 2016-04-08 23:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-10 13:17 - 2016-04-08 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 22:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-10 13:17 - 2016-04-08 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-10 13:17 - 2016-04-08 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-10 13:17 - 2016-04-08 22:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-10 13:17 - 2016-04-08 22:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-10 13:17 - 2016-04-08 22:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-10 13:17 - 2016-04-08 22:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-10 13:17 - 2016-04-08 22:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-10 13:17 - 2016-04-08 22:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-10 13:17 - 2016-04-08 22:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-10 13:17 - 2016-04-08 22:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-10 13:17 - 2016-04-08 22:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-10 13:17 - 2016-04-08 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-10 13:17 - 2016-04-08 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-10 13:17 - 2016-04-08 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-10 13:17 - 2016-04-08 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-10 13:17 - 2016-04-08 22:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-10 13:17 - 2016-04-08 22:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 22:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 22:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 22:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-10 13:17 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-10 13:17 - 2016-04-08 20:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-10 13:01 - 2016-05-10 13:01 - 00086032 _____ C:\Users\Admin\Documents\Maria O - UserVoice notice.pdf
2016-05-09 18:19 - 2016-05-09 18:12 - 00158531 _____ C:\Users\Admin\Documents\Elegance Comfort Inc - MID 450352.pdf
2016-05-09 16:17 - 2016-05-09 16:17 - 00044063 _____ C:\Users\Admin\Downloads\ITAfirmTMiaMonThurs (3).zip
2016-05-09 16:09 - 2016-05-09 16:09 - 00044678 _____ C:\Users\Admin\Downloads\ITAfirmTMiaMonThurs (1).zip
2016-05-09 16:09 - 2016-05-09 16:09 - 00043852 _____ C:\Users\Admin\Downloads\ITAfirmTMiaMonThurs (2).zip
2016-05-09 16:09 - 2016-05-09 16:09 - 00043729 _____ C:\Users\Admin\Downloads\ITAfirmTMiaMonthly (3).zip
2016-05-09 16:06 - 2016-05-09 16:06 - 00044075 _____ C:\Users\Admin\Downloads\ITAfirmTMiaMonThurs.zip
2016-05-09 16:05 - 2016-05-09 16:05 - 00038465 _____ C:\Users\Admin\Downloads\ITAfirmTMiaMonthly (2).zip
2016-05-09 16:05 - 2016-05-09 16:05 - 00035475 _____ C:\Users\Admin\Downloads\ITAfirmTMiaMonthly (1).zip
2016-05-09 15:46 - 2016-05-09 15:46 - 00035475 _____ C:\Users\Admin\Downloads\ITAfirmTMiaMonthly.zip
2016-05-09 12:23 - 2016-05-09 12:23 - 00087933 _____ C:\Users\Admin\Documents\Tempe Municipal Court Final Payment Receipt.pdf
2016-05-09 12:16 - 2016-05-09 12:16 - 00177554 _____ C:\Users\Admin\Documents\Visa Card.pdf
2016-05-09 11:25 - 2016-05-09 11:25 - 00004639 _____ C:\Users\Admin\Desktop\windows cert reg key.txt
2016-05-09 11:17 - 2016-05-09 11:17 - 01607032 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\MGADiag.exe
2016-05-09 11:17 - 2016-05-09 11:17 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2016-05-09 11:17 - 2016-05-09 11:17 - 00000000 ____D C:\MGADiagToolOutput
2016-05-09 11:09 - 2016-05-09 11:09 - 07635472 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\GetWindows10-Web_Default_Attr (1).exe
2016-05-06 16:41 - 2016-05-06 16:41 - 00020857 _____ C:\Users\Admin\Downloads\04-01-2016 - 04-08-2016 - Overview Report.csv
2016-05-06 16:38 - 2016-05-06 16:38 - 00003981 _____ C:\Users\Admin\Downloads\04-01-2016 - 04-30-2016 - Overview Report.csv
2016-05-06 16:08 - 2016-05-06 16:08 - 00302011 _____ C:\Users\Admin\Downloads\WindowsUpdateDiagnostic.diagcab
2016-05-06 16:06 - 2016-05-06 16:06 - 00000000 ____D C:\Users\Admin\Documents\LocaleMetaData
2016-05-06 16:05 - 2016-05-06 16:06 - 00069632 _____ C:\Users\Admin\Documents\stuff.evtx
2016-05-06 14:59 - 2016-05-06 15:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-06 14:59 - 2016-05-06 14:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-06 14:59 - 2016-05-06 14:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-06 14:58 - 2016-05-06 15:15 - 00000000 ____D C:\Users\Admin\Desktop\mbar
2016-05-06 14:58 - 2016-05-06 14:58 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.09.3.1001.exe
2016-05-06 14:58 - 2016-05-06 14:58 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-06 14:49 - 2016-05-06 14:49 - 00003454 _____ C:\Windows\System32\Tasks\MegaBackupUpdater
2016-05-06 14:49 - 2016-05-06 14:49 - 00003248 _____ C:\Windows\System32\Tasks\MegaBackupSystemIsIdleChecker
2016-05-06 14:49 - 2016-05-06 14:49 - 00002134 _____ C:\Users\Public\Desktop\MegaBackup.lnk
2016-05-06 14:49 - 2016-05-06 14:49 - 00000000 ____D C:\Users\Admin\AppData\Local\IsolatedStorage
2016-05-06 14:49 - 2016-05-06 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaBackup
2016-05-06 14:48 - 2016-05-06 14:49 - 00000000 ____D C:\ProgramData\BSD
2016-05-06 14:48 - 2016-05-06 14:48 - 00001205 _____ C:\Users\Admin\Desktop\TweakBit Driver Updater.lnk
2016-05-06 14:48 - 2016-05-06 14:48 - 00000000 ____D C:\Windows\System32\Tasks\TweakBit
2016-05-06 14:48 - 2016-05-06 14:48 - 00000000 ____D C:\ProgramData\TweakBit
2016-05-06 14:48 - 2016-05-06 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2016-05-06 14:48 - 2016-05-06 14:48 - 00000000 ____D C:\ProgramData\MegaBackup Corp
2016-05-06 14:48 - 2016-05-06 14:48 - 00000000 ____D C:\Program Files\MegaBackup Corp
2016-05-06 14:48 - 2016-05-06 14:48 - 00000000 ____D C:\Program Files (x86)\TweakBit
2016-05-06 14:37 - 2016-05-06 14:37 - 00420584 _____ (TweakBit) C:\Users\Admin\Downloads\driver-updater-setup.exe
2016-05-06 12:42 - 2016-05-06 12:42 - 00000000 ____D C:\Windows\pss
2016-05-05 17:02 - 2016-05-05 17:02 - 00240549 _____ C:\Users\Admin\Desktop\sfcdetails.txt
2016-05-05 16:49 - 2016-05-05 16:49 - 00000632 __RSH C:\Users\Admin\ntuser.pol
2016-05-05 15:47 - 2016-05-05 15:47 - 01314112 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\ntdll.dll
2016-05-05 15:37 - 2016-05-05 15:37 - 18447464 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\MediaCreationTool.exe
