Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Playbar redirect virus from play-bar.net in both Chrome and Firefox


  • This topic is locked This topic is locked
10 replies to this topic

#1 wacomaco2

wacomaco2

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 26 August 2016 - 08:55 PM

Good Samaritans;
 
I downloaded free pdf and an explosion of malware hit my system.  I immediately went to task manager and killed what I could but was too slow.  I ran several programs and cleaners from BC, malwarebytes, etc and manually got rid of lots of problems but I still have this pesky redirect and can't seem to get rid of it.  I need some help please!  Search loads play-bar.net and sends my fequest to bing which gives me a page full of what I assume are bogus sites.  When I search for Bleeping computer, I get the site, and when I click on login, malwarebytes blocks a site.  I go back to the Bleeping site and try again and this time, I can login.  Ran FRST and files are attached.
 
Attached File  FRST.txt   91.78KB   9 downloadsAttached File  Addition.txt   36.63KB   1 downloads
 
I Know these are a problem:
 
2009-07-13 21:34 - 2016-08-25 12:49 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
Had problems installing new external drive so backup is still on main machine internal drive but will have it working by the time I get a response so I can have a good recovery image.
 
Sincerely,
wacomaco2
Old and confused from the operator assisted phone generation but doing my best to take advantage of new possibilities in the age of software..
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Dell T7500 (administrator) on DELLT7500-PC (26-08-2016 19:15:08)
Running from C:\Users\Dell T7500\Downloads
Loaded Profiles: Dell T7500 (Available Profiles: Dell T7500)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\lxeccoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Mixesoft Project) C:\Users\Dell T7500\AppData\Local\Mixesoft\AppNHost\appnhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\groove.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Paragon Software ) C:\Users\Dell T7500\Downloads\HFS4WIN.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2015-10-13] ()
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [7241200 2016-07-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3353600 2014-01-10] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-07-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-15] (Piriform Ltd)
HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\Run: [appnhost] => C:\Users\Dell T7500\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\Run: [GoogleChromeAutoLaunch_04A13715CC4DF828F99108AF460BAEB7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-06-28] (Seagate Technology LLC)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
Startup: C:\Users\Dell T7500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-08-25]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
Startup: C:\Users\Dell T7500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-699450693-438542302-1185398494-1000] => hxxp://nonblock.net/wpad.dat?3cd0cfde7b5aec0fe6e65b14cd91726a15093653
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{A9BFD209-3EF0-400C-AD1B-885234CCA9A2}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{E38CACC5-A004-4047-8B0D-40E545A6391A}: [NameServer] 188.120.239.115,8.8.8.8
Tcpip\..\Interfaces\{E38CACC5-A004-4047-8B0D-40E545A6391A}: [DhcpNameServer] 209.18.47.62 209.18.47.61
ManualProxies: 0hxxp://nonblock.net/wpad.dat?3cd0cfde7b5aec0fe6e65b14cd91726a15093653

