Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Every time malwarebytes does a scan it finds rootkit.fileless.mtgen


  • This topic is locked This topic is locked
8 replies to this topic

#1 foolanger

foolanger

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 24 May 2016 - 10:13 PM

I believe my computer has a virus.  Every time I do a malwarebytes scan it finds rootkit.fileless.mtgen and every time I delete it but it doesn't go away.  Is there any way to fix this without formatting my computer?  Can anyone help?


Edited by foolanger, 24 May 2016 - 10:29 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 25 May 2016 - 08:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 foolanger

foolanger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 25 May 2016 - 11:12 AM

Thanks for your help.  Here is the adwcleaner file.  I will do the other scan now.

Attached Files



#4 foolanger

foolanger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 25 May 2016 - 11:38 AM

Here is the FRST Info:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016
Ran by Office (administrator) on OFFICE-PC (25-05-2016 12:35:01)
Running from C:\Users\Office\Desktop
Loaded Profiles: Office (Available Profiles: Office & LogMeInRemoteUser & Test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CyberDefender Corp.) C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2010-12-30] (Dell)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\Run: [**jyhysb<*>] => "C:\Users\Office\AppData\Local\7c4f78\512037.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\5.2.2.3\buShell.dll [2011-03-25] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\5.2.2.3\buShell.dll [2011-03-25] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\5.2.2.3\buShell.dll [2011-03-25] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-12-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-12-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-12-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser.Office-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-12-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk [2016-05-22]
ShortcutTarget: 3281f9.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2016-05-16]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\PROGRA~1\MID171~1\ENDPOI~1\318FB7~1.0\WhlNSP.dll [147696 2013-01-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C714CD94-E647-4B6B-B868-920C3C280711}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {D92D1FF8-1A34-4352-B429-5B69FCA0E759} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {78AE6F8C-F1BD-4D8A-9894-59AF4EBCC58A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3424708358-251783902-2140248591-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} hxxps://www.ueclassroom.sprint.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: HKLM-x32 {220D02A2-6F7F-4B02-B37C-0F9F61AFED33} hxxp://reapp.landmarkcr.com/ClientApps/iePrintTools.dll
DPF: HKLM-x32 {254AA86E-5655-4518-AA87-185D7CC41801} hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://dara.sprint.com/InternalSite/WhlCompMgr.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2328
Handler: WSWSVCUchrome - No CLSID Value
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\fnevyd2k.default-1431763118671
FF NewTab: hxxps://www.google.com/?gws_rd=ssl
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-22] ()
FF Plugin: @Citrix.com/npagee64,version=10.0.76.7 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2013-05-22] (Citrix Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Citrix.com/npagee,version=10.0.76.7 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2013-05-22] (Citrix Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3424708358-251783902-2140248591-1000: @Citrix.com/npagee,version=10.0.76.7 -> C:\Users\Office\AppData\Local\Citrix\Secure Access Client\npagee.dll [2013-05-22] (Citrix Systems, Inc.)
FF Plugin HKU\S-1-5-21-3424708358-251783902-2140248591-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Office\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3424708358-251783902-2140248591-1000: l1inc.com/iGolfSync -> C:\Users\Office\AppData\Roaming\L1 Technologies, Inc\iGolfSync\0.4.0.30\npiGolfSync.dll [2014-07-23] (L1 Technologies, Inc.)
FF Plugin HKU\S-1-5-21-3424708358-251783902-2140248591-1000: LWA64Plugin15.8 -> C:\Users\Office\AppData\Roaming\Mozilla\Plugins\npLWA64Plugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Office\AppData\Roaming\mozilla\plugins\npagee.dll [2013-05-22] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Office\AppData\Roaming\mozilla\plugins\npagee64.dll [2013-05-22] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-10-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Office\AppData\Roaming\mozilla\plugins\npLWA64Plugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Extension: LogMeIn, Inc. Rescue Technician Console - C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\fnevyd2k.default-1431763118671\Extensions\TechnicianConsole@logmeinrescue.com [2015-06-25] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-05-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2016-05-25] [not signed]

Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Office\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Remote Desktop) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-05-05]
CHR Extension: (AdBlock) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-05-15]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S4 CASprint; C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [124160 2008-10-15] (PCTEL)
R2 CDScheduler; C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe [735352 2012-03-26] (CyberDefender Corp.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-02] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-02] (Dropbox, Inc.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [517360 2015-09-09] (Microsoft Corporation)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
S4 IQ.Core.UpdateFoundation.WindowsService; C:\Program Files (x86)\iQmetrix\IQ.Core.UpdateFoundation.WindowsService.exe [133632 2015-10-02] (iQmetrix Software Development Corporation) [File not signed]
S4 iqpay-4400; C:\Program Files (x86)\iQmetrix\RQ4\IQ.Pay\IQ.Pay.exe [141824 2016-04-06] (iQmetrix) [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2016-04-26] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [508936 2016-04-26] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 MSSQL$UPSWSDBSERVER; c:\PROGRAM FILES (X86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S4 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S4 SprintRcAppSvc; C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe [111872 2008-10-15] (PCTEL)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169200 2013-01-22] (Microsoft Corporation)
S4 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20160521.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
S3 BR_MCU; C:\Windows\System32\Drivers\br_mcu2usb.sys [23552 2009-12-08] (Windows ® Win 7 DDK provider)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-05-21] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20160524.004\IDSvia64.sys [876248 2016-05-24] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [29184 2007-06-20] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20160524.040\ENG64.SYS [138456 2016-05-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20160524.040\EX64.SYS [2148056 2016-05-17] (Symantec Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2008-10-15] (PCTEL Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited) [File not signed]
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-10-15] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [202248 2008-10-15] (Sierra Wireless Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S1 fmiyuoia; \??\C:\Windows\system32\drivers\fmiyuoia.sys [X]
S1 ghlshnwb; \??\C:\Windows\system32\drivers\ghlshnwb.sys [X]
S1 hspudjio; \??\C:\Windows\system32\drivers\hspudjio.sys [X]
S1 ibmbvfxm; \??\C:\Windows\system32\drivers\ibmbvfxm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 khyvdhfc; \??\C:\Windows\system32\drivers\khyvdhfc.sys [X]
S1 kqwhzlkr; \??\C:\Windows\system32\drivers\kqwhzlkr.sys [X]
S1 llzgbakp; \??\C:\Windows\system32\drivers\llzgbakp.sys [X]
S1 lmlbpbye; \??\C:\Windows\system32\drivers\lmlbpbye.sys [X]
S1 ofjbskrp; \??\C:\Windows\system32\drivers\ofjbskrp.sys [X]
S1 qgekftwp; \??\C:\Windows\system32\drivers\qgekftwp.sys [X]
S1 rvirpbnk; \??\C:\Windows\system32\drivers\rvirpbnk.sys [X]
S1 sokohliz; \??\C:\Windows\system32\drivers\sokohliz.sys [X]
S1 sqdqghuq; \??\C:\Windows\system32\drivers\sqdqghuq.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 12:31 - 2016-05-25 12:32 - 00054704 _____ C:\Users\Office\Desktop\Addition.txt
2016-05-25 12:28 - 2016-05-25 12:35 - 00032741 _____ C:\Users\Office\Desktop\FRST.txt
2016-05-25 12:27 - 2016-05-25 12:35 - 00000000 ____D C:\FRST
2016-05-25 12:11 - 2016-05-25 12:11 - 00002924 _____ C:\Users\Office\Desktop\AdwCleaner file.txt
2016-05-25 12:07 - 2016-05-25 12:07 - 02382848 _____ (Farbar) C:\Users\Office\Desktop\FRST64.exe
2016-05-25 02:58 - 2016-05-25 03:03 - 00236132 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_02.58.50_log.txt
2016-05-25 02:58 - 2015-12-11 22:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Office\Desktop\TDSSKiller.exe
2016-05-25 02:48 - 2016-03-11 14:53 - 00380928 _____ C:\Users\Office\Desktop\gmer.exe
2016-05-25 02:47 - 2016-05-25 02:47 - 00380928 _____ C:\Users\Office\Downloads\lw8shkbo.exe
2016-05-25 02:45 - 2009-08-13 11:14 - 00472064 _____ ( ) C:\Users\Office\Desktop\RootRepeal.exe
2016-05-24 09:22 - 2016-05-24 09:22 - 00197842 _____ C:\Users\Office\Desktop\DC Communications Financials.pdf
2016-05-24 00:10 - 2016-05-24 00:10 - 00015799 _____ C:\Users\Office\Desktop\INVENTORY MAY 24.xlsx
2016-05-23 22:32 - 2016-05-23 22:32 - 00002995 _____ C:\Users\Office\Desktop\mayaguez giveback may 23.pdf
2016-05-23 22:25 - 2016-05-23 22:25 - 00003109 _____ C:\Users\Office\Desktop\hatillo giveback may 23.pdf
2016-05-23 22:14 - 2016-05-23 22:14 - 00003055 _____ C:\Users\Office\Desktop\ponce giveback may 23.pdf
2016-05-23 17:55 - 2016-05-23 17:55 - 00377949 _____ C:\Users\Office\Desktop\ricks chicken 2013 returns.pdf
2016-05-23 15:56 - 2016-05-23 15:56 - 00069511 _____ C:\Users\Office\Downloads\dilugisonspainting_estimate_76.pdf
2016-05-23 14:00 - 2016-05-23 14:00 - 00201413 _____ C:\Users\Office\Desktop\healthcare neil.pdf
2016-05-23 12:22 - 2016-05-23 12:22 - 00024017 _____ C:\Users\Office\Desktop\NEW LOCATIONS.xlsx
2016-05-23 10:19 - 2016-05-23 10:19 - 00224314 _____ C:\Users\Office\Downloads\CMP01599620160331234311.pdf
2016-05-23 10:19 - 2016-05-23 10:19 - 00224314 _____ C:\Users\Office\Downloads\CMP01599620160331234311 (1).pdf
2016-05-22 23:18 - 2016-05-22 23:18 - 00000194 _____ C:\Users\Office\Desktop\Isabela codes.txt
2016-05-22 23:16 - 2016-05-22 23:17 - 00000000 ____D C:\Users\Office\Desktop\isabela
2016-05-22 14:39 - 2016-05-22 15:32 - 00000000 ____D C:\Users\Office\Desktop\family
2016-05-22 14:35 - 2016-05-22 14:35 - 00000883 _____ C:\Users\Office\Desktop\ROSS.lnk
2016-05-22 14:35 - 2016-05-22 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROSS
2016-05-22 14:26 - 2016-05-23 13:40 - 00000000 ____D C:\Users\Office\AppData\Local\7c4f78
2016-05-22 14:22 - 2016-05-25 11:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-22 14:22 - 2016-05-22 14:22 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-22 14:22 - 2016-05-22 14:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-22 14:22 - 2016-05-22 14:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-22 14:21 - 2016-05-22 14:21 - 01193680 _____ (Adobe Systems Incorporated) C:\Users\Office\Downloads\flashplayer21_jd_install.exe
2016-05-22 14:15 - 2016-05-22 14:18 - 00236578 _____ C:\TDSSKiller.3.1.0.9_22.05.2016_14.15.42_log.txt
2016-05-22 14:15 - 2016-05-22 14:15 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Office\Downloads\tdsskiller(1).exe
2016-05-22 01:07 - 2016-05-22 01:07 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Office\Downloads\rkill.exe
2016-05-22 01:07 - 2016-05-22 01:07 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Office\Downloads\rkill64.exe
2016-05-22 01:03 - 2016-05-22 01:06 - 00472216 _____ C:\TDSSKiller.3.1.0.9_22.05.2016_01.03.35_log.txt
2016-05-22 01:03 - 2016-05-22 01:03 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Office\Downloads\tdsskiller.exe
2016-05-22 00:42 - 2016-05-22 00:42 - 00380928 _____ C:\Users\Office\Downloads\5hy6yl2g.exe
2016-05-22 00:33 - 2016-05-22 00:33 - 00000000 _____ C:\autoexec.bat
2016-05-22 00:29 - 2016-05-22 01:06 - 00000000 ____D C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-05-22 00:29 - 2016-05-22 00:29 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-05-22 00:29 - 2016-05-22 00:29 - 00000000 ____D C:\sh4ldr
2016-05-21 22:33 - 2016-05-21 23:45 - 00000000 ____D C:\Users\Office\Desktop\mbar
2016-05-21 22:33 - 2016-05-21 23:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-21 22:33 - 2016-05-21 22:33 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Office\Downloads\mbar-1.09.3.1001(1).exe