2016-05-05 15:26 - 2016-05-05 15:26 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2016-05-05 15:17 - 2016-05-05 15:17 - 07635472 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\GetWindows10-Web_Default_Attr.exe
2016-05-05 13:49 - 2016-05-05 13:49 - 00717465 _____ C:\Users\Admin\AppData\Local\census.cache
2016-05-05 13:49 - 2016-05-05 13:49 - 00183121 _____ C:\Users\Admin\AppData\Local\ars.cache
2016-05-05 13:37 - 2016-05-05 13:37 - 00000000 ____D C:\ProgramData\Trend Micro
2016-05-05 13:01 - 2016-05-05 13:01 - 02527376 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HousecallLauncher64 (1).exe
2016-05-05 13:01 - 2016-05-05 13:01 - 00000036 _____ C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-05-05 13:01 - 2015-12-24 06:03 - 00316168 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-05-05 10:33 - 2016-05-05 10:33 - 02527376 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HousecallLauncher64.exe
2016-05-05 10:30 - 2016-05-05 10:30 - 00273885 _____ C:\Users\Admin\Documents\ViDoc2_MA_S_2015_0111806.pdf
2016-05-05 10:03 - 2016-05-05 10:03 - 127086360 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\msert.exe
2016-05-05 09:45 - 2016-05-05 09:45 - 02105760 _____ (Trend Micro Inc.) C:\Users\Admin\Downloads\HousecallLauncher.exe
2016-05-04 17:42 - 2016-05-04 17:42 - 00003796 _____ C:\Users\Admin\Downloads\facebook.asc
2016-05-04 12:10 - 2016-05-04 12:10 - 00257132 _____ C:\Users\Admin\Downloads\LEO1 1 Kik_s Guide for Law Enforcement_January 2016.pdf
2016-04-28 11:14 - 2016-04-28 12:59 - 00080301 _____ C:\Users\Admin\Documents\Keeana-Cue-Resume.pdf
2016-04-28 11:13 - 2016-04-28 11:13 - 00001296 _____ C:\Users\Admin\Downloads\Keeana-Cue-Resume
2016-04-27 12:18 - 2016-04-27 12:30 - 00143618 _____ C:\Users\Admin\Documents\Forbes-Morris-Resume.pdf
2016-04-27 09:47 - 2016-04-27 09:47 - 00003320 _____ C:\Users\Admin\Downloads\Forbes-Morris-Resume
2016-04-25 15:42 - 2016-04-25 15:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Lenovo
2016-04-21 18:11 - 2016-04-21 18:11 - 00001498 _____ C:\Users\Admin\Desktop\MIDS WORK ON.txt
2016-04-20 14:40 - 2016-04-20 14:40 - 00017688 _____ C:\Users\Admin\Downloads\Domain Price List Updated 4-15-2016.xlsx
2016-04-20 12:29 - 2016-04-20 12:29 - 00321008 _____ (Citrix Online) C:\Users\Admin\Downloads\GoToMeeting Launcher.exe
2016-04-20 11:47 - 2016-04-20 11:47 - 00003986 _____ C:\Users\Admin\Desktop\domains.csv
2016-04-19 15:52 - 2016-04-19 15:53 - 00217788 _____ C:\Users\Admin\Downloads\tpp solicitiation.pdf
2016-04-18 20:58 - 2016-04-18 20:58 - 00552099 _____ C:\Users\Admin\Downloads\Emeko A Offer Letter.pdf
2016-04-18 19:20 - 2016-04-18 19:20 - 00001039 _____ C:\Users\Admin\Desktop\tmiadomains.csv
2016-04-18 16:16 - 2016-04-18 16:16 - 00087033 _____ C:\Users\Admin\Documents\Tempe Municipal Court.pdf
2016-04-18 15:56 - 2016-04-18 15:45 - 00079841 _____ C:\Users\Admin\Documents\The BCBH LLC SoI.pdf
2016-04-18 10:43 - 2016-04-18 10:43 - 00016254 _____ C:\Users\Admin\Desktop\domain names.csv
2016-04-18 09:57 - 2016-04-18 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-18 09:55 - 2016-04-18 09:55 - 00339281 _____ C:\Users\Admin\Documents\Enom Prices.pdf
2016-04-15 14:08 - 2016-04-15 14:08 - 00294345 _____ C:\Users\Admin\Documents\Boarding Pass _ Frontier Airlines.pdf
2016-04-15 13:27 - 2016-04-15 13:27 - 00000271 _____ C:\Users\Admin\Downloads\attachment_2009.bin
2016-04-14 18:14 - 2016-04-14 18:14 - 00017329 _____ C:\Users\Admin\Downloads\Domain_Price_Update_4-15-2016.xlsx
2016-04-14 15:09 - 2016-04-14 14:48 - 00113271 _____ C:\Users\Admin\Documents\Ace Hardware Receipt 4-13-2016.pdf
2016-04-13 10:17 - 2016-03-17 15:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 10:17 - 2016-03-17 15:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 10:17 - 2016-03-15 17:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 10:17 - 2016-03-15 17:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 10:17 - 2016-03-15 16:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 10:17 - 2016-03-06 11:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 10:17 - 2016-03-06 11:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 10:17 - 2016-03-06 11:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 10:17 - 2016-03-06 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 17:08 - 2016-04-12 17:07 - 00133808 _____ C:\Users\Admin\Documents\Ace Hardware Receipt 4-12-16.pdf
2016-04-12 15:30 - 2016-04-12 15:30 - 00100125 _____ C:\Users\Admin\Documents\Enom SPF Record Requirements for RAA Verification and EPP Key Emails.pdf
2016-04-12 14:19 - 2016-04-12 14:19 - 00068212 _____ C:\Users\Admin\Documents\Back Brochure.pdf
2016-04-12 14:18 - 2016-04-12 14:18 - 00004902 _____ C:\Users\Admin\Downloads\Back Brochure.bmml
2016-04-12 14:17 - 2016-04-12 14:17 - 00104869 _____ C:\Users\Admin\Documents\Front Brochure.pdf
2016-04-12 14:17 - 2016-04-12 14:17 - 00031494 _____ C:\Users\Admin\Documents\banner.pdf
2016-04-12 14:13 - 2016-04-12 14:13 - 04020264 _____ C:\Users\Admin\Downloads\Balsamiq_Mockups_3.3.12.exe
2016-04-12 14:13 - 2016-04-12 14:13 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups 3.lnk
2016-04-12 14:13 - 2016-04-12 14:13 - 00000971 _____ C:\Users\Public\Desktop\Balsamiq Mockups 3.lnk
2016-04-12 14:13 - 2016-04-12 14:13 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-04-12 14:13 - 2016-04-12 14:13 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-04-12 14:13 - 2016-04-12 14:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2016-04-12 14:13 - 2016-04-12 14:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BalsamiqMockups3
2016-04-12 14:13 - 2016-04-12 14:13 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups 3
2016-04-12 13:51 - 2016-04-12 13:51 - 00006215 _____ C:\Users\Admin\Downloads\Front Brochure.bmml
2016-04-11 16:22 - 2016-04-11 16:22 - 00522970 _____ C:\Users\Admin\Downloads\-Uploadfiles-TradeMark_2016-e216ea74-8ce5-47e8-af89-87457c7732e9.jpeg
2016-04-11 16:19 - 2016-04-11 16:19 - 00009625 _____ C:\Users\Admin\Downloads\Cisco UCS Phones.xlsx
2016-04-11 11:31 - 2016-04-11 14:39 - 00306977 _____ C:\Users\Admin\Documents\D Orr USP for I-9.pdf
2016-04-11 11:21 - 2016-04-11 11:20 - 00088111 _____ C:\Users\Admin\Documents\M Pope AZID for I-9.pdf
2016-04-11 11:20 - 2016-04-11 11:19 - 00244574 _____ C:\Users\Admin\Documents\J Finch SSID for I-9.pdf
2016-04-11 11:18 - 2016-04-11 11:18 - 00137565 _____ C:\Users\Admin\Documents\J Finch AZDL for I-9.pdf
2016-04-07 14:37 - 2016-04-07 14:37 - 01487425 _____ C:\Users\Admin\Downloads\BasicFacts.pdf