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-699450693-438542302-1185398494-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-08-07] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-07] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dell T7500\AppData\Roaming\Mozilla\Firefox\Profiles\pf5j3mdo.default-1472154091974
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-27] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-07-18] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-27] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-07-18] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-699450693-438542302-1185398494-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dell T7500\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-15] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-07-27]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Profile 1 -> "hxxps://smlogin.aa.com/login/SMLogin.jsp?TYPE=33554433&REALMOID=06-3cb70422-de55-001c-0000-4b5700004b57&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$NpBsRicQN9xCBnRZ5BlQMcipSzHGumlf24U3gA1Zcm%2bNvnk%2bMvcgrKX3KsCQ3enu&TARGET=$SM$https%3a%2f%2fwww%2ejetnet%2eaa%2ecom%2fjetnet%2f","hxxp://www.tccd.edu/"
CHR Profile: C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31]
CHR Extension: (Google Docs) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-07-28]
CHR Extension: (Google Sheets) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (AdBlock) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-25]
CHR Extension: (Google Drawings) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-19]
CHR Extension: (Adblock Pro) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-06-19]
CHR Extension: (Gmail) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]
CHR Profile: C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-12]
CHR Extension: (Google Docs) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-12]
CHR Extension: (Google Drive) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-12]
CHR Extension: (YouTube) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-12]
CHR Extension: (Discuto) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dabachekehimjepapdgiafnmogeekhcf [2016-06-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-07-28]
CHR Extension: (Black Menu for Google™) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2016-08-26]
CHR Extension: (Gmail Offline) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-06-12]
CHR Extension: (Google Sheets) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-12]
CHR Extension: (Google Docs Offline) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-19]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-08-26]
CHR Extension: (Pinterest Save Button) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-08-26]
CHR Extension: (Google Forms) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2016-06-12]
CHR Extension: (Google Voice (by Google)) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-06-12]
CHR Extension: (Google Maps) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-06-12]
CHR Extension: (Google Hangouts - Chrome Web Store) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlnbljpomghggiicmnjkfekfdbdofhna [2016-08-08]
CHR Extension: (Google Hangouts) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-12]
CHR Extension: (Gmail) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-12]
CHR Extension: (DriveConverter) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnijkabgdodbjffhlmbnhlccpkfappil [2016-06-12]
CHR Profile: C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-10]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-08-12]
CHR Extension: (Google Docs) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-10]
CHR Extension: (Google Drive) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-10]
CHR Extension: (YouTube) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-10]
CHR Extension: (Mendeley Importer) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2016-08-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-08-10]
CHR Extension: (Google Sheets) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-10]
CHR Extension: (Google Docs Offline) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-13]
CHR Extension: (Bookmark Manager) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-08-10]
CHR Extension: (Google Voice (by Google)) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-08-10]
CHR Extension: (Google Scholar Button) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2016-08-10]
CHR Extension: (RealFaviconGenerator) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgglmielnoidlplebjboeheijjpajcdk [2016-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-10]
CHR Extension: (Gmail) - C:\Users\Dell T7500\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9331168 2016-07-26] (Emsisoft Ltd)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [741568 2016-07-18] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2692272 2015-10-13] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [115832 2016-07-21] (Emsisoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 5F9389D9A2D5A2A7B03DC92914B43A88
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys 57CF39F0754E8AFE8A7D4470B8C87D3B
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys 5212E0957468D3F94D90FA7A0F06B58F
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys F25A2EBFEB9814C048DAC62D0CB8C83B
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys CFBA6BCBBDC7E33813D92FFB3460FA07
C:\Windows\System32\Drivers\ksecpkg.sys CE66825289EE8326CB52C4E9E785ACB0
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\System32\DRIVERS\MpFilter.sys DA0FAEE45D6F03D7647851A20977A7D0
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys B7FADA5E1E55BB63F90EB9F8F016113B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 34AFF1849B3EC042C40C5EEC9D78562A
C:\Windows\System32\DRIVERS\mrxsmb20.sys 058CE7A55E140EB0C72FBA6FD2FA72DE
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6D79C8CB73187FBEAAD1F680FADF98D3
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys AB443152695F1B606EFD3E3728D5F362
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys F2F4B895296EE3ECCE781CC2A296A5D1
C:\Windows\System32\DRIVERS\srv2.sys FD0008BEDD2723170CCA7D61837DFD52
C:\Windows\System32\DRIVERS\srvnet.sys 63B5845D9379262083655D5C6AB8DFC5
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-26 19:15 - 2016-08-26 19:15 - 00045439 _____ C:\Users\Dell T7500\Downloads\FRST.txt
2016-08-26 19:13 - 2016-08-26 19:15 - 00000000 ____D C:\FRST
2016-08-26 19:13 - 2016-08-26 19:13 - 02396160 _____ (Farbar) C:\Users\Dell T7500\Downloads\FRST64.exe
2016-08-26 19:00 - 2016-08-26 19:00 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-08-26 19:00 - 2016-08-26 19:00 - 00001147 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-08-26 18:04 - 2016-08-26 18:04 - 00680979 _____ C:\Users\Dell T7500\Documents\How to Use the Windows Device Manager for Troubleshooting.pdf
2016-08-26 17:29 - 2014-11-14 19:21 - 00050896 _____ (Paragon Software Group) C:\Windows\system32\Drivers\apmwin.sys
2016-08-26 15:12 - 2016-08-26 15:12 - 13445408 _____ (Paragon Software ) C:\Users\Dell T7500\Downloads\HFS4WIN.exe
2016-08-26 15:11 - 2016-08-26 15:11 - 00229206 _____ C:\Users\Dell T7500\Downloads\seagate-dashboard-en_US.pdf
2016-08-26 15:00 - 2016-08-26 15:00 - 00000000 ____D C:\Users\Dell T7500\My Online Documents
2016-08-26 14:59 - 2016-08-26 14:59 - 00003540 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2016-08-26 14:59 - 2016-08-26 14:59 - 00003528 _____ C:\Windows\System32\Tasks\Dell T7500 DBAgent 2 0
2016-08-26 14:59 - 2016-08-26 14:59 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Nero
2016-08-26 14:56 - 2016-08-26 14:56 - 00002115 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2016-08-26 14:56 - 2016-08-26 14:56 - 00000000 ____D C:\ProgramData\Nero
2016-08-26 14:56 - 2016-08-26 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2016-08-26 14:56 - 2016-08-26 14:56 - 00000000 ____D C:\Program Files (x86)\Seagate
2016-08-26 14:55 - 2016-08-26 14:55 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Seagate
2016-08-26 14:53 - 2016-08-26 14:53 - 147628976 _____ (Seagate) C:\Users\Dell T7500\Downloads\Seagate_Dashboard_Installer.exe
2016-08-26 13:15 - 2016-08-26 13:15 - 02943992 _____ (Google) C:\Users\Dell T7500\Downloads\chrome_cleanup_tool.exe
2016-08-26 12:45 - 2016-08-26 12:46 - 00053705 _____ C:\Users\Dell T7500\Downloads\Microsoft Support.html
2016-08-26 12:45 - 2016-08-26 12:46 - 00000000 ____D C:\Users\Dell T7500\Downloads\Microsoft Support_files
2016-08-25 18:45 - 2016-08-25 18:45 - 248187304 _____ C:\Users\Dell T7500\Downloads\EmsisoftEmergencyKit.exe
2016-08-25 18:44 - 2016-08-25 18:44 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.3.lnk
2016-08-25 18:41 - 2016-08-25 18:41 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.5.lnk
2016-08-25 18:28 - 2016-08-25 18:28 - 00047992 _____ C:\Users\Dell T7500\Documents\malwarebytes initial scan.txt
2016-08-25 18:13 - 2016-08-25 18:13 - 00000000 ____D C:\ProgramData\Emsisoft
2016-08-25 18:09 - 2016-08-25 18:34 - 00000944 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-08-25 18:09 - 2016-08-25 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-08-25 18:08 - 2016-08-26 18:32 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-08-25 18:04 - 2016-08-25 18:05 - 277330496 _____ (Emsisoft Ltd. ) C:\Users\Dell T7500\Downloads\EmsisoftAntiMalwareSetup.exe
2016-08-25 18:00 - 2016-08-26 18:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-25 18:00 - 2016-08-25 18:34 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-25 18:00 - 2016-08-25 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-25 17:59 - 2016-08-25 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-25 17:59 - 2016-08-25 17:59 - 22851472 _____ (Malwarebytes ) C:\Users\Dell T7500\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-25 17:59 - 2016-08-25 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-25 17:59 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-25 17:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-25 17:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-25 16:34 - 2016-08-25 18:34 - 00001082 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-08-25 16:34 - 2016-08-25 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-25 16:34 - 2016-08-25 16:34 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-25 16:33 - 2016-08-25 16:33 - 07093624 _____ (VS Revo Group ) C:\Users\Dell T7500\Downloads\revosetup.exe