2016-05-21 22:32 - 2016-05-21 22:32 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Office\Downloads\mbar-1.09.3.1001.exe
2016-05-21 21:45 - 2016-05-23 17:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-21 21:45 - 2016-05-21 21:45 - 00002009 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-05-21 18:50 - 2016-05-21 19:16 - 00153224 _____ C:\Windows\ntbtlog.txt
2016-05-21 17:45 - 2016-05-21 17:45 - 00046960 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-05-21 02:10 - 2016-05-21 02:10 - 03651136 _____ C:\Users\Office\Desktop\adwcleaner_5.117.exe
2016-05-21 01:16 - 2016-05-21 01:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-05-21 01:13 - 2016-05-21 01:16 - 00484284 _____ C:\TDSSKiller.3.1.0.9_21.05.2016_01.13.14_log.txt
2016-05-19 23:02 - 2016-05-19 23:02 - 00008879 _____ C:\Users\Office\Desktop\ramon april 2016 sales.xlsx
2016-05-19 21:39 - 2016-05-21 08:47 - 00000444 _____ C:\Windows\system32\.crusader
2016-05-19 21:18 - 2016-05-19 21:40 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-19 21:18 - 2016-05-19 21:18 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-19 21:18 - 2016-05-19 21:18 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-19 21:15 - 2016-05-19 21:18 - 11438608 _____ (SurfRight B.V.) C:\Users\Office\Downloads\hitmanpro_x64.exe
2016-05-19 21:14 - 2016-05-19 21:14 - 00000022 _____ C:\Users\Office\Downloads\ESETPoweliksCleaner.exe_20160519.211455.6456.zip
2016-05-19 21:14 - 2016-05-19 21:14 - 00000022 _____ C:\Users\Office\Downloads\ESETPoweliksCleaner.exe_20160519.211418.11064.zip
2016-05-19 21:13 - 2016-05-19 21:13 - 00224968 _____ (ESET) C:\Users\Office\Downloads\ESETPoweliksCleaner.exe
2016-05-19 15:06 - 2016-05-21 19:04 - 00000000 ____D C:\Users\Office\AppData\Local\ElevatedDiagnostics
2016-05-17 23:18 - 2016-05-17 23:18 - 00001058 _____ C:\Users\Office\Desktop\Battle.net.lnk
2016-05-17 01:21 - 2016-05-17 01:39 - 00000000 ____D C:\Program Files (x86)\COMODO
2016-05-17 01:20 - 2016-05-17 01:39 - 00000000 ____D C:\ProgramData\COMODO
2016-05-17 01:20 - 2016-05-17 01:34 - 00010443 _____ C:\Users\Office\Desktop\inventory 5 17.xlsx
2016-05-17 01:20 - 2016-05-17 01:20 - 05823752 _____ (COMODO) C:\Users\Office\Downloads\ccav_installer.exe
2016-05-16 20:26 - 2016-05-16 20:26 - 11374528 _____ (VS Revo Group ) C:\Users\Office\Downloads\RevoUninProSetup(2).exe
2016-05-16 16:05 - 2016-05-16 16:05 - 00081725 _____ C:\Users\Office\Desktop\Wire from Etrade.pdf
2016-05-16 14:42 - 2016-05-16 14:42 - 00002655 _____ C:\Users\Test\Desktop\Microsoft Office Excel 2007.lnk
2016-05-16 11:40 - 2016-05-16 11:40 - 00000000 ____D C:\Users\Test\AppData\Local\New Covenant Software
2016-05-16 11:34 - 2016-05-16 11:34 - 00000000 ____D C:\Users\Test\AppData\Roaming\Sun
2016-05-16 11:34 - 2016-05-16 11:34 - 00000000 ____D C:\Users\Test\AppData\LocalLow\Sun
2016-05-16 11:34 - 2016-05-16 11:34 - 00000000 ____D C:\Users\Test\.oracle_jre_usage
2016-05-16 11:32 - 2016-05-16 11:32 - 00002217 _____ C:\Users\Test\Desktop\Google Chrome.lnk
2016-05-16 11:30 - 2016-05-16 10:34 - 01396949 _____ (New Covenant Software ) C:\Users\Test\Desktop\ROSS_setup.exe
2016-05-16 11:29 - 2016-05-16 11:29 - 00126304 _____ C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-16 11:29 - 2016-05-16 11:29 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-16 11:29 - 2016-05-16 11:29 - 00001415 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-16 11:29 - 2016-05-16 11:29 - 00000225 _____ C:\Users\Test\Desktop\RQ4.iqapp
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\Documents\Bluetooth Exchange Folder
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iQmetrix
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\AppData\Roaming\ICAClient
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\AppData\Roaming\Dell
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\AppData\Local\Stardock_Corporation
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\AppData\Local\Google
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\AppData\Local\Citrix
2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Test\AppData\Local\Broadcom
2016-05-16 11:28 - 2016-05-16 11:34 - 00000000 ____D C:\Users\Test
2016-05-16 11:28 - 2016-05-16 11:28 - 00000020 ___SH C:\Users\Test\ntuser.ini
2016-05-16 11:28 - 2016-05-16 11:28 - 00000000 _SHDL C:\Users\Test\My Documents
2016-05-16 11:28 - 2016-05-16 11:28 - 00000000 _SHDL C:\Users\Test\Documents\My Videos
2016-05-16 11:28 - 2016-05-16 11:28 - 00000000 _SHDL C:\Users\Test\Documents\My Pictures
2016-05-16 11:28 - 2016-05-16 11:28 - 00000000 _SHDL C:\Users\Test\Documents\My Music
2016-05-16 11:28 - 2016-05-16 11:28 - 00000000 ____D C:\Users\Test\AppData\Local\NVIDIA Corporation
2016-05-16 11:28 - 2016-05-16 11:28 - 00000000 ____D C:\Users\Test\AppData\Local\NVIDIA
2016-05-16 11:28 - 2015-09-14 15:51 - 00002062 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-16 11:28 - 2011-03-22 01:41 - 00000000 ____D C:\Users\Test\AppData\Local\Microsoft Help
2016-05-16 11:28 - 2011-01-30 23:29 - 00000000 ____D C:\Users\Test\AppData\Roaming\Macromedia
2016-05-16 11:28 - 2010-12-23 15:10 - 00000000 ____D C:\Users\Test\AppData\Local\SoftThinks
2016-05-16 11:28 - 2009-07-14 03:44 - 00000000 ____D C:\Users\Test\AppData\Roaming\Media Center Programs
2016-05-16 11:10 - 2016-05-22 14:36 - 00000000 ____D C:\Users\Office\AppData\Roaming\ROSS
2016-05-16 11:10 - 2016-03-06 23:44 - 01735680 _____ (New Covenant Software) C:\Users\Office\Desktop\ROSS.exe
2016-05-16 10:34 - 2016-05-16 10:34 - 01396949 _____ (New Covenant Software ) C:\Users\Office\Desktop\ROSS_setup.exe
2016-05-16 10:07 - 2016-05-16 10:07 - 00009872 _____ C:\Users\Office\Downloads\invoices-export (56).csv
2016-05-16 10:06 - 2016-05-16 10:06 - 00009619 _____ C:\Users\Office\Downloads\invoices-export (55).csv
2016-05-16 10:05 - 2016-05-16 10:05 - 00001969 _____ C:\Users\Office\Downloads\invoices-export (54).csv
2016-05-15 23:19 - 2016-05-05 10:36 - 00022512 _____ C:\Users\Office\AppData\Local\Z@S!-88eba58a-a5f1-4be4-8d64-bd27abcee1ba.tmp
2016-05-15 02:43 - 2016-05-15 02:43 - 00000000 ____D C:\Users\Office\AppData\Roaming\98b683
2016-05-12 23:38 - 2016-05-12 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 12:59 - 2016-05-11 12:59 - 01551833 _____ C:\Users\Office\Desktop\stucco inspection.pdf
2016-05-11 12:58 - 2016-05-11 12:58 - 01548556 _____ C:\Users\Office\Downloads\Hal Kafenski.pdf
2016-05-11 11:18 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 11:18 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 11:18 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 11:18 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 11:18 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 11:18 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 11:18 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 11:18 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 11:18 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 11:18 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 11:18 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 11:18 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 11:18 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 11:18 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 11:18 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 11:18 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 11:18 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 11:18 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 11:18 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 11:18 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 11:18 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 11:18 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 11:18 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 11:18 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 11:18 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 11:18 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 11:18 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 11:18 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 11:18 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 11:18 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 11:18 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 11:18 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 11:18 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 11:18 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 11:18 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 11:18 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-10 13:55 - 2016-05-10 13:55 - 00188836 _____ C:\Users\Office\Desktop\mortgage payoff.pdf