2016-04-07 13:34 - 2016-04-07 13:34 - 09791523 _____ C:\Users\Admin\Downloads\legal_force_brand_book_round2-2.pdf
2016-04-01 17:10 - 2016-04-01 17:10 - 01125770 _____ C:\Users\Admin\Downloads\441614-GlobalThreads-v5.ai
2016-04-01 17:10 - 2016-04-01 17:10 - 00432336 _____ C:\Users\Admin\Downloads\font.zip
2016-04-01 09:30 - 2016-04-01 09:30 - 00063467 _____ C:\Users\Admin\Documents\April 2016 rent receipt.pdf
2016-03-31 12:40 - 2016-03-31 12:40 - 00540464 _____ C:\Users\Admin\Documents\Japan - Five Minute Journal.pdf
2016-03-31 12:38 - 2016-03-31 12:38 - 00543006 _____ C:\Users\Admin\Documents\Japan - Productivity Planner.pdf
2016-03-31 11:25 - 2016-03-31 11:25 - 00704364 _____ C:\Users\Admin\Downloads\SKM_C454e16010816110.pdf
2016-03-31 11:25 - 2016-03-31 11:25 - 00042629 _____ C:\Users\Admin\Downloads\SKM_C454e16033110220.pdf
2016-03-31 09:56 - 2016-03-31 09:56 - 00039148 _____ C:\Users\Admin\Downloads\ForexExcelImport.zip
2016-03-31 09:56 - 2016-03-31 09:55 - 00212378 _____ C:\Users\Admin\Documents\Toner Receipt 3-31-2016.pdf
2016-03-30 16:46 - 2016-03-30 16:46 - 00280642 _____ C:\Users\Admin\Documents\2016 Medical&Dental Benefits Signed Form.pdf
2016-03-29 14:29 - 2016-03-29 14:29 - 00883476 _____ C:\Users\Admin\Downloads\2016, April-Employee Worksheet-Whitfield, Joshua.pdf
2016-03-29 12:18 - 2016-03-29 12:18 - 00440316 _____ C:\Users\Admin\Downloads\Athem Gold PPO D.pdf
2016-03-29 10:57 - 2016-03-29 10:57 - 00000198 _____ C:\Users\Admin\Downloads\Nudgespot-Activity-Birthday-Sample-FIle.csv
2016-03-28 17:52 - 2016-03-28 17:57 - 00045176 _____ C:\Users\Admin\Documents\International Trademark Search Price Quote.pdf
2016-03-28 17:41 - 2016-03-28 17:41 - 00121440 _____ C:\Users\Admin\Documents\Free Trademark Search  Protect Business Name  Interesting Name Ideas  Trademark.pdf
2016-03-28 13:14 - 2016-03-28 13:14 - 03045981 _____ C:\Users\Admin\Downloads\Federal 1040 2015 instructions.pdf
2016-03-28 13:14 - 2016-03-28 13:14 - 00192621 _____ C:\Users\Admin\Downloads\Federal 1040 2015 form.pdf
2016-03-28 13:13 - 2016-03-28 13:13 - 00929140 _____ C:\Users\Admin\Downloads\Arizona 140 Booklet.pdf
2016-03-28 10:01 - 2016-03-28 10:01 - 00435856 _____ C:\Users\Admin\Downloads\files.zip
2016-03-28 10:01 - 2016-03-28 10:01 - 00104197 _____ C:\Users\Admin\Downloads\CC0500_Employee Change Request_4.2016 - Copy.pdf
2016-03-25 16:54 - 2016-03-25 16:54 - 00037313 _____ C:\Users\Admin\Downloads\Sewer and Water Bill.pdf
2016-03-25 12:40 - 2016-03-25 12:40 - 00717403 _____ C:\Users\Admin\Documents\Legal Assistant Offer Letter Matthew Oneal.pdf
2016-03-24 12:29 - 2016-05-09 16:13 - 00568362 _____ C:\Users\Admin\Documents\Employee Counseling Form Chris Madera 5-6-16.pdf
2016-03-24 12:00 - 2016-03-24 12:00 - 00222922 _____ C:\Users\Admin\Documents\Employee Counseling Form (1).pdf
2016-03-24 11:50 - 2016-03-24 11:50 - 00009007 _____ C:\Users\Admin\Downloads\US01235422.xlsx
2016-03-23 16:36 - 2016-03-23 16:12 - 00544236 _____ C:\Users\Admin\Documents\SRP SurePay Notice of Payment.pdf
2016-03-23 15:23 - 2016-03-23 15:23 - 00090746 _____ C:\Users\Admin\Downloads\86012192.pdf
2016-03-22 12:58 - 2016-03-22 12:58 - 01119816 _____ C:\Users\Admin\Documents\agreement of purchase and sale.pdf
2016-03-21 16:58 - 2016-03-21 16:57 - 02160064 _____ C:\Users\Admin\Documents\Standard Offer Agreement.pdf
2016-03-18 17:58 - 2016-03-18 17:58 - 00735417 _____ C:\Users\Admin\Downloads\honda accord owner manual.pdf
2016-03-18 11:05 - 2016-03-18 11:05 - 00096427 _____ C:\Users\Admin\Downloads\Honda Federal and California Emissions Warranties Parts List.pdf
2016-03-17 14:09 - 2016-03-17 14:09 - 00255149 _____ C:\Users\Admin\Documents\Forum arbitration page 11.pdf
2016-03-17 13:44 - 2016-03-17 13:43 - 00401446 _____ C:\Users\Admin\Documents\Tempe PD Alarm Permit 3rd Notice.pdf
2016-03-17 12:54 - 2016-03-17 12:53 - 01089422 _____ C:\Users\Admin\Documents\Forum Arbitration Document 001.pdf
2016-03-16 15:24 - 2016-03-16 15:24 - 00035964 _____ C:\Users\Admin\Downloads\86930080.pdf
2016-03-16 15:24 - 2016-03-16 15:24 - 00025525 _____ C:\Users\Admin\Downloads\86930078.pdf
2016-03-16 12:33 - 2016-03-16 12:33 - 00399323 _____ C:\Users\Admin\Downloads\9581834.pdf
2016-03-15 11:08 - 2016-03-15 11:08 - 00022516 _____ C:\Users\Admin\Documents\L Underwood VOID check for DD.pdf
2016-03-14 16:56 - 2016-03-14 16:55 - 00448317 _____ C:\Users\Admin\Documents\446 E Southern SRP SurePay Confirmation.pdf
2016-03-14 11:15 - 2016-03-14 11:15 - 00021130 _____ C:\Users\Admin\Downloads\18325.pdf
2016-03-11 12:32 - 2016-03-11 12:32 - 00090624 _____ C:\Users\Admin\Documents\Change Host Records - Forward, Redirect or Point Your Domain_Sub-Domain.pdf
2016-03-10 11:59 - 2016-03-10 11:59 - 00011427 _____ C:\Users\Admin\Downloads\Cross-Functional Flowchart (1).vstx
2016-03-10 11:58 - 2016-03-10 11:58 - 00011427 _____ C:\Users\Admin\Downloads\Cross-Functional Flowchart.vstx
2016-03-09 16:59 - 2016-03-09 17:00 - 00267962 _____ C:\Users\Admin\Documents\SRP Shut off Notice for 446.pdf
2016-03-09 10:07 - 2016-02-12 11:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 10:07 - 2016-02-12 11:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 10:07 - 2016-02-12 11:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 10:07 - 2016-02-12 11:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 10:07 - 2016-02-12 11:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 10:07 - 2016-02-12 11:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 10:07 - 2016-02-12 11:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 10:07 - 2016-02-12 11:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 10:07 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 10:07 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 10:07 - 2016-02-12 11:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 10:07 - 2016-02-12 11:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 10:07 - 2016-02-12 11:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 10:07 - 2016-02-12 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 10:07 - 2016-02-12 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 10:07 - 2016-02-12 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 10:07 - 2016-02-03 11:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 10:07 - 2016-02-03 11:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 10:07 - 2016-02-03 11:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 10:07 - 2016-02-03 11:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 10:07 - 2016-02-03 11:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 