2016-08-25 16:25 - 2016-08-25 16:25 - 00003608 _____ C:\Windows\System32\Tasks\{C9D24AD5-3F54-4AC5-BDC5-8EA34B176585}
2016-08-25 15:51 - 2016-08-25 16:00 - 00000000 ____D C:\AdwCleaner
2016-08-25 15:50 - 2016-08-25 15:50 - 00003042 _____ C:\Users\Dell T7500\Desktop\Rkill.txt
2016-08-25 14:41 - 2016-08-25 14:41 - 00000000 ____D C:\Users\Dell T7500\Desktop\Old Firefox Data
2016-08-25 13:21 - 2016-08-25 16:27 - 00000000 ____D C:\Windows\system32\SSL
2016-08-25 13:21 - 2016-08-25 13:21 - 00031411 _____ C:\Windows\ea8564092726cb11deea247f6ff6d96f.ps1
2016-08-25 13:21 - 2016-08-25 13:21 - 00003598 _____ C:\Windows\System32\Tasks\ea8564092726cb11deea247f6ff6d96f
2016-08-25 12:54 - 2016-08-25 18:34 - 00001232 _____ C:\Users\Dell T7500\Desktop\Google Chrome.lnk
2016-08-25 12:53 - 2016-08-25 13:14 - 00000000 ____D C:\Program Files (x86)\EZSearch
2016-08-25 12:51 - 2016-08-25 12:49 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-08-25 12:45 - 2016-08-25 12:45 - 07118336 _____ C:\Users\Dell T7500\AppData\Roaming\agent.dat
2016-08-25 12:45 - 2016-08-25 12:45 - 00018432 _____ C:\Users\Dell T7500\AppData\Roaming\Main.dat
2016-08-25 12:44 - 2016-08-25 12:44 - 00138240 _____ C:\Users\Dell T7500\AppData\Roaming\Installer.dat
2016-08-24 16:12 - 2016-08-24 16:12 - 00287105 _____ C:\Users\Dell T7500\Documents\Neoliberalism – the ideology at the root of all our problems Books The Guardi.pdf
2016-08-23 18:23 - 2016-08-25 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-23 13:38 - 2016-08-23 13:38 - 00142515 _____ C:\Windows\1519471269773700f7637e6437a185b9.exe
2016-08-23 11:58 - 2016-08-23 11:58 - 00216576 _____ C:\Users\Dell T7500\Downloads\List2.xls
2016-08-23 11:05 - 2016-08-23 11:05 - 02899501 _____ C:\Users\Dell T7500\Documents\low performng students.pdf
2016-08-23 10:29 - 2016-08-23 10:29 - 00630274 _____ C:\Users\Dell T7500\Documents\EDF Financial Services in the Digital Age.pdf
2016-08-23 10:22 - 2016-08-23 10:22 - 00444443 _____ C:\Users\Dell T7500\Documents\EUROPEAN_DIGITAL_FORUM Financial Services Digital Identity.pdf
2016-08-23 10:20 - 2016-08-23 10:20 - 00526816 _____ C:\Users\Dell T7500\Documents\EUROPEAN DIGITAL FORUM Government of the Future.pdf
2016-08-22 14:06 - 2016-08-22 14:06 - 00379984 _____ C:\Users\Dell T7500\Downloads\Distributing the Future - Policy Network.pdf
2016-08-22 13:46 - 2016-08-22 14:02 - 00000000 ____D C:\Users\Dell T7500\Documents\teaching materials
2016-08-22 12:52 - 2016-08-22 12:52 - 00076737 _____ C:\Users\Dell T7500\Downloads\essay_evaluation_rubric.pdf
2016-08-22 12:47 - 2016-08-22 12:47 - 02896587 _____ C:\Users\Dell T7500\Downloads\Employee Wellness Buyer's Guide.pdf
2016-08-22 12:46 - 2016-08-22 12:46 - 01002656 _____ C:\Users\Dell T7500\Downloads\technologyadvice-sales-competition-platforms-guide-3l9.pdf
2016-08-22 12:46 - 2016-08-22 12:46 - 01002656 _____ C:\Users\Dell T7500\Downloads\technologyadvice-sales-competition-platforms-guide-3l9 (1).pdf
2016-08-22 12:44 - 2016-08-22 12:44 - 01002656 _____ C:\Users\Dell T7500\Downloads\Sales Competition Platforms Guide.pdf
2016-08-22 12:43 - 2016-08-22 12:43 - 01069625 _____ C:\Users\Dell T7500\Downloads\Customer Loyalty Trends Study.pdf
2016-08-22 12:41 - 2016-08-22 12:41 - 00680388 _____ C:\Users\Dell T7500\Downloads\Gamified Employee Training Guide.pdf
2016-08-21 13:23 - 2016-08-21 13:23 - 136672141 _____ C:\Users\Dell T7500\Downloads\DanBuettner_2009X-480p-en.mp4
2016-08-21 09:07 - 2016-08-21 09:07 - 00018409 _____ C:\Users\Dell T7500\Documents\Amazon.com - Order 115-6545567-8127457.pdf
2016-08-21 01:23 - 2016-08-21 01:23 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-08-20 23:27 - 2016-08-20 23:27 - 00126858 _____ C:\Users\Dell T7500\Documents\table_Page_4.pdf
2016-08-20 23:07 - 2016-08-20 23:16 - 00317112 _____ C:\Users\Dell T7500\Documents\table.pdf
2016-08-20 16:50 - 2016-08-20 16:51 - 00000000 ____D C:\Users\Dell T7500\Downloads\sex_life_gods_1208_librivox
2016-08-20 16:44 - 2016-08-20 16:44 - 21882227 _____ C:\Users\Dell T7500\Downloads\erotica_romana_1207_librivox.zip
2016-08-20 16:43 - 2016-08-20 16:44 - 115765065 _____ C:\Users\Dell T7500\Downloads\katepercival_1012_librivox.zip
2016-08-20 16:42 - 2016-08-20 16:42 - 104504078 _____ C:\Users\Dell T7500\Downloads\sex_life_gods_1208_librivox.zip
2016-08-20 16:01 - 2016-08-20 16:03 - 318911377 _____ C:\Users\Dell T7500\Downloads\two_treatises_0902_librivox_64kb_mp3.zip
2016-08-20 15:10 - 2016-08-20 15:12 - 367008839 _____ C:\Users\Dell T7500\Downloads\theoryofmoralsentiments_0910_librivox_64kb_mp3.zip
2016-08-19 12:43 - 2016-08-19 12:41 - 00345515 _____ C:\Users\Dell T7500\Documents\The Relationship between Social Media and Empathy.pdf
2016-08-19 00:58 - 2016-08-19 00:58 - 81803913 _____ C:\Users\Dell T7500\Downloads\AS15_Ham_feath_drop3.mov
2016-08-17 23:10 - 2016-08-17 23:10 - 00357308 _____ C:\Users\Dell T7500\Downloads\THECBOrgChart-all7-20-16.pdf
2016-08-17 23:10 - 2016-08-17 23:10 - 00357308 _____ C:\Users\Dell T7500\Downloads\THECBOrgChart-all7-20-16 (2).pdf
2016-08-17 23:10 - 2016-08-17 23:10 - 00357308 _____ C:\Users\Dell T7500\Downloads\THECBOrgChart-all7-20-16 (1).pdf
2016-08-17 19:24 - 2016-08-17 19:24 - 00250356 _____ C:\Users\Dell T7500\Documents\3566.pdf
2016-08-17 11:39 - 2016-08-17 11:39 - 00158282 _____ C:\Users\Dell T7500\Downloads\douglas engelbart (1).pdf
2016-08-17 11:38 - 2016-08-17 11:38 - 00158282 _____ C:\Users\Dell T7500\Downloads\douglas engelbart.pdf
2016-08-17 06:53 - 2016-07-08 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 06:53 - 2016-07-08 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-16 12:20 - 2016-08-16 12:20 - 03030680 _____ (Coupons.com Incorporated) C:\Users\Dell T7500\Documents\couponprinter.exe
2016-08-16 07:52 - 2016-08-16 08:26 - 00000000 ____D C:\Users\Dell T7500\.freemind
2016-08-15 11:02 - 2016-08-15 11:02 - 00000151 _____ C:\Users\Dell T7500\.gitconfig
2016-08-15 10:59 - 2016-08-26 18:53 - 00000592 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-699450693-438542302-1185398494-1000.job
2016-08-15 10:59 - 2016-08-26 17:34 - 00000688 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-699450693-438542302-1185398494-1000.job
2016-08-15 10:59 - 2016-08-16 17:47 - 00003732 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-699450693-438542302-1185398494-1000
2016-08-15 10:59 - 2016-08-16 17:47 - 00003636 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-699450693-438542302-1185398494-1000
2016-08-15 10:47 - 2016-08-15 10:48 - 37675279 _____ ( ) C:\Users\Dell T7500\Downloads\FreeMind-Windows-Installer-1.0.1-max.exe
2016-08-14 15:03 - 2016-08-14 15:03 - 01046364 _____ C:\Users\Dell T7500\Documents\845Cereb. Cortex-2008-Danker-2674-85.pdf
2016-08-14 08:03 - 2016-08-14 08:03 - 02012160 _____ C:\Users\Dell T7500\Downloads\Getting-Started-With-Mendeley-Guide-CODE-Prototype.pdf
2016-08-14 07:46 - 2016-08-14 07:46 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Mendeley Ltd
2016-08-13 20:11 - 2016-08-25 18:34 - 00000728 _____ C:\Users\Public\Desktop\Mendeley Desktop.lnk
2016-08-13 20:11 - 2016-08-13 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop
2016-08-13 20:04 - 2016-08-13 20:04 - 21728144 _____ C:\Users\Dell T7500\Downloads\Mendeley-Desktop-1.16.1-win32.exe
2016-08-13 12:15 - 2016-08-13 12:25 - 00000000 ____D C:\Users\Dell T7500\Documents\EDU N GIS
2016-08-13 11:12 - 2016-08-13 13:18 - 322076672 _____ C:\Users\Dell T7500\Downloads\-Getintopc.com-ArcGIS_Desktop_10.1.iso
2016-08-12 22:32 - 2016-08-12 22:32 - 00282624 _____ C:\Users\Dell T7500\Downloads\appnhost.msi
2016-08-12 22:32 - 2016-08-12 22:32 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Mixesoft
2016-08-12 19:55 - 2016-08-12 19:55 - 00064969 _____ C:\Users\Dell T7500\Documents\introduction.pdf
2016-08-11 07:54 - 2016-08-11 07:56 - 00278163 _____ C:\Users\Dell T7500\Documents\My Usage History Green Mountain Energy.pdf
2016-08-10 13:28 - 2016-08-25 18:34 - 00002355 _____ C:\Users\Dell T7500\Desktop\WM - Chrome.lnk
2016-08-09 23:16 - 2016-08-25 18:34 - 00002268 _____ C:\Users\Dell T7500\Desktop\Kindle.lnk
2016-08-09 23:16 - 2016-08-19 14:43 - 00000000 ____D C:\Users\Dell T7500\Documents\My Kindle Content
2016-08-09 23:16 - 2016-08-09 23:16 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-08-09 23:16 - 2016-08-09 23:16 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Amazon
2016-08-09 23:10 - 2016-08-09 23:10 - 65292192 _____ (Amazon.com) C:\Users\Dell T7500\Downloads\Kindle_for_PC_Download.exe
2016-08-09 15:27 - 2016-08-02 09:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-09 15:27 - 2016-08-02 09:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-09 15:27 - 2016-08-02 01:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-09 15:27 - 2016-08-02 01:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-09 15:27 - 2016-08-02 01:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-09 15:27 - 2016-08-02 01:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-09 15:27 - 2016-08-02 01:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-09 15:27 - 2016-08-02 01:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-09 15:27 - 2016-08-02 01:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-09 15:27 - 2016-08-02 01:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-09 15:27 - 2016-08-02 01:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-09 15:27 - 2016-08-02 01:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-09 15:27 - 2016-08-02 01:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-09 15:27 - 2016-08-02 01:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-09 15:27 - 2016-08-02 01:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-09 15:27 - 2016-08-02 01:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-09 15:27 - 2016-08-02 01:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-09 15:27 - 2016-08-02 01:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-09 15:27 - 2016-08-02 01:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-09 15:27 - 2016-08-02 01:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-09 15:27 - 2016-08-02 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-09 15:27 - 2016-08-02 01:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-09 15:27 - 2016-08-02 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-09 15:27 - 2016-08-02 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-09 15:27 - 2016-08-02 00:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-09 15:27 - 2016-08-02 00:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-09 15:27 - 2016-08-02 00:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-09 15:27 - 2016-08-02 00:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-09 15:27 - 2016-08-02 00:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-09 15:27 - 2016-08-02 00:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-09 15:27 - 2016-08-02 00:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-09 15:27 - 2016-08-02 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-09 15:27 - 2016-08-02 00:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-09 15:27 - 2016-08-02 00:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-09 15:27 - 2016-08-02 00:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-09 15:27 - 2016-08-02 00:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-09 15:27 - 2016-08-02 00:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-09 15:27 - 2016-08-02 00:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-09 15:27 - 2016-08-02 00:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-09 15:27 - 2016-08-02 00:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-09 15:27 - 2016-08-02 00:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-09 15:27 - 2016-08-02 00:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-09 15:27 - 2016-08-02 00:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-09 15:27 - 2016-08-02 00:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-09 15:27 - 2016-08-02 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-09 15:27 - 2016-08-02 00:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-09 15:27 - 2016-08-02 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-09 15:27 - 2016-08-02 00:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-09 15:27 - 2016-08-02 00:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-09 15:27 - 2016-08-02 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-09 15:27 - 2016-08-02 00:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-09 15:27 - 2016-08-02 00:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-09 15:27 - 2016-08-02 00:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-09 15:27 - 2016-08-02 00:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-09 15:27 - 2016-08-02 00:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-09 15:27 - 2016-08-02 00:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-09 15:27 - 2016-08-02 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-09 15:27 - 2016-08-02 00:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-09 15:27 - 2016-08-02 00:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-09 15:27 - 2016-08-02 00:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-09 15:27 - 2016-08-02 00:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-09 15:27 - 2016-08-02 00:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-09 15:27 - 2016-08-01 23:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-09 15:27 - 2016-08-01 23:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-09 15:27 - 2016-08-01 23:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-09 15:27 - 2016-08-01 23:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-09 15:27 - 2016-07-08 10:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-09 15:27 - 2016-07-08 10:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-09 15:27 - 2016-07-08 10:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-09 15:27 - 2016-07-08 10:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-09 15:27 - 2016-07-08 10:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-09 15:27 - 2016-07-08 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-09 15:27 - 2016-07-08 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-09 15:27 - 2016-07-08 10:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-09 15:27 - 2016-07-08 10:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-09 15:27 - 2016-07-08 09:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-09 15:27 - 2016-07-08 09:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-09 15:27 - 2016-07-08 09:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-09 15:27 - 2016-07-08 09:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-09 15:27 - 2016-07-08 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-09 15:27 - 2016-07-08 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-08 16:42 - 2016-08-08 16:42 - 00145228 _____ C:\Users\Dell T7500\Documents\Walmart Hotspot UMX WebServer.pdf
2016-08-08 16:25 - 2016-08-25 18:34 - 00002530 _____ C:\Users\Dell T7500\Desktop\Google Hangouts - Chrome Web Store.lnk
2016-08-08 16:25 - 2016-08-08 16:25 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-08-07 22:26 - 2016-08-19 14:58 - 00000000 ____D C:\Users\Dell T7500\Documents\OneNote Notebooks
2016-08-07 15:51 - 2016-08-07 15:51 - 00465973 _____ C:\Users\Dell T7500\Documents\S1-CH 21-Breaking Smart.pdf
2016-08-07 15:36 - 2016-08-07 15:36 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\SolidDocuments
2016-08-07 15:33 - 2016-08-07 15:49 - 00073032 _____ C:\Users\Dell T7500\Documents\Markdown Cheat Sheet - A Simple Visual Guide.pdf
2016-08-07 12:23 - 2016-08-07 12:23 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-08-07 12:23 - 2016-08-07 12:23 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Sun
2016-08-07 12:23 - 2016-08-07 12:23 - 00000000 ____D C:\Users\Dell T7500\AppData\LocalLow\Sun
2016-08-07 12:23 - 2016-08-07 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-07 12:22 - 2016-08-07 12:22 - 00000000 ____D C:\ProgramData\Oracle
2016-08-07 12:22 - 2016-08-07 12:22 - 00000000 ____D C:\Program Files\Java
2016-08-07 12:21 - 2016-08-25 18:35 - 00002368 _____ C:\Users\Dell T7500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IOTA Wallet.lnk
2016-08-07 12:21 - 2016-08-25 18:34 - 00002362 _____ C:\Users\Dell T7500\Desktop\IOTA Wallet.lnk
2016-08-07 12:21 - 2016-08-07 18:48 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\IOTA Wallet
2016-08-07 12:21 - 2016-08-07 12:22 - 63109184 _____ (Oracle Corporation) C:\Users\Dell T7500\Downloads\jre-8u102-windows-x64.exe
2016-08-07 11:49 - 2016-08-07 11:49 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\npm
2016-08-07 11:49 - 2016-08-07 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2016-08-07 11:45 - 2016-08-07 11:45 - 10989568 _____ C:\Users\Dell T7500\Downloads\node-v4.4.7-x64.msi
2016-08-06 18:30 - 2016-08-25 18:34 - 00002215 _____ C:\Users\Dell T7500\Desktop\Git Shell.lnk
2016-08-06 18:30 - 2016-08-15 11:05 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\GitHub
2016-08-06 18:30 - 2016-08-15 11:05 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\GitHub
2016-08-06 18:30 - 2016-08-07 12:19 - 00000000 ____D C:\Users\Dell T7500\Documents\GitHub
2016-08-06 18:30 - 2016-08-06 18:30 - 00000308 _____ C:\Users\Dell T7500\Desktop\GitHub.appref-ms
2016-08-06 18:30 - 2016-08-06 18:30 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-08-06 18:30 - 2016-08-06 18:30 - 00000000 ____D C:\Users\Dell T7500\.ssh
2016-08-06 18:28 - 2016-08-06 18:28 - 00679424 _____ () C:\Users\Dell T7500\Documents\GitHubSetup.exe
2016-08-06 00:59 - 2016-08-06 00:59 - 00000000 ____D C:\ProgramData\Beyond Sync_backup
2016-08-06 00:58 - 2016-08-06 00:59 - 00000000 ____D C:\ProgramData\Beyond Sync
2016-08-06 00:56 - 2016-08-06 01:07 - 00000000 ____D C:\Program Files (x86)\Beyond Sync
2016-08-06 00:56 - 2016-08-06 00:56 - 07965129 _____ (Fevosoft ) C:\Users\Dell T7500\Downloads\beyondsync-setup.exe
2016-08-06 00:54 - 2016-08-06 00:54 - 08609651 _____ (Fevosoft ) C:\Users\Dell T7500\Documents\beyondsync-dl.exe
2016-08-03 09:36 - 2016-08-03 09:37 - 00000000 ____D C:\Users\Dell T7500\Documents\RibbonFarm sites
2016-08-03 09:26 - 2016-08-03 09:26 - 00526153 _____ C:\Users\Dell T7500\Downloads\The Allure of Pastoralism.pdf
2016-08-03 02:13 - 2016-08-03 02:13 - 06163782 _____ C:\Users\Dell T7500\Downloads\a-o-hirschman-exit-voice-and-loyalty.pdf
2016-08-02 20:51 - 2016-08-07 11:33 - 00000000 ____D C:\Users\Dell T7500\Documents\ETHEREUM-Mist
2016-08-02 15:02 - 2016-08-02 19:52 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Mist
2016-08-02 15:02 - 2016-08-02 15:04 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Ethereum
2016-08-02 14:50 - 2016-08-02 14:50 - 00000000 ____D C:\Users\Dell T7500\Documents\p2
2016-08-02 14:50 - 2016-08-02 14:50 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Flash Builder
2016-08-02 14:10 - 2016-08-02 14:10 - 04186784 _____ C:\Users\Dell T7500\Documents\Cross-border-whitepaper.pdf
2016-08-02 10:39 - 2016-08-02 10:39 - 00368301 _____ C:\Users\Dell T7500\Documents\TrueKey-SecurityWhitePaper-v2.0-EN.pdf
2016-08-01 19:10 - 2016-08-01 19:10 - 00064406 _____ C:\Users\Dell T7500\Downloads\FireShot Screen Capture #009 - 'Preferred List' - waj_tccd_edu_TCC_WebAdvisor3_prefList_jsp_wMenu=S.pdf
2016-08-01 11:25 - 2016-08-01 15:01 - 00158807 _____ C:\Users\Dell T7500\Documents\Preferred List.pdf
2016-08-01 10:23 - 2016-08-01 10:23 - 00326109 _____ C:\Users\Dell T7500\Documents\phone.pdf
2016-07-31 16:44 - 2016-07-31 16:44 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Valassis
2016-07-31 16:44 - 2016-07-31 16:44 - 00000000 ____D C:\Program Files (x86)\Valassis
2016-07-31 16:43 - 2016-07-31 16:43 - 02167752 _____ (Valassis) C:\Users\Dell T7500\Documents\P@H_prod308-BWErlejy.exe
2016-07-29 20:32 - 2016-07-29 20:32 - 03021400 _____ C:\Users\Dell T7500\Documents\Albus Peoples Capitalism Book.pdf
2016-07-29 18:03 - 2016-07-29 18:03 - 00096325 _____ C:\Users\Dell T7500\Downloads\faa-g-8082-3A.pdf
2016-07-29 17:09 - 2016-07-29 17:09 - 00323589 _____ C:\Users\Dell T7500\Downloads\InterviewWithAnA&PT24idfreeze.pdf
2016-07-29 17:03 - 2016-07-29 17:03 - 01801524 _____ C:\Users\Dell T7500\Downloads\TheAircraftMechanicT2idfreeze.pdf
2016-07-29 17:03 - 2016-07-29 17:03 - 01801524 _____ C:\Users\Dell T7500\Downloads\TheAircraftMechanicT2idfreeze (1).pdf
2016-07-29 16:21 - 2016-07-29 16:21 - 00083804 _____ C:\Users\Dell T7500\Documents\Payment Receipt - PayPal.pdf
2016-07-29 16:20 - 2016-07-29 16:20 - 00030667 _____ C:\Users\Dell T7500\Documents\Thanks for your order - PayPal.pdf