2016-05-07 10:17 - 2016-05-07 10:17 - 47334032 _____ (Microsoft Corporation) C:\Users\Office\Downloads\SprintDAGinstall1.05.EXE
2016-05-06 07:31 - 2016-05-06 07:31 - 00455762 _____ C:\Users\Office\Downloads\Enrollment Contract 2016-2017_Final_Red_Park.pdf
2016-05-05 16:35 - 2016-05-05 16:35 - 00009047 _____ C:\Users\Office\Desktop\montehiedra phone order.xlsx
2016-05-05 14:14 - 2016-05-05 14:15 - 00973790 _____ C:\Users\Office\Desktop\2015 financials for Brightstar.pdf
2016-05-04 22:09 - 2016-05-04 22:09 - 00761042 _____ C:\Users\Office\Downloads\2015 3Q 499-R.pdf
2016-05-03 22:32 - 2016-05-08 12:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-03 10:08 - 2016-05-03 10:08 - 00141881 _____ C:\Users\Office\Desktop\Brighstar Wire May 3.pdf
2016-05-03 00:36 - 2016-05-04 22:12 - 00000000 ____D C:\Users\Office\Desktop\PR debt
2016-05-03 00:25 - 2016-05-03 00:25 - 00042758 _____ C:\Users\Office\Desktop\Letter of authorization.pdf
2016-05-02 14:37 - 2016-05-02 14:37 - 00000027 _____ C:\Users\Office\Downloads\bulkraupload-sample.csv
2016-04-29 10:23 - 2016-04-29 10:23 - 00017509 _____ C:\Users\Office\Downloads\PPN00000819.csv
2016-04-28 23:11 - 2016-04-28 23:11 - 00000020 _____ C:\Users\Office\Downloads\priceprotection-sample (16).csv
2016-04-28 23:10 - 2016-04-28 23:11 - 00003390 _____ C:\Users\Office\Desktop\lg g4 pricematch.csv
2016-04-28 23:09 - 2016-04-28 23:09 - 00000020 _____ C:\Users\Office\Downloads\priceprotection-sample (15).csv
2016-04-26 14:33 - 2016-04-26 14:33 - 00000165 ____H C:\Users\Office\Desktop\~$2013 PR Tax amdnedment.xlsx
2016-04-26 00:19 - 2016-04-26 00:19 - 00118707 _____ C:\Users\Office\Downloads\Form_SC-2915-A-SalesAndUseTaxMonthlyReturn_20160426.pdf
2016-04-25 23:25 - 2016-04-25 23:25 - 00000165 ____H C:\Users\Office\Desktop\~$breakdown of stores for ramon.xlsx
2016-04-25 22:53 - 2016-04-26 20:46 - 00020255 _____ C:\Users\Office\Desktop\2013 PR Tax amdnedment.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 12:33 - 2015-09-02 13:28 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-25 12:30 - 2014-05-08 14:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-25 12:25 - 2015-09-02 13:28 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-25 12:25 - 2015-08-18 17:05 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-05-25 12:25 - 2014-08-13 03:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-25 12:25 - 2014-05-08 14:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-25 12:23 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-25 12:13 - 2014-04-22 13:44 - 00000000 ____D C:\AdwCleaner
2016-05-25 03:42 - 2013-10-01 11:19 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A1B4273-EA63-4782-B450-2823F4504D46}
2016-05-25 03:14 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-25 03:14 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-25 02:36 - 2014-08-26 23:29 - 00000000 ____D C:\Users\Office\AppData\Local\Battle.net
2016-05-24 21:21 - 2010-12-30 19:50 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-05-23 22:53 - 2013-07-28 15:07 - 00010353 _____ C:\Users\Office\Desktop\rent addresses.xlsx
2016-05-23 22:08 - 2015-12-09 20:44 - 00000000 ____D C:\Users\Office\Desktop\Givebacks
2016-05-23 14:55 - 2015-09-02 13:29 - 00000000 ___RD C:\Users\Office\Dropbox
2016-05-23 13:40 - 2011-07-12 02:24 - 00000000 ____D C:\Users\Office\AppData\Local\CrashDumps
2016-05-22 15:26 - 2014-08-26 23:28 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-05-22 14:40 - 2011-10-15 17:41 - 00000000 ____D C:\Users\Office\AppData\Local\Windows Live
2016-05-22 14:33 - 2010-12-30 21:41 - 00000000 ____D C:\Windows\pss
2016-05-22 14:22 - 2010-12-31 01:35 - 00000000 ____D C:\Users\Office\AppData\Local\Adobe
2016-05-21 22:33 - 2014-08-13 03:18 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-21 21:46 - 2015-07-13 11:55 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-21 21:45 - 2011-01-30 23:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-21 18:34 - 2010-12-23 16:41 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-21 18:09 - 2012-09-03 00:28 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-19 23:00 - 2011-09-18 22:56 - 00000000 ____D C:\Users\Office\Desktop\WC sales tax
2016-05-17 10:23 - 2014-05-30 21:32 - 00018369 _____ C:\Users\Office\Documents\coy commissions.xlsx
2016-05-17 07:31 - 2011-01-04 12:04 - 00866994 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-17 07:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-17 01:40 - 2011-08-20 23:33 - 00000000 ____D C:\Users\Office\AppData\Roaming\uTorrent
2016-05-16 10:40 - 2011-08-05 12:34 - 00000000 ____D C:\Users\Office\AppData\Local\Deployment
2016-05-15 23:18 - 2011-08-05 12:34 - 00000000 ____D C:\Users\Office\AppData\Local\Apps\2.0
2016-05-15 21:51 - 2011-08-20 23:33 - 00000000 ____D C:\Users\Office\Desktop\movies
2016-05-15 21:51 - 2009-07-14 01:13 - 00849900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-15 20:33 - 2014-07-10 14:37 - 00000000 ____D C:\Users\Office\AppData\Roaming\WiseUpdate
2016-05-15 20:31 - 2011-03-24 17:15 - 00000000 ____D C:\ProgramData\LogMeIn
2016-05-15 20:29 - 2010-12-23 16:07 - 00000000 ____D C:\Windows\Panther
2016-05-15 20:15 - 2013-01-28 22:14 - 00000000 ____D C:\Users\Office\AppData\Roaming\Research In Motion
2016-05-15 20:15 - 2013-01-28 22:10 - 00000000 ____D C:\ProgramData\Research In Motion
2016-05-15 20:15 - 2011-11-06 15:05 - 00000000 ____D C:\Users\Office\AppData\Local\Research In Motion
2016-05-15 19:53 - 2014-08-13 03:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-15 19:53 - 2010-12-23 14:58 - 00000000 ____D C:\Windows\PCHEALTH
2016-05-15 16:28 - 2014-08-13 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-15 16:22 - 2015-06-02 00:12 - 00000000 ____D C:\Users\Office\AppData\Roaming\Skype
2016-05-15 16:18 - 2015-09-26 01:28 - 00000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-05-15 16:13 - 2015-05-24 14:19 - 00000000 ____D C:\ProgramData\Freemake
2016-05-15 16:13 - 2015-05-24 14:19 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-05-13 03:00 - 2015-04-15 04:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 23:38 - 2015-09-02 13:28 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-12 22:06 - 2015-11-06 23:53 - 00000000 ____D C:\Users\Office\Downloads\PopcornTime
2016-05-12 20:34 - 2014-05-08 14:09 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 05:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 03:37 - 2009-07-14 00:45 - 00462848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 03:35 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:16 - 2013-07-16 03:05 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 03:00 - 2010-12-30 21:21 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 22:25 - 2014-05-08 14:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 22:25 - 2014-05-08 14:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 12:30 - 2012-06-29 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-04 22:07 - 2011-04-05 10:33 - 00000000 ____D C:\Users\Office\Desktop\payroll
2016-04-26 22:52 - 2015-09-26 01:27 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-04-26 22:49 - 2013-03-18 23:42 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-04-26 22:49 - 2013-03-18 23:42 - 00100864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