10:06 - 2016-02-09 02:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 10:06 - 2016-02-09 02:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 10:06 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 10:06 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 10:06 - 2016-02-09 02:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 10:06 - 2016-02-09 02:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 10:06 - 2016-02-09 02:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 10:06 - 2016-02-09 02:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 10:06 - 2016-02-09 02:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 10:06 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 10:06 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 10:06 - 2016-02-05 11:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 10:06 - 2016-02-05 11:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 10:06 - 2016-02-05 11:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 10:06 - 2016-02-05 11:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 10:06 - 2016-02-05 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 10:06 - 2016-02-05 11:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 10:06 - 2016-02-05 11:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 10:06 - 2016-02-05 10:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 10:06 - 2016-02-05 10:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 10:06 - 2016-02-05 10:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 10:06 - 2016-02-04 18:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 10:06 - 2016-02-04 11:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-08 13:29 - 2016-03-08 14:03 - 00001948 _____ C:\Users\Admin\Downloads\Melvn-Drake-Resume
2016-03-08 10:55 - 2016-03-08 10:55 - 00059237 _____ C:\Users\Admin\Downloads\legalforce.pdf
2016-03-07 16:04 - 2016-03-07 16:04 - 00437293 _____ C:\Users\Admin\Downloads\LegalForceTrademarkiaTOS.pdf
2016-03-07 15:49 - 2016-03-07 15:49 - 00159963 _____ C:\Users\Admin\Documents\Free Trademark Search  Protect Business Name  Incorporate Your Business  Tradem.pdf
2016-03-07 14:47 - 2016-03-07 14:48 - 00969322 _____ C:\Users\Admin\Downloads\tc.zip
2016-03-07 12:19 - 2016-03-07 10:57 - 00105041 _____ C:\Users\Admin\Documents\Ikea Receipt 3-7-16.pdf
2016-03-03 09:42 - 2016-03-03 09:43 - 00098122 _____ C:\Users\Admin\Downloads\86547985 (1).pdf
2016-03-03 09:42 - 2016-03-03 09:42 - 00023357 _____ C:\Users\Admin\Downloads\86547985.pdf
2016-03-03 09:41 - 2016-03-03 09:41 - 00086831 _____ C:\Users\Admin\Downloads\Invoice-1512440613.pdf
2016-03-02 17:23 - 2016-03-02 17:23 - 00064250 _____ C:\Users\Admin\Downloads\Invoice-1602445059.pdf
2016-03-02 17:22 - 2016-03-02 17:22 - 01802496 _____ C:\Users\Admin\Downloads\Invoice_for_Matter_445059.html
2016-03-02 12:45 - 2016-03-02 12:45 - 00002449 _____ C:\Users\Admin\Downloads\Chone-Grant-Resume
2016-03-01 10:30 - 2016-03-01 11:10 - 00000000 ____D C:\Users\Admin\Desktop\spas
2016-02-29 16:34 - 2016-02-29 16:34 - 00063734 _____ C:\Users\Admin\Downloads\Invoice-1602446570.pdf
2016-02-29 11:45 - 2016-02-29 11:45 - 00588058 _____ C:\Users\Admin\Documents\Tempe PD Alarm Bill.pdf
2016-02-29 10:34 - 2016-02-29 10:34 - 00000000 ____D C:\Users\Admin\Desktop\INTA
2016-02-26 16:16 - 2016-02-26 16:16 - 01145492 _____ C:\Users\Admin\Documents\Titan Alarm Bill.pdf
2016-02-24 14:55 - 2016-04-19 15:52 - 00000000 ____D C:\Users\Admin\AppData\Local\gtk-2.0
2016-02-24 10:06 - 2016-02-24 10:06 - 00100045 _____ C:\Users\Admin\Downloads\Invoice-1507425947.pdf
2016-02-24 10:06 - 2016-02-24 10:06 - 00062689 _____ C:\Users\Admin\Downloads\Invoice-1507425943.pdf
2016-02-24 10:06 - 2016-02-24 10:06 - 00062592 _____ C:\Users\Admin\Downloads\Invoice-1507425944.pdf
2016-02-24 09:16 - 2016-02-24 09:16 - 00532764 _____ C:\Users\Admin\Downloads\final-ad.zip
2016-02-24 09:16 - 2016-02-24 09:16 - 00000000 ____D C:\Users\Admin\Desktop\final-ad
2016-02-23 14:10 - 2016-02-23 14:10 - 00225454 _____ C:\Users\Admin\Downloads\PROFESSIONAL__RESPONSIBILITY_COMMITMENT_v2.22.16.pdf
2016-02-22 17:32 - 2016-02-22 17:32 - 00062284 _____ C:\Users\Admin\Documents\motion on consent.pdf
2016-02-22 17:10 - 2016-02-23 18:04 - 02348664 _____ C:\Users\Admin\Downloads\nbc.csv
2016-02-22 17:10 - 2016-02-23 09:19 - 00015613 _____ C:\Users\Admin\Downloads\Client List with details added.xlsx
2016-02-22 16:57 - 2016-02-22 16:57 - 00046581 _____ C:\Users\Admin\Documents\settlement agreement.pdf
2016-02-19 14:17 - 2016-02-19 14:17 - 00415402 _____ C:\Users\Admin\Documents\Ryan S PayStub.pdf
2016-02-18 11:04 - 2016-05-12 09:39 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2016-02-18 10:42 - 2016-02-18 10:42 - 00029337 _____ C:\Users\Admin\Downloads\feb statement.pdf
2016-02-18 10:29 - 2016-02-18 10:35 - 00000000 ____D C:\Users\Admin\Desktop\FTP INFO
2016-02-17 14:24 - 2016-02-17 14:26 - 00000000 ____D C:\Users\Admin\Desktop\FTP LLC Info
2016-02-17 14:21 - 2016-02-17 16:29 - 00000127 _____ C:\Users\Admin\Desktop\FTP INFO.txt
2016-02-17 14:10 - 2016-05-04 12:24 - 00000000 ____D C:\Users\Admin\Documents\Outlook Files
2016-02-17 14:10 - 2016-02-17 14:10 - 00043733 _____ C:\Users\Admin\Downloads\noname.eml
2016-02-17 13:22 - 2016-02-17 16:23 - 00000600 _____ C:\Users\Admin\AppData\Local\PUTTY.RND
2016-02-17 11:38 - 2016-02-17 16:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FileZilla
2016-02-17 11:38 - 2016-02-17 11:38 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-02-17 11:38 - 2016-02-17 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-02-17 11:38 - 2016-02-17 11:38 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-02-17 11:27 - 2016-02-17 11:29 - 06567264 _____ (Tim Kosse) C:\Users\Admin\Downloads\FileZilla_3.15.0.2_win64-setup.exe
2016-02-17 10:52 - 2016-02-17 10:52 - 00001677 _____ C:\Users\Admin\Downloads\DMC - Acxiom Corporation.asc
2016-02-12 12:48 - 2016-02-12 12:48 - 00086895 _____ C:\Users\Admin\Documents\Tempe Municipal Court payment number 2.pdf
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-12 10:28 - 2015-08-27 10:58 - 00003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3570094928-320100918-4276683159-1000
2016-05-12 10:28 - 2015-08-27 10:58 - 00003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3570094928-320100918-4276683159-1000
2016-05-12 10:28 - 2015-08-27 10:58 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3570094928-320100918-4276683159-1000.job