2016-07-29 12:37 - 2016-07-29 12:37 - 03104955 _____ C:\Users\Dell T7500\Downloads\powerandmoney.pdf
2016-07-28 21:10 - 2016-08-02 20:59 - 00000000 ____D C:\Users\Dell T7500\Documents\Zach Classes
2016-07-28 11:40 - 2016-07-28 11:40 - 00350345 _____ C:\Users\Dell T7500\Documents\Binder3.pdf
2016-07-28 11:36 - 2016-07-28 11:36 - 00502880 _____ C:\Users\Dell T7500\Documents\Jessica Hamilton change of grade.pdf
2016-07-28 11:02 - 2016-07-28 11:07 - 00145459 _____ C:\Users\Dell T7500\Documents\Print Report jh2– myTCC _ Tarrant County College.pdf
2016-07-27 12:51 - 2016-08-25 18:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-07-27 12:51 - 2016-08-25 18:35 - 00002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-07-27 12:51 - 2016-08-25 18:34 - 00002018 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2016-07-27 12:44 - 2016-07-27 12:44 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Tempzxpsignd11feda82ba8f550
2016-07-27 12:44 - 2016-07-27 12:44 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Tempzxpsign69eaa00f041b7fbc
2016-07-27 12:42 - 2016-07-27 12:42 - 00002790 _____ C:\Users\Dell T7500\Downloads\support_chat_transcript_514244e9423f49f6858c4a7212eac775.txt
2016-07-27 12:40 - 2016-08-25 18:41 - 00000000 ____D C:\Users\Dell T7500\Documents\Adobe
2016-07-27 12:19 - 2016-08-25 18:35 - 00000000 ___RD C:\Users\Dell T7500\Creative Cloud Files
2016-07-27 11:41 - 2016-07-27 11:50 - 00000000 ____D C:\Windows\system32\appmgmt
2016-07-27 11:39 - 2016-07-27 11:39 - 00003188 _____ C:\Windows\System32\Tasks\{15ABE935-80AD-40B8-A899-01F9D6F37B74}
2016-07-27 10:17 - 2016-08-25 18:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-07-27 10:17 - 2016-07-27 12:16 - 00000000 ___RD C:\Users\Dell T7500\Creative Cloud Files (archived) (1)
2016-07-27 10:15 - 2016-07-27 10:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-27 10:02 - 2016-07-27 10:02 - 00162234 _____ C:\Users\Dell T7500\Documents\Order Details _ Tarrant County College _ Academic Software Discounts.pdf
2016-07-27 09:48 - 2016-07-27 09:48 - 00056861 _____ C:\Users\Dell T7500\Documents\Education _ Adobe Creative Cloud.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-26 19:10 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-26 19:10 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-26 19:06 - 2009-07-13 22:20 - 00000000 ____D C:\PerfLogs
2016-08-26 19:00 - 2016-01-31 22:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-26 19:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-08-26 18:21 - 2016-01-31 21:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-26 15:37 - 2016-03-21 00:15 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\ElevatedDiagnostics
2016-08-26 15:21 - 2016-01-31 21:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-26 15:00 - 2016-01-16 19:54 - 00000000 ____D C:\Users\Dell T7500
2016-08-26 14:48 - 2009-07-14 00:13 - 00781302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-26 13:30 - 2016-02-22 16:25 - 00000000 ____D C:\Users\Dell T7500\Documents\Outlook Files
2016-08-26 10:46 - 2016-01-31 22:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-08-26 10:45 - 2016-01-31 22:20 - 00000000 ____D C:\Program Files\Adobe
2016-08-26 10:42 - 2016-01-31 21:59 - 00000000 ____D C:\ProgramData\Adobe
2016-08-26 02:11 - 2016-01-31 21:58 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Adobe
2016-08-25 18:35 - 2016-07-08 18:17 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
2016-08-25 18:35 - 2016-03-23 16:15 - 00000961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoiceZoneConnect.lnk
2016-08-25 18:35 - 2016-02-01 02:24 - 00002115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-08-25 18:35 - 2016-01-31 22:26 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-08-25 18:35 - 2016-01-31 22:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2016-08-25 18:35 - 2016-01-31 22:24 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-08-25 18:35 - 2016-01-31 22:22 - 00000995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-08-25 18:35 - 2016-01-31 21:28 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-25 18:35 - 2016-01-16 23:46 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-08-25 18:35 - 2016-01-16 23:46 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-08-25 18:35 - 2016-01-16 19:54 - 00001399 _____ C:\Users\Dell T7500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-25 18:35 - 2009-07-13 23:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-25 18:35 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-08-25 18:35 - 2009-07-13 23:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-08-25 18:35 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-08-25 18:35 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-08-25 18:34 - 2016-07-08 18:21 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-25 18:34 - 2016-07-08 18:17 - 00000935 _____ C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
2016-08-25 18:34 - 2016-07-08 16:31 - 00002005 _____ C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
2016-08-25 18:34 - 2016-07-08 16:31 - 00001330 _____ C:\Users\Public\Desktop\Visit Lexmark SmartSolutions.LNK
2016-08-25 18:34 - 2016-07-02 13:15 - 00001576 _____ C:\Users\Public\Desktop\Style Builder 2016.lnk
2016-08-25 18:34 - 2016-07-02 13:15 - 00001518 _____ C:\Users\Public\Desktop\LayOut 2016.lnk
2016-08-25 18:34 - 2016-07-02 13:15 - 00001443 _____ C:\Users\Public\Desktop\SketchUp 2016.lnk
2016-08-25 18:34 - 2016-06-12 21:34 - 00002355 _____ C:\Users\Dell T7500\Desktop\wmcarder@gmail.com - Chrome.lnk
2016-08-25 18:34 - 2016-06-12 21:34 - 00002315 _____ C:\Users\Dell T7500\Desktop\Mack TCCD - Chrome.lnk
2016-08-25 18:34 - 2016-04-11 12:33 - 00001856 _____ C:\Users\Dell T7500\Desktop\Quality Standards for Online Courses and Instruction - Shortcut.lnk
2016-08-25 18:34 - 2016-03-23 16:15 - 00000955 _____ C:\Users\Public\Desktop\VoiceZoneConnect.lnk
2016-08-25 18:34 - 2016-03-21 16:25 - 00000917 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-08-25 18:34 - 2016-02-05 22:29 - 00001170 _____ C:\Users\Dell T7500\Desktop\PC Wizard 2013.lnk
2016-08-25 18:34 - 2016-02-02 14:35 - 00001203 _____ C:\Users\Public\Desktop\Anker Precision Laser Gaming Mouse.lnk
2016-08-25 18:34 - 2016-02-01 03:11 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-25 18:34 - 2016-01-31 22:26 - 00002030 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2016-08-25 18:34 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-08-25 18:34 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-08-25 18:33 - 2016-02-01 03:09 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-25 18:33 - 2011-04-12 03:28 - 00000000 ____D C:\Windows\CSC
2016-08-25 18:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-25 16:37 - 2016-03-22 00:15 - 00000000 ____D C:\ProgramData\iolo
2016-08-25 16:14 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-08-23 11:04 - 2016-02-01 01:24 - 00000000 ____D C:\Users\Dell T7500\AppData\LocalLow\Adobe
2016-08-20 07:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-08-19 04:01 - 2016-01-31 23:19 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 04:01 - 2016-01-31 23:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-16 06:35 - 2016-07-08 12:52 - 00000000 ___RD C:\Users\Dell T7500\OneDrive for Business
2016-08-15 12:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-15 11:02 - 2016-02-01 01:36 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Deployment
2016-08-15 10:59 - 2016-03-23 15:24 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Citrix
2016-08-11 08:25 - 2016-07-26 08:48 - 00024064 _____ C:\Users\Dell T7500\Documents\Copy of acpws.xlsx
2016-08-10 03:26 - 2009-07-13 23:45 - 05057616 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 03:10 - 2016-01-17 00:13 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 03:00 - 2016-01-17 00:13 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-02 20:54 - 2016-02-03 11:17 - 00000000 ____D C:\Users\Dell T7500\Documents\Records for T7500
2016-08-02 20:52 - 2016-02-03 10:34 - 00000000 ____D C:\Users\Dell T7500\Documents\Custom Office Templates
2016-08-02 14:50 - 2016-07-18 16:16 - 00000000 ____D C:\Users\Public\Documents\Adobe
2016-07-28 21:30 - 2016-07-08 18:21 - 00000000 ____D C:\Program Files\CCleaner
2016-07-28 15:16 - 2016-01-31 21:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 15:16 - 2016-01-31 21:28 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 10:48 - 2016-07-24 14:30 - 00089555 _____ C:\Users\Dell T7500\Documents\Print Report – myTCC _ Tarrant County College.pdf
2016-07-27 14:25 - 2010-11-20 22:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-27 13:21 - 2016-01-16 20:49 - 00111840 _____ C:\Users\Dell T7500\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-27 12:56 - 2016-01-17 10:59 - 00000000 ____D C:\Users\Dell T7500\AppData\Roaming\Adobe
2016-07-27 12:52 - 2016-03-18 12:12 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-27 12:22 - 2016-02-01 01:19 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-27 11:49 - 2016-01-31 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2016-07-27 11:37 - 2016-01-16 19:54 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\VirtualStore
2016-07-27 09:08 - 2016-02-02 18:54 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-27 09:08 - 2016-02-02 18:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-27 09:08 - 2016-02-01 01:17 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-27 09:08 - 2016-01-31 22:21 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2016-08-25 12:45 - 2016-08-25 12:45 - 7118336 _____ () C:\Users\Dell T7500\AppData\Roaming\agent.dat
2016-08-25 12:44 - 2016-08-25 12:44 - 0138240 _____ () C:\Users\Dell T7500\AppData\Roaming\Installer.dat
2016-08-25 12:45 - 2016-08-25 12:45 - 0018432 _____ () C:\Users\Dell T7500\AppData\Roaming\Main.dat
2016-07-08 17:47 - 2016-07-08 17:47 - 0000252 _____ () C:\ProgramData\FastPics.log
2016-07-08 16:31 - 2016-08-26 18:28 - 0099218 _____ () C:\ProgramData\lxecscan.log
2016-07-08 16:30 - 2016-07-08 16:30 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {366343e2-bcd4-11e5-bcc8-93545ea6842c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {366343e4-bcd4-11e5-bcc8-93545ea6842c}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {366343e2-bcd4-11e5-bcc8-93545ea6842c}
nx OptIn