==================== Files in the root of some directories =======

2013-01-12 18:39 - 2013-01-12 18:39 - 0003584 _____ () C:\Users\Office\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-29 02:30 - 2015-06-13 01:52 - 0007628 _____ () C:\Users\Office\AppData\Local\resmon.resmoncfg
2016-05-15 23:19 - 2016-05-05 10:36 - 0022512 _____ () C:\Users\Office\AppData\Local\Z@S!-88eba58a-a5f1-4be4-8d64-bd27abcee1ba.tmp
2014-07-10 09:38 - 2014-07-10 09:38 - 0000000 _____ () C:\Users\Office\AppData\Local\{1304FE8B-4A9D-480C-9983-78B921805089}
2014-07-10 07:52 - 2014-07-10 07:52 - 0000000 _____ () C:\Users\Office\AppData\Local\{1D4E5361-939F-4B7A-8F80-DE649BD36456}
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 _____ () C:\Users\Office\AppData\Local\{21A364EF-0FC3-4478-8F46-4D2F8E1E6805}
2014-07-10 10:08 - 2014-07-10 10:08 - 0000000 _____ () C:\Users\Office\AppData\Local\{2A53F3A8-B648-4941-ACCB-54038036092D}
2014-07-10 08:15 - 2014-07-10 08:15 - 0000000 _____ () C:\Users\Office\AppData\Local\{2D77454A-DE56-45A8-88BA-05221B41B54E}
2014-07-10 17:58 - 2014-07-10 17:58 - 0000000 _____ () C:\Users\Office\AppData\Local\{3A32E837-B7D5-4C63-87F8-83E59E07B30C}
2014-07-10 07:58 - 2014-07-10 07:58 - 0000000 _____ () C:\Users\Office\AppData\Local\{3A43B033-8E0E-45D5-8FF5-7049EFEC2827}
2014-07-10 09:56 - 2014-07-10 09:56 - 0000000 _____ () C:\Users\Office\AppData\Local\{3A459849-6875-405F-A324-4C30542F17F6}
2014-07-10 19:11 - 2014-07-10 19:11 - 0000000 _____ () C:\Users\Office\AppData\Local\{4C8EBBC1-E665-4FDF-A613-1753A4D7C056}
2014-07-10 08:21 - 2014-07-10 08:21 - 0000000 _____ () C:\Users\Office\AppData\Local\{53D7D3B4-37AF-49AB-B9A5-964EC3AB1349}
2014-07-10 10:14 - 2014-07-10 10:14 - 0000000 _____ () C:\Users\Office\AppData\Local\{627A03B5-A3B3-48DB-A882-14D62989FAFC}
2014-07-10 09:14 - 2014-07-10 09:14 - 0000000 _____ () C:\Users\Office\AppData\Local\{6D9FAC1B-5758-4D3E-A835-FBDDE445119B}
2014-07-10 08:10 - 2014-07-10 08:10 - 0000000 _____ () C:\Users\Office\AppData\Local\{73BCD252-62C0-45ED-B316-9EBA64EB2DE8}
2014-07-10 07:35 - 2014-07-10 07:35 - 0000000 _____ () C:\Users\Office\AppData\Local\{76EEFF05-A5D2-462F-8F01-EE526E3FE785}
2014-07-10 08:04 - 2014-07-10 08:04 - 0000000 _____ () C:\Users\Office\AppData\Local\{77D79EBA-64B3-476C-AA69-C463E51466D9}
2014-07-10 10:02 - 2014-07-10 10:02 - 0000000 _____ () C:\Users\Office\AppData\Local\{80E8A4DC-D650-4D84-8459-5A74A5BEE4B9}
2014-07-10 09:02 - 2014-07-10 09:02 - 0000000 _____ () C:\Users\Office\AppData\Local\{8605ED71-880F-48CA-B99E-5AC20BC966A6}
2014-07-10 18:11 - 2014-07-10 18:11 - 0000000 _____ () C:\Users\Office\AppData\Local\{8B22B74E-A6D4-4E5B-9B47-E36353AB627A}
2014-07-10 09:50 - 2014-07-10 09:50 - 0000000 _____ () C:\Users\Office\AppData\Local\{8E802513-426A-4371-B7FD-B5C5E7136998}
2014-07-10 09:44 - 2014-07-10 09:44 - 0000000 _____ () C:\Users\Office\AppData\Local\{92348274-A6DE-4C2B-ACB7-FA81A18DC7BF}
2014-07-10 09:08 - 2014-07-10 09:08 - 0000000 _____ () C:\Users\Office\AppData\Local\{9465063E-B3A3-4DCC-9F53-405C412841F4}
2014-07-10 18:29 - 2014-07-10 18:29 - 0000000 _____ () C:\Users\Office\AppData\Local\{96C51B4F-3CCD-44F6-B43F-0D448C0ECEB0}
2014-07-10 18:05 - 2014-07-10 18:05 - 0000000 _____ () C:\Users\Office\AppData\Local\{9B79634B-E8B1-4AFB-A6B3-E10D3B24480D}
2014-07-10 17:52 - 2014-07-10 17:52 - 0000000 _____ () C:\Users\Office\AppData\Local\{A54E0E14-F116-48F9-82B6-D3146F52592D}
2014-07-10 09:32 - 2014-07-10 09:32 - 0000000 _____ () C:\Users\Office\AppData\Local\{A551B63B-0F6B-4379-8661-EC0BAB7D906F}
2014-07-10 09:26 - 2014-07-10 09:26 - 0000000 _____ () C:\Users\Office\AppData\Local\{B3617C65-348D-4A37-89BB-2CA3561BF27B}
2014-07-10 10:20 - 2014-07-10 10:20 - 0000000 _____ () C:\Users\Office\AppData\Local\{B8F765C0-C511-46F5-B697-1165C6254F55}
2014-07-10 18:23 - 2014-07-10 18:23 - 0000000 _____ () C:\Users\Office\AppData\Local\{BAD3034F-8BE1-4AA6-8BEE-81E101D20B6C}
2014-07-10 17:34 - 2014-07-10 17:34 - 0000000 _____ () C:\Users\Office\AppData\Local\{BE44A9D7-11C8-456C-AEF5-39E28B0D580C}
2014-07-10 08:56 - 2014-07-10 08:56 - 0000000 _____ () C:\Users\Office\AppData\Local\{BEB2A611-BA61-4DB9-9FA3-0865941F4512}
2014-07-10 14:12 - 2014-07-10 14:12 - 0000000 _____ () C:\Users\Office\AppData\Local\{C004DFF9-5D6A-47C4-B955-659C737D16DF}
2014-07-10 07:47 - 2014-07-10 07:47 - 0000000 _____ () C:\Users\Office\AppData\Local\{C0A728CB-B4BA-422F-B212-E40567368051}
2014-07-10 17:40 - 2014-07-10 17:40 - 0000000 _____ () C:\Users\Office\AppData\Local\{C820C355-DC85-48D8-97C7-89783383B123}
2014-07-10 07:29 - 2014-07-10 07:29 - 0000000 _____ () C:\Users\Office\AppData\Local\{C844FEE0-2E7B-479E-9ED7-4FE4497110AD}
2014-07-10 17:46 - 2014-07-10 17:46 - 0000000 _____ () C:\Users\Office\AppData\Local\{DA8E4178-1904-49D3-B524-6A19E40F8624}
2014-07-10 08:50 - 2014-07-10 08:50 - 0000000 _____ () C:\Users\Office\AppData\Local\{DFFF0C9B-752C-484A-987C-A8A5C3F91245}
2014-07-10 19:05 - 2014-07-10 19:05 - 0000000 _____ () C:\Users\Office\AppData\Local\{E69A19D2-60A6-4B64-962A-00046EA05403}
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 _____ () C:\Users\Office\AppData\Local\{F3644822-CCC3-41EB-9889-A218E2AAA46E}
2014-07-10 08:27 - 2014-07-10 08:27 - 0000000 _____ () C:\Users\Office\AppData\Local\{F5B478A7-21B8-4B86-B1D7-931D96E5DE7B}
2014-07-10 08:45 - 2014-07-10 08:45 - 0000000 _____ () C:\Users\Office\AppData\Local\{F799C7BC-BB0B-4833-B04C-AAB29A026660}
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 _____ () C:\Users\Office\AppData\Local\{FB33F4E2-B9F3-4623-AAA7-C918604F2032}
2014-07-10 07:41 - 2014-07-10 07:41 - 0000000 _____ () C:\Users\Office\AppData\Local\{FC2D09B4-8943-40A9-8CC4-DF631F906B94}
2014-07-10 18:17 - 2014-07-10 18:17 - 0000000 _____ () C:\Users\Office\AppData\Local\{FC6B1B49-3068-4A1C-B21E-24A41F363F11}

Some files in TEMP:
====================
C:\Users\Office\AppData\Local\Temp\libeay32.dll
C:\Users\Office\AppData\Local\Temp\msvcr120.dll
C:\Users\Office\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-18 11:23

==================== End of FRST.txt ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 25 May 2016 - 12:58 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\Run: [**jyhysb<*>] => "C:\Users\Office\AppData\Local\7c4f78\512037.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk [2016-05-22]
ShortcutTarget: 3281f9.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3424708358-251783902-2140248591-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-05-03] [not signed]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Office\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
S4 LMIRfsClientNP; no ImagePath
S1 fmiyuoia; \??\C:\Windows\system32\drivers\fmiyuoia.sys [X]
C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk
S1 ghlshnwb; \??\C:\Windows\system32\drivers\ghlshnwb.sys [X]
S1 hspudjio; \??\C:\Windows\system32\drivers\hspudjio.sys [X]
S1 ibmbvfxm; \??\C:\Windows\system32\drivers\ibmbvfxm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 khyvdhfc; \??\C:\Windows\system32\drivers\khyvdhfc.sys [X]
S1 kqwhzlkr; \??\C:\Windows\system32\drivers\kqwhzlkr.sys [X]
S1 llzgbakp; \??\C:\Windows\system32\drivers\llzgbakp.sys [X]
S1 lmlbpbye; \??\C:\Windows\system32\drivers\lmlbpbye.sys [X]
S1 ofjbskrp; \??\C:\Windows\system32\drivers\ofjbskrp.sys [X]
S1 qgekftwp; \??\C:\Windows\system32\drivers\qgekftwp.sys [X]
S1 rvirpbnk; \??\C:\Windows\system32\drivers\rvirpbnk.sys [X]
S1 sokohliz; \??\C:\Windows\system32\drivers\sokohliz.sys [X]
S1 sqdqghuq; \??\C:\Windows\system32\drivers\sqdqghuq.sys [X]
C:\Users\Office\AppData\Local\7c4f78
C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk
C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please post the log and let me know what problem persists with this computer.