2016-05-12 10:28 - 2015-08-27 10:58 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3570094928-320100918-4276683159-1000.job
2016-05-12 09:55 - 2015-10-20 12:50 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-12 09:54 - 2015-05-06 14:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 09:54 - 2015-04-16 09:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2016-05-12 09:53 - 2015-10-16 09:16 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-05-12 09:53 - 2015-10-16 09:16 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-05-12 09:51 - 2009-07-13 21:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-12 09:51 - 2009-07-13 21:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-12 09:49 - 2015-04-14 09:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-12 09:44 - 2009-07-13 19:34 - 00000466 _____ C:\Windows\win.ini
2016-05-12 09:40 - 2015-05-06 14:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2016-05-12 09:38 - 2015-10-20 12:50 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-12 09:38 - 2015-04-14 09:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-12 09:30 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-11 09:06 - 2015-04-16 14:32 - 00825434 _____ C:\Windows\system32\perfh00A.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00824056 _____ C:\Windows\system32\perfh013.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00796064 _____ C:\Windows\system32\perfh019.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00762730 _____ C:\Windows\system32\perfh00E.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00737616 _____ C:\Windows\system32\perfh005.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00733700 _____ C:\Windows\system32\perfh01D.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00692266 _____ C:\Windows\system32\perfh008.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00563866 _____ C:\Windows\system32\perfh014.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00553936 _____ C:\Windows\system32\perfh00B.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00465876 _____ C:\Windows\system32\perfh012.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00207818 _____ C:\Windows\system32\perfc00E.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00192728 _____ C:\Windows\system32\perfc00A.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00185264 _____ C:\Windows\system32\perfc013.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00180984 _____ C:\Windows\system32\perfc019.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00172072 _____ C:\Windows\system32\perfc005.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00171646 _____ C:\Windows\system32\perfc01D.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00145332 _____ C:\Windows\system32\perfc008.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00144984 _____ C:\Windows\system32\perfc012.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00132994 _____ C:\Windows\system32\perfc00B.dat
2016-05-11 09:06 - 2015-04-16 14:32 - 00121826 _____ C:\Windows\system32\perfc014.dat
2016-05-11 09:06 - 2015-04-16 10:23 - 00449034 _____ C:\Windows\system32\perfh00D.dat
2016-05-11 09:06 - 2015-04-16 10:23 - 00109358 _____ C:\Windows\system32\perfc00D.dat
2016-05-11 09:06 - 2015-04-16 10:14 - 00817898 _____ C:\Windows\system32\perfh010.dat
2016-05-11 09:06 - 2015-04-16 10:14 - 00177494 _____ C:\Windows\system32\perfc010.dat
2016-05-11 09:06 - 2015-04-16 10:10 - 00824444 _____ C:\Windows\system32\perfh00C.dat
2016-05-11 09:06 - 2015-04-16 10:10 - 00546188 _____ C:\Windows\system32\perfh001.dat
2016-05-11 09:06 - 2015-04-16 10:10 - 00180722 _____ C:\Windows\system32\perfc00C.dat
2016-05-11 09:06 - 2015-04-16 10:10 - 00119372 _____ C:\Windows\system32\perfc001.dat
2016-05-11 09:06 - 2015-04-16 10:02 - 00778988 _____ C:\Windows\system32\perfh007.dat
2016-05-11 09:06 - 2015-04-16 10:02 - 00179324 _____ C:\Windows\system32\perfc007.dat
2016-05-11 09:06 - 2009-07-13 22:13 - 13560024 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-11 09:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-05-11 09:00 - 2009-07-13 21:45 - 00451136 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-11 08:57 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 08:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-05-11 08:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-05-11 08:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-05-11 08:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-05-11 03:07 - 2015-04-16 09:23 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 03:01 - 2015-04-16 09:23 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 17:44 - 2015-04-14 09:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 17:44 - 2015-04-14 09:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 17:14 - 2015-05-15 08:26 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2016-05-10 17:11 - 2015-11-30 15:51 - 00000000 ____D C:\Users\Admin\.gimp-2.8
2016-05-10 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-10 16:33 - 2015-04-13 14:52 - 00000000 ____D C:\Windows\Panther
2016-05-09 17:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-05-09 16:02 - 2015-08-26 16:38 - 00000000 ____D C:\Users\Admin\Desktop\New folder
2016-05-06 21:11 - 2015-02-02 09:27 - 00003942 _____ C:\Windows\Cox_Business_CBOB.flt
2016-05-06 21:11 - 2015-02-02 09:27 - 00003850 _____ C:\Windows\Cox_Business_CBOB.blk
2016-05-06 14:48 - 2015-04-14 11:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-06 12:21 - 2015-11-10 11:37 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-06 12:20 - 2015-11-10 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-05 16:49 - 2015-04-13 14:50 - 00000000 ____D C:\Users\Admin
2016-05-05 16:49 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-05-05 16:49 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-03 08:58 - 2015-04-14 09:08 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-03 08:58 - 2015-04-14 09:08 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-25 18:18 - 2015-12-31 14:18 - 00000000 ____D C:\Users\Admin\Desktop\aparto
2016-04-22 10:22 - 2009-07-13 22:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-21 15:05 - 2010-11-20 20:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-18 09:57 - 2015-10-20 12:50 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-14 10:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-04-12 14:13 - 2015-05-06 14:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-12 14:13 - 2015-05-06 14:34 - 00000000 ____D C:\ProgramData\Adobe
 