Windows Boot Loader
-------------------
identifier {366343e4-bcd4-11e5-bcc8-93545ea6842c}
device ramdisk=[C:]\Recovery\366343e4-bcd4-11e5-bcc8-93545ea6842c\Winre.wim,{366343e5-bcd4-11e5-bcc8-93545ea6842c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\366343e4-bcd4-11e5-bcc8-93545ea6842c\Winre.wim,{366343e5-bcd4-11e5-bcc8-93545ea6842c}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {366343e2-bcd4-11e5-bcc8-93545ea6842c}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {366343e5-bcd4-11e5-bcc8-93545ea6842c}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\366343e4-bcd4-11e5-bcc8-93545ea6842c\boot.sdi



LastRegBack: 2016-08-26 01:08

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Dell T7500 (26-08-2016 19:15:47)
Running from C:\Users\Dell T7500\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-01-17 00:53:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-699450693-438542302-1185398494-500 - Administrator - Disabled)
Dell T7500 (S-1-5-21-699450693-438542302-1185398494-1000 - Administrator - Enabled) => C:\Users\Dell T7500
Guest (S-1-5-21-699450693-438542302-1185398494-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-699450693-438542302-1185398494-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {D1196F3E-3487-585D-3681-0661BD157EC3}
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {6A788EDA-12BD-57D3-0C31-3D13C692347E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Amazon Kindle (HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Anker Precision Laser Gaming Mouse version 1.3 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.3 - ANKER Technology)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell System Detect (HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\58d94f3ce2c27db0) (Version: 7.3.0.6 - Dell)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.10 - Emsisoft Ltd.)
GitHub (HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\5f7eb300e2ea4ebf) (Version: 3.2.0.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.21.0.5387 (HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\GoToMeeting) (Version: 7.21.0.5387 - CitrixOnline)
IOTA Wallet 1.0.2 (only current user) (HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 1.0.2 - IOTA Foundation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mendeley Desktop 1.16.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.16.1 - Mendeley Ltd.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Node.js (HKLM\...\{8434AEA1-1294-47E3-9137-848F546CD824}) (Version: 4.4.7 - Node.js Foundation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
P@H-Protocol (HKLM-x32\...\{C24A3361-4C8A-4779-A3F3-BCD5BCD574CB}) (Version: 3.0.8.9 - Valassis)
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.19.0 - Seagate)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
VoiceZoneConnect (HKLM-x32\...\com.twc.voicezoneconnect) (Version: 1.5.1 - Time Warner Cable Media Inc)
VoiceZoneConnect (x32 Version: 1.5.1 - Time Warner Cable Media Inc) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-699450693-438542302-1185398494-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Dell T7500\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-699450693-438542302-1185398494-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {066EE0C2-7FA7-4B8C-B613-5C2227B6610A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {15115B75-9892-4074-A15D-C4DCAA9770F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {31DDF9D3-D671-4AD4-8250-CD5CDB44AC6C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {3644CBA0-7796-4FB5-B08C-8BDD5606D4A1} - System32\Tasks\Microsoft\Windows\PLA\System\{3FE55908-A934-4D2B-BE70-7A65ED72CA75}_System Diagnostics => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {56413B4B-0443-47D1-8ACF-632660D119D6} - System32\Tasks\{C9D24AD5-3F54-4AC5-BDC5-8EA34B176585} => pcalua.exe -a "C:\Program Files (x86)\Common Files\VaiaKeystrong\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\VaiaKeystrong\uninstall.dat" -a uninstallme AAEF64D6-FA42-40D2-AC05-4A4EE8B4515B DeviceId=84ba59fa-f0c9-7277-014a-931b85eaac1a BarcodeId=51129011 ChannelId=11 DistributerName=APSFSWAd (the data entry has 1 more characters).
Task: {607CD5D2-7422-4FAE-96ED-5BC2F9CBC05C} - System32\Tasks\G2MUpdateTask-S-1-5-21-699450693-438542302-1185398494-1000 => C:\Users\Dell T7500\AppData\Local\Citrix\GoToMeeting\5387\g2mupdate.exe [2016-08-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {60981A0C-F855-4C67-92E9-03DDB0F617D2} - System32\Tasks\ea8564092726cb11deea247f6ff6d96f => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\ea8564092726cb11deea247f6ff6d96f.ps1 <==== ATTENTION
Task: {65FE24E8-E5DB-45F6-99FC-F36067546ADA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-02-01] (Microsoft Corporation)
Task: {7BA739AB-9483-436D-8F45-80D9785D2D5E} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-06-28] (Seagate Technology LLC)
Task: {ACC7CD5C-BB79-4C11-B179-755CDD7F10F5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B04A13CD-D7CF-4644-95CD-8EDFF2926820} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-02-01] (Microsoft Corporation)
Task: {BE3F7BD1-6AC6-4F7A-8E98-84ACB0DEEA8B} - System32\Tasks\Dell T7500 DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-06-28] (Seagate Technology LLC)
Task: {CCB98B44-8832-426D-B08D-9E8FBB12C2E2} - System32\Tasks\{15ABE935-80AD-40B8-A899-01F9D6F37B74} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {D23C7210-AA10-4F04-AF6A-2EAABF644EB0} - System32\Tasks\AdobeAAMUpdater-1.0-DellT7500-PC-Dell T7500 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {E2BDEFF8-77E5-4DFF-97DD-E4428C9B4736} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {F721BD19-828F-4425-806F-D9D7054DE279} - System32\Tasks\G2MUploadTask-S-1-5-21-699450693-438542302-1185398494-1000 => C:\Users\Dell T7500\AppData\Local\Citrix\GoToMeeting\5387\g2mupload.exe [2016-08-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F79F00E3-4A10-4877-A54F-F8F1539A6420} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-15] (Piriform Ltd)
Task: {F991A516-9457-487E-95F5-C9097C54DA37} - System32\Tasks\Games\UpdateCheck_S-1-5-21-699450693-438542302-1185398494-1000
Task: {FB78B0D3-2D7B-4277-A7D3-5575170B365F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-699450693-438542302-1185398494-1000.job => C:\Users\Dell T7500\AppData\Local\Citrix\GoToMeeting\5387\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-699450693-438542302-1185398494-1000.job => C:\Users\Dell T7500\AppData\Local\Citrix\GoToMeeting\5387\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Dell T7500\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mack TCCD - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

==================== Loaded Modules (Whitelisted) ==============

2016-02-01 03:09 - 2015-10-13 14:00 - 02692272 _____ () C:\Windows\system32\nvwmi64.exe
2016-02-01 03:09 - 2015-10-13 12:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-08 16:22 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2016-02-01 03:09 - 2015-10-13 14:00 - 02601616 _____ () C:\Program Files\NVIDIA Corporation\nview\nview64.dll
2016-01-31 23:18 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-08 16:31 - 2013-01-23 13:35 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2016-07-08 16:31 - 2013-01-23 13:35 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
2016-02-02 14:35 - 2014-01-10 13:08 - 03353600 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
2009-05-18 13:32 - 2009-05-18 13:32 - 01416192 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxecptpc.dll
2009-11-04 13:19 - 2009-11-04 13:19 - 00198656 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxecdrui.dll
2009-11-09 08:36 - 2009-11-09 08:36 - 00142336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxecPRPR.DLL
2016-08-26 18:57 - 2016-05-22 19:33 - 00491184 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-01 01:44 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-01 03:09 - 2015-10-13 14:00 - 01683600 _____ () C:\Program Files\NVIDIA Corporation\nview\nvwimg64.dll
2016-08-26 18:57 - 2016-05-22 19:32 - 31680176 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-02-01 01:45 - 2016-05-24 10:21 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-07-08 16:31 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2016-07-08 16:31 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2016-07-08 16:31 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2016-07-08 16:31 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2016-02-01 03:09 - 2015-10-13 14:00 - 02155336 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2016-07-08 16:31 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2016-07-08 16:31 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
2016-07-08 16:31 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
2016-07-08 16:31 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2016-07-08 16:31 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2016-07-08 16:31 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2016-07-08 16:31 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
2016-07-08 16:31 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2016-07-08 16:31 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
2016-07-08 16:31 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
2016-02-01 01:43 - 2016-02-26 14:09 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2016-02-01 01:45 - 2016-05-24 10:21 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
2016-02-02 14:35 - 2011-01-27 01:53 - 00028160 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\uiHook.dll
2016-02-01 03:09 - 2015-10-13 14:00 - 01683784 _____ () C:\Program Files\NVIDIA Corporation\nview\nvwimg.dll
2016-08-08 14:22 - 2016-08-02 19:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 14:22 - 2016-08-02 19:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-07-28 14:46 - 2016-07-28 14:46 - 27503800 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.dll
2016-06-30 06:55 - 2016-06-30 06:55 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\sqlite.dll
2016-06-30 06:55 - 2016-06-30 06:55 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\libcef.dll
2016-02-01 01:43 - 2016-02-26 14:09 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2016-07-18 08:55 - 2016-07-18 08:55 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-08-26 18:59 - 2016-06-08 00:10 - 00118272 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-08-26 18:59 - 2016-06-08 00:10 - 00205824 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-08-26 18:59 - 2016-06-08 00:10 - 00117248 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-08-26 18:59 - 2016-06-08 00:10 - 00125440 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-699450693-438542302-1185398494-1000\...\sharepoint.com -> hxxps://tarrantcountycoll864-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-08-25 12:49 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-699450693-438542302-1185398494-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 188.120.239.115 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: GoogleChromeAutoLaunch_04A13715CC4DF828F99108AF460BAEB7 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{203FFA34-F141-4B6E-8C07-C8722B0D80BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2F0D1F2A-97FD-4B26-B562-D4CF887D9673}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{54E466AB-9390-440C-8F55-91EF8CFFE6B0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6ECD7EC9-9AD0-43D5-9A15-2335AE569C9D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B59A3473-C464-48D3-AFF6-940B00BBEC2A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D0C2C4DA-FCF5-4B40-AD67-73D1F21FAA4E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BB8592B6-09F3-4A47-85BF-C17A314CF602}] => (Allow) C:\Windows\system32\lxeccoms.exe
FirewallRules: [{98BA04D4-10A5-4E44-AA61-3A8E62597C49}] => (Allow) C:\Windows\system32\LXECcoms.exe
FirewallRules: [{38431896-BA23-4F34-99EC-3DCDFD9AFD6B}] => (Allow) C:\Windows\system32\LXECcoms.exe
FirewallRules: [TCP Query User{E99173BE-1945-43CC-A76A-29A101738A0A}C:\program files\java\jre1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_102\bin\java.exe
FirewallRules: [UDP Query User{B9F6A86D-6590-4FA4-93F2-1FED1E322019}C:\program files\java\jre1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_102\bin\java.exe
FirewallRules: [{0ADC4EF1-744B-49F2-9B66-CE058DC6E408}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EC283175-FC72-4813-9C0F-7D6603F7B105}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{B63109C9-ADB7-44B8-A1F3-CBAB71ED3EB3}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{63572BC5-3D8F-4ACB-A7D8-62F71CADD5C9}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe

==================== Restore Points =========================

25-08-2016 16:35:28 Revo Uninstaller's restore point - SafeFinder
25-08-2016 16:37:25 Revo Uninstaller's restore point - System Checkup 3.5
25-08-2016 16:38:32 Revo Uninstaller's restore point - PC Wizard 2013.2.12
26-08-2016 06:04:52 Revo Uninstaller's restore point - Docear
26-08-2016 10:38:36 Revo Uninstaller's restore point - Adobe Creative Suite 6 Master Collection
26-08-2016 10:51:28 Revo Uninstaller's restore point - FreeMind
26-08-2016 10:53:59 Revo Uninstaller's restore point - Microsoft Office Professional Plus 2013 - en-us
26-08-2016 14:54:12 Installed Microsoft Visual C++ 2005 Redistributable
26-08-2016 14:55:40 Installed Seagate Dashboard.
26-08-2016 17:27:48 Installed Paragon HFS+ for Windows™ 9.1.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2016 07:05:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2408

Start Time: 01d1fff5f4cfa4fd

Termination Time: 23896

Application Path: C:\Windows\system32\mmc.exe

Report Id: da9464fd-6be9-11e6-b91d-180373206040

Error: (08/26/2016 05:36:46 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EFE

Error: (08/26/2016 05:35:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c70

Start Time: 01d1ff2922032488

Termination Time: 624

Application Path: C:\Windows\Explorer.EXE

Report Id: 55cc8e33-6bdd-11e6-b91d-180373206040

Error: (08/26/2016 05:34:32 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EFE

Error: (08/26/2016 05:34:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1028

Start Time: 01d1ffe9dc15322c

Termination Time: 7754

Application Path: C:\Windows\system32\mmc.exe

Report Id: 331e2e9f-6bdd-11e6-b91d-180373206040

Error: (08/26/2016 03:34:14 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{dd11413e-bcd4-11e5-975c-806e6f6e6963} - 0000000000000184,0x0053c008,00000000004BE650,0,0000000001150080,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (08/26/2016 03:23:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Paragon HFS+ for Windows™ 9.1.; Error = 0x81000101).

Error: (08/26/2016 03:07:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2be4

Start Time: 01d1ffd4ec07cfaf

Termination Time: 8

Application Path: C:\Windows\system32\mmc.exe

Report Id: b4dbf166-6bc8-11e6-b91d-180373206040

Error: (08/26/2016 06:04:46 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {33d47f87-75b6-46d6-b918-2062370a9f1c}

Error: (08/25/2016 06:35:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/26/2016 06:57:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (08/26/2016 06:54:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (08/26/2016 06:28:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (08/26/2016 05:35:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (08/26/2016 05:29:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Paragon APM service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/26/2016 05:28:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (08/26/2016 05:26:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (08/26/2016 04:46:41 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (08/26/2016 04:42:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (08/26/2016 04:39:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.


CodeIntegrity:
===================================
Date: 2016-08-25 13:09:00.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:09:00.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:08:59.900
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:08:59.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:07:28.146
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:07:28.090
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:07:27.786
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:07:27.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:07:27.353
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-25 13:07:27.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU X5650 @ 2.67GHz
Percentage of memory in use: 21%
Total physical RAM: 30717.59 MB
Available physical RAM: 23987.67 MB
Total Virtual: 61433.36 MB
Available Virtual: 51976.29 MB

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:167.68 GB) (Free:42.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:664.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FA17A8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: E7A32888)
Partition 1: (Active) - (Size=167.7 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

==================== End of Addition.txt ============================

Edited by Oh My!, 29 August 2016 - 08:59 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:09 AM

Posted 29 August 2016 - 08:58 AM

Greetings wacomaco2 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:09 AM

Posted 29 August 2016 - 09:25 AM

Thank you for your patience.

Do you recognize this?

nonblock.net
Valassis


Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
AutoConfigURL: [S-1-5-21-699450693-438542302-1185398494-1000] => hxxp://nonblock.net/wpad.dat?3cd0cfde7b5aec0fe6e65b14cd91726a15093653
Tcpip\..\Interfaces\{E38CACC5-A004-4047-8B0D-40E545A6391A}: [NameServer] 188.120.239.115,8.8.8.8
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-699450693-438542302-1185398494-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2016-08-25 13:21 - 2016-08-25 16:27 - 00000000 ____D C:\Windows\system32\SSL
2016-08-25 13:21 - 2016-08-25 13:21 - 00031411 _____ C:\Windows\ea8564092726cb11deea247f6ff6d96f.ps1
2016-08-25 13:21 - 2016-08-25 13:21 - 00003598 _____ C:\Windows\System32\Tasks\ea8564092726cb11deea247f6ff6d96f
2016-08-23 13:38 - 2016-08-23 13:38 - 00142515 _____ C:\Windows\1519471269773700f7637e6437a185b9.exe
2016-07-27 12:44 - 2016-07-27 12:44 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Tempzxpsignd11feda82ba8f550
2016-07-27 12:44 - 2016-07-27 12:44 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Tempzxpsign69eaa00f041b7fbc
Task: {60981A0C-F855-4C67-92E9-03DDB0F617D2} - System32\Tasks\ea8564092726cb11deea247f6ff6d96f => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\ea8564092726cb11deea247f6ff6d96f.ps1 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 wacomaco2

wacomaco2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 30 August 2016 - 10:44 PM

still have quickprivacycheck.com popup but less frequently and so far only on one chrome profilw

Here are the files you reqested:\

 

Hope this is all you need.  Thanks so much for your help.

# AdwCleaner v6.010 - Logfile created 30/08/2016 at 19:36:44

# Updated on 12/08/2016 by ToolsLib

# Database : 2016-08-30.2 [Server]

# Operating System : Windows 7 Professional Service Pack 1 (X64)

# Username : Dell T7500 - DELLT7500-PC

# Running from : C:\Users\Dell T7500\Downloads\AdwCleaner.exe

# Mode: Clean

# Support : https://toolslib.net/forum

 

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

 

 

***** [ Files ] *****

 

 

 

***** [ DLL ] *****

 

 

 

***** [ WMI ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Scheduled Tasks ] *****

 

 

 

***** [ Registry ] *****

 

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\ea8564092726cb11deea247f6ff6d96f

 

 

***** [ Web browsers ] *****

 

[-] [aol.com] [Search Provider] Deleted: aol.com

[-] [ask.com] [Search Provider] Deleted: ask.com

[-] [feed.sonic-search.com] [Search Provider] Deleted: feed.sonic-search.com

[-] [aol.com] [Search Provider] Deleted: aol.com

[-] [ask.com] [Search Provider] Deleted: ask.com

[-] [aol.com] [Search Provider] Deleted: aol.com

[-] [ask.com] [Search Provider] Deleted: ask.com

 

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C0].txt - [10241 Bytes] - [25/08/2016 16:00:14]

C:\AdwCleaner\AdwCleaner[C2].txt - [1309 Bytes] - [30/08/2016 19:36:44]

C:\AdwCleaner\AdwCleaner[S0].txt - [9213 Bytes] - [25/08/2016 15:53:37]

C:\AdwCleaner\AdwCleaner[S1].txt - [2054 Bytes] - [30/08/2016 19:36:16]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1528 Bytes] ##########