Include also the Addition.txt file that was created by the Farbar tool for my review.

#6 foolanger

foolanger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 25 May 2016 - 02:32 PM

Thank you for your help.  Here are the logs.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-05-2016
Ran by Office (2016-05-25 14:30:34) Run:1
Running from C:\Users\Office\Desktop
Loaded Profiles: Office (Available Profiles: Office & LogMeInRemoteUser & Test)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\Run: [**jyhysb<*>] => "C:\Users\Office\AppData\Local\7c4f78\512037.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk [2016-05-22]
ShortcutTarget: 3281f9.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3424708358-251783902-2140248591-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSWSVCUchrome - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-05-03] [not signed]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Office\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
S4 LMIRfsClientNP; no ImagePath
S1 fmiyuoia; \??\C:\Windows\system32\drivers\fmiyuoia.sys [X]
C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk
S1 ghlshnwb; \??\C:\Windows\system32\drivers\ghlshnwb.sys [X]
S1 hspudjio; \??\C:\Windows\system32\drivers\hspudjio.sys [X]
S1 ibmbvfxm; \??\C:\Windows\system32\drivers\ibmbvfxm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 khyvdhfc; \??\C:\Windows\system32\drivers\khyvdhfc.sys [X]
S1 kqwhzlkr; \??\C:\Windows\system32\drivers\kqwhzlkr.sys [X]
S1 llzgbakp; \??\C:\Windows\system32\drivers\llzgbakp.sys [X]
S1 lmlbpbye; \??\C:\Windows\system32\drivers\lmlbpbye.sys [X]
S1 ofjbskrp; \??\C:\Windows\system32\drivers\ofjbskrp.sys [X]
S1 qgekftwp; \??\C:\Windows\system32\drivers\qgekftwp.sys [X]
S1 rvirpbnk; \??\C:\Windows\system32\drivers\rvirpbnk.sys [X]
S1 sokohliz; \??\C:\Windows\system32\drivers\sokohliz.sys [X]
S1 sqdqghuq; \??\C:\Windows\system32\drivers\sqdqghuq.sys [X]
C:\Users\Office\AppData\Local\7c4f78
C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk
C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => key removed successfully
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**jyhysb<*> => value removed successfully
C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk => moved successfully
C:\Windows\System32\cmd.exe => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3424708358-251783902-2140248591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3424708358-251783902-2140248591-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Users\Office\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
Update service => service removed successfully
LMIRfsClientNP => service removed successfully
fmiyuoia => service removed successfully
"C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk" => not found.
ghlshnwb => service removed successfully
hspudjio => service removed successfully
ibmbvfxm => service removed successfully
IntcAzAudAddService => service removed successfully
khyvdhfc => service removed successfully
kqwhzlkr => service removed successfully
llzgbakp => service removed successfully
lmlbpbye => service removed successfully
ofjbskrp => service removed successfully
qgekftwp => service removed successfully
rvirpbnk => service removed successfully
sokohliz => service removed successfully
sqdqghuq => service removed successfully
C:\Users\Office\AppData\Local\7c4f78 => moved successfully
"C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3281f9.lnk" => not found.
"C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 1.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:32:14 ====

 

 

 

 

Here is the additional:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016
Ran by Office (2016-05-25 12:35:21)
Running from C:\Users\Office\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-30 21:45:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3424708358-251783902-2140248591-500 - Administrator - Disabled)
Guest (S-1-5-21-3424708358-251783902-2140248591-501 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-3424708358-251783902-2140248591-1014 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser.Office-PC
Office (S-1-5-21-3424708358-251783902-2140248591-1000 - Administrator - Enabled) => C:\Users\Office
Test (S-1-5-21-3424708358-251783902-2140248591-1015 - Administrator - Enabled) => C:\Users\Test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
µTorrent (HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
AlignmentUtility (x32 Version: 18.00.0000 - UPS) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BooRee-USB 1.00 (HKLM-x32\...\BooRee-USB 1.00) (Version:  - )
Brother MFL-Pro Suite MFC-7420 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCC (x32 Version: 18.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Centra Client (HKLM-x32\...\CentraClient) (Version:  - )
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Access Gateway Endpoint Analysis (HKLM\...\{8599215C-BC16-42D7-A2D0-C54697CDED73}) (Version: 10.0.76.7 - Citrix Systems, Inc.)
Citrix Access Gateway Endpoint Analysis (HKLM-x32\...\{4991DE2B-7A90-44FB-9416-6939CAD08366}) (Version: 10.0.76.7 - Citrix Systems, Inc.)
Citrix_Receiver_3_4 (HKLM-x32\...\Citrix_Receiver_3_4) (Version: 3.4 - )
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberDefender Framework (HKLM-x32\...\CyberDefender Framework) (Version: 1.3.0.4371 - CyberDefender Corp.)
CyberDefender Framework (x32 Version: 1.3.0.4371 - CyberDefender Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
FormsComponent (x32 Version: 18.00.0000 - UPS) Hidden
FOSS (x32 Version: 18.00.0000 - UPS) Hidden
Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 18.00.0000 - UPS)
iGolfSync (HKLM-x32\...\{9FF769C3-2DBA-4D91-8AA6-DEB9941539D0}) (Version: 0.4.0.30 - L1 Technologies, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iQmetrix Update Manager (HKLM-x32\...\{7495A7CD-D6AD-4543-A06D-52CBFBD88AC9}) (Version: 4.1.0.0 - iQmetrix)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LogMeIn (HKLM-x32\...\{1BC47D02-4412-4127-947E-A4A1DA060663}) (Version: 4.1.5704 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Lync Web App Plug-in (64-bit) (HKLM\...\{6825DBD0-EDC1-4E20-9072-00A7EDFAF516}) (Version: 15.8.8308.577 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSIChecker (x32 Version: 18.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
NA1Messenger (x32 Version: 18.00.0000 - Your Company Name) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 5.2.2.3 - Symantec Corporation)
NRF (x32 Version: 18.00.0000 - UPS) Hidden
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5922 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Pando (HKLM-x32\...\{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}) (Version: 2.5.2.2 - Pando Networks Inc.)
PolicyManager (x32 Version: 18.00.0000 - UPS) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time) <==== ATTENTION
Popcorn Time (HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\Popcorn Time) (Version:  - Popcorn Official) <==== ATTENTION
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Reconciler (x32 Version: 18.00.0000 - UPS) Hidden
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
ROSS 5 (HKLM-x32\...\ROSS_is1) (Version: 5.12 - New Covenant Software)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{694E85B6-CBA4-4C36-95E6-6575730CA136}) (Version: 6.5 - Silicon Laboratories, Inc.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sprint SmartView (HKLM\...\{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}) (Version: 1.20.0016.0 - Sprint)
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
SupportUtility (x32 Version: 18.00.0000 - UPS) Hidden
System (x32 Version: 18.00.0000 - UPS) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
UnifiedPrinting (x32 Version: 18.00.0000 - UPS) Hidden
Unity Web Player (HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 18.0 - UPS)
UPSDB (x32 Version: 18.00.0000 - UPS) Hidden
UPSICC (x32 Version: 18.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 18.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 18.00.0000 - UPS)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}) (Version: 16.0.9661 - WinZip Computing, S.L. )
Wise Registry Cleaner 9.17 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.17 - WiseCleaner.com, Inc.)
WorldShip (x32 Version: 18.00.0000 - UPS) Hidden
WSShared (x32 Version: 18.00.0000 - UPS) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3424708358-251783902-2140248591-1000_Classes\CLSID\{1542FC7D-8D51-43D5-B757-67C763F27BF4}\localserver32 -> C:\Users\Office\AppData\Local\Microsoft\LWAPlugin\x64\15.8\LWAVersionPlugin.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3424708358-251783902-2140248591-1000_Classes\CLSID\{96CAE7ED-F021-4FEB-A5E9-7CC58829A67A}\localserver32 -> C:\Users\Office\AppData\Local\Microsoft\LWAPlugin\x64\15.8\LWAPlugin.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {122C07A3-C7B7-427A-BC3D-898A7BD70E78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {164A2DA6-60B4-459C-A09C-8FC7775B8B6D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-02] (Dropbox, Inc.)
Task: {2C6C1D1D-BEF3-4E0E-830F-D84D57917833} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-02] (Dropbox, Inc.)
Task: {53C47C23-55CE-44F6-A5F8-A418077ACC63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {53F2DF9A-DAC3-4787-BEFB-2B4FFB3E8672} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {5ADA68F6-9444-4634-A16D-D8D3FFFE8313} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {5CCEB20A-581C-4495-A518-24116ABB16B5} - System32\Tasks\{888B0103-0339-4E26-A36A-EB3A553911A6} => pcalua.exe -a C:\Users\Office\Downloads\nsepa_setup64.exe -d C:\Users\Office\Downloads
Task: {67623E7A-C49F-4E39-8343-6C906E9481DD} - System32\Tasks\Symantec\Norton Error Processor 5.2.2.3 => C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {742EDFE3-FBE4-4A19-9724-46CC1101048C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {79398034-9DF9-4F42-ABEB-694B765B493A} - System32\Tasks\Google Updater and Installer => C:\Users\Office\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {7C705C67-FCED-4988-93D8-C5DAD3EF5346} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {A4C5EEE8-5659-4CB3-94A9-047DCEF840E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-22] (Adobe Systems Incorporated)
Task: {A57AE06A-1186-4461-9A8E-2461D18C8114} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28] ()
Task: {B01D3AE8-60D0-4648-B8EF-19B69E418A1B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {C59D8DFC-E639-4955-89A4-E39D271CBAE8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-01-23] ()
Task: {DF229A9D-46C1-439E-BED6-E846055238EE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {F00A144B-5C75-4E80-BA90-9CD9BDF4E2CC} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.2.3 => C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {F3094819-80CA-4C5A-97FD-D3FCB88D4AC3} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {F9F2E2BF-4244-4B16-B0F9-15DA09E4A46E} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Office\AppData\Local\7c4f78\512037.lnk -> C:\Users\Office\AppData\Local\7c4f78\f4f5c4.bat ()