==================== Files in the root of some directories =======
 
2015-11-30 16:19 - 2016-01-25 16:13 - 0000033 _____ () C:\Users\Admin\AppData\Roaming\AdobeWLCMCache.dat
2016-05-05 13:49 - 2016-05-05 13:49 - 0183121 _____ () C:\Users\Admin\AppData\Local\ars.cache
2016-05-05 13:49 - 2016-05-05 13:49 - 0717465 _____ () C:\Users\Admin\AppData\Local\census.cache
2016-05-05 13:01 - 2016-05-05 13:01 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-02-17 13:22 - 2016-02-17 16:23 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2016-05-10 17:10 - 2016-05-10 17:10 - 0002658 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2016-05-10 16:50 - 2016-05-10 16:50 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\Admin\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwfaq2k.dll
C:\Users\Admin\AppData\Local\Temp\MegaBackup.exe
C:\Users\Admin\AppData\Local\Temp\SecurDataStorE.exe
C:\Users\Admin\AppData\Local\Temp\_isB3B.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {6594ed1c-e227-11e4-a5a5-fc2991639889}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {6594ed1e-e227-11e4-a5a5-fc2991639889}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {6594ed1c-e227-11e4-a5a5-fc2991639889}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {6594ed1e-e227-11e4-a5a5-fc2991639889}
device                  ramdisk=[C:]\Recovery\6594ed1e-e227-11e4-a5a5-fc2991639889\Winre.wim,{6594ed1f-e227-11e4-a5a5-fc2991639889}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\6594ed1e-e227-11e4-a5a5-fc2991639889\Winre.wim,{6594ed1f-e227-11e4-a5a5-fc2991639889}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {6594ed1c-e227-11e4-a5a5-fc2991639889}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {6594ed1f-e227-11e4-a5a5-fc2991639889}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\6594ed1e-e227-11e4-a5a5-fc2991639889\boot.sdi
 
 
 
LastRegBack: 2016-05-09 13:33
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Admin (2016-05-12 10:33:39)
Running from C:\Users\Admin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-04-13 21:50:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-3570094928-320100918-4276683159-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3570094928-320100918-4276683159-500 - Administrator - Disabled)
Guest (S-1-5-21-3570094928-320100918-4276683159-501 - Limited - Disabled)
LEGAL-J (S-1-5-21-3570094928-320100918-4276683159-1003 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader for ScanSnap ™ 5.0 (HKLM-x32\...\{FB500000-0011-0000-0000-074957833700}) (Version: 11.0.298 - ABBYY)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_1_1) (Version: 19.1.1 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.3.12 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.3.12 - Balsamiq SRL) Hidden
calibre 64bit (HKLM\...\{D8905AF6-9F72-4BD8-BF37-51C5760B3CD5}) (Version: 2.48.0 - Kovid Goyal)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.3L10 - PFU)
CardMinder V5.3 (x32 Version: 5.3.10.1 - PFU) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
DokanSetup (Version: 0.6.40.0 - MegaBackup Corp) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
FileZilla Client 3.15.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.15.0.2 - Tim Kosse)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.17.0.4911 (HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\GoToMeeting) (Version: 7.17.0.4911 - CitrixOnline)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
iVMS-4200(v2.03) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.3.1.3 - hikvision)
join.me (HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\JoinMe) (Version: 2.3.1.1046 - LogMeIn, Inc.)
MegaBackup (HKLM-x32\...\{75244ce8-d3de-4ddf-bc6b-6e33fede64d1}) (Version: 1.0.1006.0 - MegaBackup Corp)
MegaBackup (Version: 1.0.1006.0 - MegaBackup Corp) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.51209 - Корпорация Майкрософт)
Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2, norsk språkpakke (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.5.2 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6868.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
Online Backup (HKLM\...\{581EDAA9-10D6-23D8-8ACC-450FCF547507}) (Version: 2.26.8.416 - Cox Business)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.5L30 - PFU)
ScanSnap Manager (x32 Version: 6.5.20.3.3 - PFU) Hidden
ScanSnap Manager (x32 Version: 6.5.30.9.6 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.6L10 - PFU)
ScanSnap Organizer (x32 Version: 5.6.10.1 - PFU LIMITED) Hidden
ScanSnap Receipt (HKLM-x32\...\ScanSnap Receipt) (Version: V1.5L30 - PFU)
ScanSnap Receipt (x32 Version: 1.5.30 - PFU) Hidden
TweakBit Driver Updater (HKLM-x32\...\{62D64B30-6E10-4C49-95FE-EDD8F8165DED}_is1) (Version: 1.7.1.1 - Auslogics Labs Pty Ltd)
Unity Web Player (HKU\S-1-5-21-3570094928-320100918-4276683159-1000\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
USSC Web Components (HKLM-x32\...\{C5E7CC49-0515-46D9-A03E-FB71FFE82FE5}_is1) (Version:  - )
Vectorworks 2016 (HKLM\...\Vectorworks 2016 2016) (Version: 2016 - Vectorworks)
VS2010MergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3570094928-320100918-4276683159-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\4670\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3570094928-320100918-4276683159-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1976DAD2-DDFB-4268-B843-39658F5165B8} - System32\Tasks\{723185A9-B36A-42BA-B5BD-9545049EBDAD} => C:\Users\Admin\Downloads\dotNetFx35setup.exe [2015-06-01] (Microsoft Corporation)
Task: {26779C29-44DB-45B8-8798-C3230D011E5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.)
Task: {30A2FEBF-75DB-4134-BB4B-5B042212CF19} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {31F53F4E-DB58-4B94-9752-DAD0DB49D8CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-29] (Microsoft Corporation)
Task: {36C9AECF-DC3C-4E60-8568-D1FCA90EBBA1} - System32\Tasks\{567137FC-70AD-4C08-8390-F91CE4FC2181} => C:\Program Files\Microsoft Research\Image Composite Editor\ICE.exe [2015-02-24] (Microsoft)
Task: {3814B479-68FA-4D7A-B331-7F999E45BF5F} - System32\Tasks\{0BD4D6EB-8785-4F33-BA36-F8DBE1E043D8} => C:\Users\Admin\Downloads\logonSessions\logonsessions (2).exe [2016-05-10] (Sysinternals)
Task: {40228E5D-248C-459F-8533-56FBD901C452} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {54269F2C-66D0-4360-8A8D-8F9B48B6A5F6} - System32\Tasks\{B59EF814-D5A3-4177-AA6B-CB5DC82ECAF1} => C:\Users\Admin\Downloads\logonSessions\logonsessions.exe [2016-05-10] (Sysinternals)
Task: {5782B0B7-6254-48F6-BA3C-0D2EB5CD7DB2} - System32\Tasks\TweakBit\Driver Updater\Time for deal => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [2016-04-25] (TweakBit) <==== ATTENTION
Task: {5B8BD00A-7417-474C-A027-DD7812AD281C} - System32\Tasks\{9BB06DF0-158B-4C1A-AF72-85CCB665E60E} => C:\Users\Admin\Downloads\dotNetFx35setup.exe [2015-06-01] (Microsoft Corporation)
Task: {5C56B2EB-1A7C-4C71-A0D4-47B4A666BC76} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-20] (Dropbox, Inc.)
Task: {7B4A5CC3-F145-409D-9CC6-E60945CBC0B9} - System32\Tasks\{EE59B2D8-A0F0-4F5C-A176-E0EDF34AEA40} => C:\Users\Admin\Downloads\logonSessions\logonsessions.exe [2016-05-10] (Sysinternals)
Task: {7E580BCF-72EB-48F9-A998-9A671D588C8B} - System32\Tasks\G2MUploadTask-S-1-5-21-3570094928-320100918-4276683159-1000 => C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\4911\g2mupload.exe [2016-05-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {8EAC888E-CE76-4110-90A0-BD5EC94F245D} - System32\Tasks\{61A27125-BDF0-4B9B-9BF7-714DB4468467} => C:\Users\Admin\Downloads\logonSessions\logonsessions (2).exe [2016-05-10] (Sysinternals)
Task: {8F6245A7-05BE-4D38-9174-A8908C0A38DC} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [2016-04-25] (TweakBit) <==== ATTENTION
Task: {912BCC70-FD2D-4CE3-B54D-B8A811534B6F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3570094928-320100918-4276683159-1000 => C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\4911\g2mupdate.exe [2016-05-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {94F9CC95-D6F8-4B86-938C-C57C9A5FECBB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {990066AD-ABB8-4D15-85EF-42F76CA3FAEC} - System32\Tasks\MegaBackupUpdater => C:\Program Files\MegaBackup Corp\MegaBackup\Current\Installer.exe [2015-10-09] (MegaBackup Corp)
Task: {ADEB8674-1CD8-4BA9-BD8F-38B4C26B5299} - System32\Tasks\{F2A67BA4-800B-43E4-B2BC-A82CF254CFC7} => pcalua.exe -a "C:\Users\Admin\Downloads\dotnetfx35setup (1).exe" -d C:\Users\Admin\Downloads
Task: {B4E02128-1621-40EF-972E-4430EF76FDA0} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [2016-04-25] (TweakBit) <==== ATTENTION
Task: {C22C488D-0234-4D12-8454-894CE97FEA45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.)
Task: {C62A45F1-1B44-461E-A34A-F96914BDF066} - System32\Tasks\{1EC7B296-E1DC-4962-B91E-4EAEFEC4482B} => C:\Users\Admin\Downloads\logonSessions\logonsessions.exe [2016-05-10] (Sysinternals)
Task: {D1548B7D-1C29-423A-94AD-4785A4961538} - System32\Tasks\MegaBackupSystemIsIdleChecker => Rundll32.exe "C:\Program Files\MegaBackup Corp\MegaBackup\Current\InstallUtil.dll" ComputerIsIdle
Task: {D6921B92-89AB-4918-8130-38930B1DE91F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
Task: {D8AEE7DF-3CEC-45AF-82D3-5309C81D9EB4} - System32\Tasks\{8CE4855B-665A-4901-9A28-0B7A0D2C6836} => pcalua.exe -a C:\Users\Admin\Downloads\dotnetfx35.exe -d C:\Users\Admin\Downloads
Task: {DC71A389-0511-4693-A7FC-892F573C18CD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-20] (Dropbox, Inc.)
Task: {ED2DCC4D-61BF-42F0-A0CD-E631D51DAD3E} - System32\Tasks\{EC9801E1-96B4-468D-850F-706CA9547B96} => C:\Program Files\Microsoft Research\Image Composite Editor\ICE.exe [2015-02-24] (Microsoft)
Task: {F2374F29-A5D9-4F0E-811F-ECC4128A9081} - System32\Tasks\{445A0957-A30A-480F-AC6C-B5FF4E49E73C} => C:\Users\Admin\Downloads\logonSessions\logonsessions (2).exe [2016-05-10] (Sysinternals)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3570094928-320100918-4276683159-1000.job => C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\4911\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3570094928-320100918-4276683159-1000.job => C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\4911\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-10 11:35 - 2016-04-29 07:29 - 00417472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-10 12:45 - 2016-02-10 12:45 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-05-03 08:58 - 2016-04-27 16:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-03 08:58 - 2016-04-27 16:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2016-05-03 08:58 - 2016-04-27 16:25 - 17536664 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3570094928-320100918-4276683159-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\Windows\pss\CardMinder Viewer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Conversion to PDF with ScanSnap Organizer.lnk => C:\Windows\pss\Conversion to PDF with ScanSnap Organizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScanSnap Manager.lnk => C:\Windows\pss\ScanSnap Manager.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: ScanSnap OnlineUpdate Watcher => "C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe" -StartOS
MSCONFIG\startupreg: ScanSnap WIA Service Checker => C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{434537C9-DFCA-4F72-BDBE-D48B19CF4BAE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
 