==================== Loaded Modules (Whitelisted) ==============

2012-03-26 15:57 - 2012-03-26 15:57 - 01074808 _____ () C:\Program Files (x86)\Common Files\CyberDefender\DEL\DEL_dll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\dyndns.ws -> hxxps://wcaguadilla.dyndns.ws
IE trusted site: HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\inq.com -> inq.com
IE trusted site: HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\newcovsoft.com -> newcovsoft.com
IE trusted site: HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\nextel.com -> nextel.com
IE trusted site: HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\sprint.com -> hxxps://dara.sprint.com
IE trusted site: HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\sprintspectrum.com -> hxxps://eticketindirect.it.sprintspectrum.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-05-22 01:05 - 00000029 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3424708358-251783902-2140248591-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Office\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BlackBerry Device Manager => 3
MSCONFIG\Services: CASprint => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IQ.Core.UpdateFoundation.WindowsService => 2
MSCONFIG\Services: iqpay-4400 => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMIMaint => 2
MSCONFIG\Services: LogMeIn => 2
MSCONFIG\Services: McMPFSvc => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: mfefire => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: nTuneService => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SprintRcAppSvc => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: UpdateCenterService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\Windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\Windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Office^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^3281f9.lnk => C:\Windows\pss\3281f9.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Office^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\Office\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: IQ.Core.UpdateFoundation.Bootstrapper_OnLogon => "C:\Program Files (x86)\iQmetrix\IQ.Core.UpdateFoundation.Bootstrapper.exe" /onlogon
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NA1Messenger => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sprint SmartView => "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{62A33959-FFDA-483C-8572-D2DA5FA389B5}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{551D999E-BCFD-4CA5-98E2-4E6F4E819CEF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{2BB66AB2-8E2C-4EFF-B87E-5919B7CE3CD1}] => (Allow) C:\Program Files (x86)\AIM7\aim.exe
FirewallRules: [{BCD0CC6D-0E54-4760-995A-1E7A095E606A}] => (Allow) C:\Program Files (x86)\AIM7\aim.exe
FirewallRules: [TCP Query User{50E9FF74-9EAE-486A-A6B0-DB301E78D504}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{D3468079-F548-455C-9002-D1E8D945E803}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{854E40B8-D9AD-4907-BA46-36F90E86DB16}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B55D06F4-24E1-4680-A3AA-B3CE6949DEC1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{CB96C5B8-513C-4E58-9F67-E432DB736F0B}C:\program files\starcraft\starcraft.exe] => (Allow) C:\program files\starcraft\starcraft.exe
FirewallRules: [UDP Query User{F8543476-6100-4063-B6DE-AF455168D0F4}C:\program files\starcraft\starcraft.exe] => (Allow) C:\program files\starcraft\starcraft.exe
FirewallRules: [TCP Query User{511636EA-B837-4859-AD32-7FFDB0659216}C:\program files (x86)\aim7\aim.exe] => (Allow) C:\program files (x86)\aim7\aim.exe
FirewallRules: [UDP Query User{4ACAE3EC-2D04-4DE3-A906-2F76447A1F40}C:\program files (x86)\aim7\aim.exe] => (Allow) C:\program files (x86)\aim7\aim.exe
FirewallRules: [{5AE40918-4A60-42F9-9E8E-AF7EA64E75CE}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{885624C5-93CF-4257-85B8-6CA12379BB1F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{9094DB1D-BEF5-4E3B-990F-5C900EC59F71}] => (Allow) C:\Program Files (x86)\Pando Networks\Pando\Pando.exe
FirewallRules: [{E4638AEB-0C9F-4BEF-A14F-DC5FAB1B2DC7}] => (Allow) C:\Program Files (x86)\Pando Networks\Pando\Pando.exe
FirewallRules: [{82A495D2-3835-4936-AD05-F71461393DF7}] => (Allow) C:\Program Files (x86)\Pando Networks\Pando\Pando.exe
FirewallRules: [{49F84DAB-D1D8-4C33-8134-5035B1CA533E}] => (Allow) LPort=4481
FirewallRules: [{D8F882DB-7B6F-4B94-8CAF-058A290FB96B}] => (Allow) LPort=4481
FirewallRules: [{99497C38-E1F4-4988-87FC-3DBEDAE11A12}] => (Allow) LPort=4482
FirewallRules: [{80433359-D752-4D8C-9810-3C8A966164C3}] => (Allow) LPort=4482
FirewallRules: [{A0847FDC-88D0-4152-8473-FD0657F5F310}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1261BAE-187E-4C08-9912-B34E683035DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3FAA14F5-DD02-4AEF-89CE-88885B43E04E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0F2C531-568A-490C-A150-0C101787DF95}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DE45236-0090-411C-A588-FA48165ED764}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{13761845-D257-4B8F-8099-F1B830D4AB7E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D8BF9020-4763-4B7B-AC04-F6D0F4C481D1}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{AC9A4C94-F1FF-404D-ACF0-F9DF44067111}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F83278CB-0150-40B6-AC2B-745D82C6C53A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DC6CAEC-DEF4-41C2-A1DF-7EA66B842656}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{65BB6E66-5610-4699-AEF9-1F1D7FBFC741}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B552B063-355C-45BB-B16F-F21E24C5C656}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6E13249E-24D1-45E0-8662-844413871DA9}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{1776F491-9424-4254-8AC4-7EABCB4D4BA9}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{7EF9EAC5-9606-453D-ABA2-BF727080ACE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EA35F82A-D43C-40AF-80A0-CD05BE89D07C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0C00C493-8250-4820-A5DF-F79B9B10081A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5D2CFB29-4909-4632-B630-F51B93487732}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF67D48A-DBE1-4BC0-B12F-E8272623187F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A95C843E-C1E5-45F5-BCBA-2D4493E17BFB}] => (Allow) C:\Users\Office\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{8C1E4D9D-5262-4D22-B5D9-A15A7C0FC2CB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{58D56577-7922-458E-BA0F-8648C2B5919C}] => (Allow) LPort=2869
FirewallRules: [{C82BF7B1-C0F3-4C71-87DB-760ECB6C4FBC}] => (Allow) LPort=1900
FirewallRules: [{C140F47A-22A8-4F8E-BD84-07CCAB7E1251}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FD061CE9-9818-4C67-BEDC-D5EE2C9E50D0}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{91ACF148-8D1D-4127-B33B-CEAA7CCDBE20}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{24B4E1BA-0819-427B-9084-6C683843E323}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{C736E31C-31B9-423E-8A4E-8C94EBAFE0EB}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{421CF2AF-3265-4BBD-8FFC-94949FBF376B}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{336D56F5-BE07-4735-AFC1-558F47A4A718}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{1ADB23CF-F747-4742-8BF5-B702A5EFB7C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{626E7A47-1EC5-4D46-9EBD-698F1A542DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51A9E2E9-A848-40CF-8FE0-E09EC3F40D55}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{14641821-AC2B-44FE-9329-AD138032DB31}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5C34E5B6-4BED-4114-9D35-D200BCB53502}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2016 06:02:15 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{b9e9878a-0ed4-11e0-990a-806e6f6e6963} - 0000000000000160,0x0053c008,000000000055D4F0,0,000000000055E500,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (05/25/2016 05:51:58 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (05/25/2016 05:51:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (05/23/2016 01:40:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 46.0.1.5966, time stamp: 0x572818c9
Faulting module name: mozglue.dll, version: 46.0.1.5966, time stamp: 0x572808c3
Exception code: 0x80000003
Fault offset: 0x0000efdc
Faulting process id: 0x10f8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/23/2016 01:40:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 46.0.1.5966, time stamp: 0x572808c7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000091
Fault offset: 0x0053282a
Faulting process id: 0x1ad0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (05/22/2016 02:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ROSS.exe, version: 5.12.5909.42733, time stamp: 0x56dd072a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x1864
Faulting application start time: 0xROSS.exe0
Faulting application path: ROSS.exe1
Faulting module path: ROSS.exe2
Report Id: ROSS.exe3