==================== Restore Points =========================
 
29-04-2016 12:09:55 Windows Update
03-05-2016 08:59:52 Windows Update
06-05-2016 16:13:12 Windows Update
10-05-2016 13:16:29 Windows Update
11-05-2016 03:00:26 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/12/2016 09:39:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: App.exe, version: 1.0.1006.0, time stamp: 0x5628d91a
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0xc24
Faulting application start time: 0xApp.exe0
Faulting application path: App.exe1
Faulting module path: App.exe2
Report Id: App.exe3
 
Error: (05/12/2016 09:32:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/12/2016 09:29:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: App.exe, version: 1.0.1006.0, time stamp: 0x5628d91a
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0xa34
Faulting application start time: 0xApp.exe0
Faulting application path: App.exe1
Faulting module path: App.exe2
Report Id: App.exe3
 
Error: (05/12/2016 09:20:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2016 09:01:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2016 09:54:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2016 05:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x834
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (05/10/2016 05:56:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SetupHost.Exe, version: 10.0.10586.117, time stamp: 0x56bf06fc
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d
Exception code: 0xc0000374
Fault offset: 0x000ce843
Faulting process id: 0x1f8c
Faulting application start time: 0xSetupHost.Exe0
Faulting application path: SetupHost.Exe1
Faulting module path: SetupHost.Exe2
Report Id: SetupHost.Exe3
 
Error: (05/10/2016 05:08:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x2128
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
 
Error: (05/10/2016 12:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: App.exe, version: 1.0.1006.0, time stamp: 0x5628d91a
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0xd6c
Faulting application start time: 0xApp.exe0
Faulting application path: App.exe1
Faulting module path: App.exe2
Report Id: App.exe3
 
 
System errors:
=============
Error: (05/12/2016 09:22:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {96D1EED3-701E-4FE5-B996-A543A8465897}
 
Error: (05/11/2016 09:09:41 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (05/11/2016 08:56:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%6701
 
Error: (05/11/2016 08:55:58 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
 
Error: (05/10/2016 06:35:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/10/2016 04:51:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: 
%%1056
 
Error: (05/10/2016 04:50:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: 
%%1056
 
Error: (05/10/2016 04:49:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Collector service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/10/2016 04:49:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (05/10/2016 04:49:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-04-14 12:34:27.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 12:34:27.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 12:34:27.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 12:34:27.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 12:34:27.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 12:34:27.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600S CPU @ 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 8174.54 MB
Available physical RAM: 4798.02 MB
Total Virtual: 16347.25 MB
Available Virtual: 12485.59 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:757.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000D6849)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:37 AM

Posted 17 May 2016 - 07:20 AM

straylightfire:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall. I would like to address you by your first name, if that is alright with you since we will be working together.
 

 

I will be assisting you with your computer issues. All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 

 

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.


PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

 

IF YOU HAVE RUN ADDITIONAL ANTI-MALWARE TOOLS OR MADE CHANGES TO YOUR COMPUTER SINCE THE DATE OF YOUR FRST LOGS, PLEASE SUBMIT NEW FRST LOGS AS SOON AS POSSIBLE AND ENSURE THAT "ADDITION.TXT" IS CHECKED.

 

Please copy and paste the new FRST logs into your next reply.
 

 

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:37 AM

Posted 19 May 2016 - 03:24 PM

straylightfire:

Thank you for your patience while I reviewed your FRST logs and consulted with the Malware Response Instructor assigned to supervise me while I assist you to resolve your computer issues.


Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:
  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.
OK, let's get started ...
 
 
I notice that you have TweakBit Driver Updater installed. It is considered a Potentially Unwanted Program and adware. See this link for more information. Bleeping Computer does not recommend the use of PC or Registry Optimizers and other such software; however, it is your computer and your decision. You can find some interesting information, here, written by Quietman7, an acknowledged Bleeping Computer expert on the subject.

I also note in the FRST log that a Group Policy Restriction set. Have you set up parental controls or otherwise restricted access to some users on your computer? 
 

GroupPolicyUsers\S-1-5-21-3570094928-320100918-4276683159-1003\User: Restriction <======= ATTENTION

.
 
 
:step1: Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry, like TweakBit Driver Updater, that you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • Please do not run the "CLEAN" scan, unless you are certain that you don't want to keep any of the PUPs, adware, etc., that are detected. I would prefer to examine the AdwCleaner log and then, in our next post, run the "CLEAN" function for the genuinely unwanted apps. I also want to ensure that there are no apparent "false positives", which does occur from time to time.
.
 
:step2: Please copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Downloads folder.

NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log in the Downloads folder. (Fixlog.txt). Please copy and paste it into your reply.
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
File: C:\Users\Admin\Downloads\sfp.zip
 .
 
:step3: Kaspersky does not appear to be installed correctly on your computer, which is reporting errors dating back to April. Please go here and download the Kaspersky Removal Tool (kavremvr.exe) and follow the instructions to remove all remnants of Kaspersky. Reboot your computer and attempt to reinstall Kaspersky.
 
.

:step4: Please let me provide the following information in your next response.
  • Do you want to keep the TweakBit Driver Updater?
  • Did you set up any kind of restrictions on one or more User Accounts on your computer?
  • Please copy and paste the "fixlog.txt" in your next reply.
  • Please tell me whether the Kaspersky uninstall and reinstall worked?
  • Please provide a new set of FRST logs. I want only the "FRST.txt" scan and the "Addition.txt" scan. Please copy and paste the logs into your next reply.
.
 
Thank you and have a great day.

Regards,
-Phil

Edited by Oh My!, 19 May 2016 - 08:04 PM.

Member of the Unified Network of Instructors and Trusted Eliminators


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:37 AM

Posted 22 May 2016 - 09:32 AM

straylightfire:

 

I have not heard from you in three days.  Do you still require assistance?

 

If I have not heard back from you in the next two days, a Moderator will close this topic in accordance with Forum rules.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:37 AM

Posted 24 May 2016 - 12:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users