Error: (05/22/2016 02:36:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ROSS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at System.Windows.Media.Imaging.BitmapDecoder.SetupDecoderFromUriOrStream(System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCacheOption, System.Guid ByRef, Boolean ByRef, System.IO.Stream ByRef, System.IO.UnmanagedMemoryStream ByRef, Microsoft.Win32.SafeHandles.SafeFileHandle ByRef)
   at System.Windows.Media.Imaging.BitmapDecoder..ctor(System.Uri, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Guid)
   at System.Windows.Media.Imaging.IconBitmapDecoder..ctor(System.Uri, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption)
   at ShellLib.Globals.get_SmallIconImage()
   at NewCovenantSoftware.Ross.Shell.MainWindow.OnMainWindowLoaded(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
   at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
   at MS.Internal.LoadedOrUnloadedOperation.DoWork()
   at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   at System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
   at System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at ROSS.App.Main()

Error: (05/22/2016 02:34:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ROSS.exe, version: 5.12.5909.42733, time stamp: 0x56dd072a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x1ee0
Faulting application start time: 0xROSS.exe0
Faulting application path: ROSS.exe1
Faulting module path: ROSS.exe2
Report Id: ROSS.exe3

Error: (05/22/2016 02:34:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ROSS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
   at System.Windows.Media.Imaging.BitmapDecoder.SetupDecoderFromUriOrStream(System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCacheOption, System.Guid ByRef, Boolean ByRef, System.IO.Stream ByRef, System.IO.UnmanagedMemoryStream ByRef, Microsoft.Win32.SafeHandles.SafeFileHandle ByRef)
   at System.Windows.Media.Imaging.BitmapDecoder..ctor(System.Uri, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Guid)
   at System.Windows.Media.Imaging.IconBitmapDecoder..ctor(System.Uri, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption)
   at ShellLib.Globals.get_SmallIconImage()
   at NewCovenantSoftware.Ross.Shell.MainWindow.OnMainWindowLoaded(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
   at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
   at MS.Internal.LoadedOrUnloadedOperation.DoWork()
   at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   at System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
   at System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at ROSS.App.Main()

Error: (05/22/2016 02:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ROSS.exe, version: 5.12.5909.42733, time stamp: 0x56dd072a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x1e14
Faulting application start time: 0xROSS.exe0
Faulting application path: ROSS.exe1
Faulting module path: ROSS.exe2
Report Id: ROSS.exe3


System errors:
=============
Error: (05/25/2016 12:23:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (05/25/2016 12:23:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update service service failed to start due to the following error:
%%2

Error: (05/25/2016 12:13:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/25/2016 12:13:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/25/2016 12:13:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/25/2016 12:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/25/2016 12:13:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/25/2016 12:13:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/25/2016 12:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/25/2016 12:13:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (UPSWSDBSERVER) service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-08-25 12:50:33.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-25 12:50:33.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 28%
Total physical RAM: 8151.08 MB
Available physical RAM: 5837.25 MB
Total Virtual: 16300.34 MB
Available Virtual: 13862.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:453.65 GB) NTFS
Drive d: (W7SP1_HOMEPREMIUM) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 foolanger

foolanger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 25 May 2016 - 02:36 PM

I think the additional log might be from my first scan?  I'm not sure but the time stamps don't match and that is the only additional log file I see. 

 

I just did another Malwarebytes scan and this time it found 2 threats:

 

Rootkit.Fileless.MTGen / Maware / Registry Key / HKU\S-1-5-21-3424708358-251783902-2140248591-1000_Classes\2926E9\SHELL\OPEN\COMMAND

Rootkit.Fileless.MTGen / Maware / Registry Value/ HKU\S-1-5-21-3424708358-251783902-2140248591-1000_Classes\2926E9\SHELL\OPEN\COMMAND|



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 26 May 2016 - 06:53 AM

Remove this program via the Control Panel > Programs > Programs and Features applet.
Popcorn Time (HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\Popcorn Time) (Version: - Popcorn Official) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time) <==== ATTENTION
Popcorn Time (HKU\S-1-5-21-3424708358-251783902-2140248591-1000\...\Popcorn Time) (Version:  - Popcorn Official) <==== ATTENTION
Shortcut: C:\Users\Office\AppData\Local\7c4f78\512037.lnk -> C:\Users\Office\AppData\Local\7c4f78\f4f5c4.bat ()
FirewallRules: [{FD061CE9-9818-4C67-BEDC-D5EE2C9E50D0}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{91ACF148-8D1D-4127-B33B-CEAA7CCDBE20}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{24B4E1BA-0819-427B-9084-6C683843E323}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{C736E31C-31B9-423E-8A4E-8C94EBAFE0EB}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{421CF2AF-3265-4BBD-8FFC-94949FBF376B}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{336D56F5-BE07-4735-AFC1-558F47A4A718}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
C:\Users\Office\AppData\Local\7c4f78

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know of any remaining issues with this computer.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 01 June 2016 - 09:04 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users