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016

Ran by Dell T7500 (30-08-2016 20:46:03) Run:1

Running from C:\Users\Dell T7500\Documents\frst

Loaded Profiles: Dell T7500 (Available Profiles: Dell T7500)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

AutoConfigURL: [S-1-5-21-699450693-438542302-1185398494-1000] => hxxp://nonblock.net/wpad.dat?3cd0cfde7b5aec0fe6e65b14cd91726a15093653

Tcpip\..\Interfaces\{E38CACC5-A004-4047-8B0D-40E545A6391A}: [NameServer] 188.120.239.115,8.8.8.8

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-699450693-438542302-1185398494-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

2016-08-25 13:21

- 2016-08-25 16:27 - 00000000 ____D C:\Windows\system32\SSL

2016-08-25 13:21 - 2016-08-25 13:21 - 00031411 _____ C:\Windows\ea8564092726cb11deea247f6ff6d96f.ps1

2016-08-25 13:21 - 2016-08-25 13:21 - 00003598 _____ C:\Windows\System32\Tasks\ea8564092726cb11deea247f6ff6d96f

2016-08-23 13:38 - 2016-08-23 13:38 - 00142515 _____ C:\Windows\1519471269773700f7637e6437a185b9.exe

2016-07-27 12:44 - 2016-07-27 12:44 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Tempzxpsignd11feda82ba8f550

2016-07-27 12:44 - 2016-07-27 12:44 - 00000000 ____D C:\Users\Dell T7500\AppData\Local\Tempzxpsign69eaa00f041b7fbc

Task: {60981A0C-F855-4C67-92E9-03DDB0F617D2} - System32\Tasks\ea8564092726cb11deea247f6ff6d96f => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\Windows\ea8564092726cb11deea247f6ff6d96f.ps1 <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-699450693-438542302-1185398494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E38CACC5-A004-4047-8B0D-40E545A6391A}\\NameServer => value removed successfully

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\S-1-5-21-699450693-438542302-1185398494-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"2016-08-25 13:21" => not found.

- 2016-08-25 16:27 - 00000000 ____D C:\Windows\system32\SSL => Error: No automatic fix found for this entry.

C:\Windows\ea8564092726cb11deea247f6ff6d96f.ps1 => moved successfully

C:\Windows\System32\Tasks\ea8564092726cb11deea247f6ff6d96f => moved successfully

C:\Windows\1519471269773700f7637e6437a185b9.exe => moved successfully

C:\Users\Dell T7500\AppData\Local\Tempzxpsignd11feda82ba8f550 => moved successfully

C:\Users\Dell T7500\AppData\Local\Tempzxpsign69eaa00f041b7fbc => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60981A0C-F855-4C67-92E9-03DDB0F617D2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60981A0C-F855-4C67-92E9-03DDB0F617D2}" => key removed successfully

C:\Windows\System32\Tasks\ea8564092726cb11deea247f6ff6d96f => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea8564092726cb11deea247f6ff6d96f" => key removed successfully

C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.

 

 

The system needed a reboot.

 

==== End of Fixlog 20:46:19 ====

 

More details about my computer

Print this page

Component Details Subscore Base score

Processor Intel® Xeon® CPU X5650 @ 2.67GHz 7.8

7.1

Determined by

lowest subscore

Memory (RAM) 30.0 GB 7.8

Graphics NVIDIA Quadro FX 4800 7.1

Gaming graphics 5119 MB Total available graphics memory 7.1

Primary hard disk 40GB Free (168GB Total) 7.8

Windows 7 Professional

System

Manufacturer Dell Inc.

Model Precision WorkStation T7500

Total amount of system memory 30.0 GB RAM

System type 64-bit operating system

Number of processor cores 12

Storage

Total size of hard disk(s) 1099 GB

Disk partition (C:) 40 GB Free (168 GB Total)

Media drive (D:) CD/DVD

Disk partition (E:) 660 GB Free (932 GB Total)

Graphics

Display adapter type NVIDIA Quadro FX 4800

Total available graphics memory 5119 MB

Dedicated graphics memory 1536 MB

Dedicated system memory 0 MB

Shared system memory 3583 MB

Display adapter driver version 9.18.13.4192

Primary monitor resolution 3840x2160

DirectX version DirectX 10

Performance Information and Tools Pag

Notes

The gaming graphics score is based on the primary graphics adapter. If this system has linked or multiple

graphics adapters, some software applications may see additional performance benefits.

Print this page

 

Performance Information and Tools Pag

 

 



#5 wacomaco2

wacomaco2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 30 August 2016 - 10:48 PM

http://quickprivacycheck.com/test1/?voluumdata=BASE64dmlkLi4wMDAwMDAwNi1mZjA0LTRkNTMtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjAxNzE3ODAwLTZmMjctMTFlNi04MTU3LWFiYWUxZjMxZDI4Y19fY2FpZC4uOGM1YTg3NjEtMTViYi00ZjI4LWFlYmUtOTA3ZDk1MDRiMTU3X19ydC4uREpfX2xpZC4uZjkxYzAxYjYtYzQwOC00ODFmLWExNzEtZWJjNTE4YTViOWY0X19vaWQxLi45ODQ0YmU2Zi1jZjE5LTQ3YmItYTlkMi0wYjA1ODFjNWU1ZjVfX3ZhcjEuLjExODIyNjQxNTAxNDcyNjE0NjM4X192YXIyLi4xMDUzNDI1X19yZC4ud3d3XC5cb25jbGlja3RvcFwuXGNvbV9fYWlkLi5fX2FiLi5fX3NpZC4u&clickid=11822641501472614638&zone=1053425



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:09 AM

Posted 31 August 2016 - 09:27 AM

Greetings,
 

Do you recognize this?

nonblock.net
Valassis


Please do this.

===================================================

Resetting Google Chrome to Original Defaults

--------------------
  • Launch Chrome then review this page before following these steps to review what changes will take place
  • In the address bar type chrome://settings and press Enter
  • Click Show advanced settings... located at the bottom of the page
  • Under the Reset settings section click Reset settings
  • Uncheck Help make Google Chrome better by reporting the current settings if you don' t want to provide that information
  • Click Reset
  • Restart Chrome and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize entries?
  • How is Chrome performing?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 wacomaco2

wacomaco2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 02 September 2016 - 06:09 PM

I reset chrome and it looks like I am clean.  All users in chrome seem to be free of malware.  Restarted to make sure malware would not load on restart and all seems well.  

Thank you Oh MyT! Oh My!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:09 AM

Posted 02 September 2016 - 07:15 PM

Excellent, just a couple more things please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 wacomaco2

wacomaco2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 03 September 2016 - 12:34 AM

Computer seems to be running fine

ESET

C:\AdwCleaner\quarantine\files\pbrpgncjrppcztbrlvqquoifikqjnghq.back Win64/MPCCleaner.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\alrzrtccewhafeompdtyygarjdaxpivs\CloudPrinter.exe a variant of Win32/TrojanDropper.Addrop.BF trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\bqbzdsavrserlqtwqasklpfhjgqviscg\Bigzap.exe Win64/Toolbar.Linkury.O potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\bqbzdsavrserlqtwqasklpfhjgqviscg\Holdtam.exe a variant of Win32/TrojanDropper.Addrop.BF trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\bqbzdsavrserlqtwqasklpfhjgqviscg\Nimtam.exe MSIL/TrojanDownloader.Agent.CIY trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\bqbzdsavrserlqtwqasklpfhjgqviscg\Nimtop.exe Win32/Toolbar.Linkury.AZ potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\bqbzdsavrserlqtwqasklpfhjgqviscg\StanMating.dll Win64/Toolbar.Linkury.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\bqbzdsavrserlqtwqasklpfhjgqviscg\Zonephase.dll Win32/Toolbar.Linkury.BA potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\dunbmlwkvdqyirbgnwggeagvdmrjbkgg\app\LuckyBrowse.exe Win32/LuckyTab.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\eemsqtjdwrissmoqtuldmcfdhfwnhnjb\set.exe MSIL/Toolbar.Linkury.AV potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\ehxpbrtrlbliwshdswksidtytychlibh\Uninstall_PCSpeedUp.exe multiple threats cleaned by deleting
C:\AdwCleaner\quarantine\files\ezqspidxrzatnyqrhcoapnrrafkrengl\gplyra\gplyra.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting
C:\AdwCleaner\quarantine\files\fwewfbjpeobhityjdwpigdxtrzyomkkx\uninstall.exe a variant of Win32/Adware.ConvertAd.AIN application cleaned by deleting
C:\AdwCleaner\quarantine\files\gmhxtglfjlcmvuajdoofvpiexhdlzyog\uninstaller.exe a variant of MSIL/Injector.QAB trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\kwakqiqebdquphgtvvvgnnjccpunrpgy\hnsmDA28.tmp a variant of Win32/Adware.ConvertAd.XV application cleaned by deleting
C:\AdwCleaner\quarantine\files\kwakqiqebdquphgtvvvgnnjccpunrpgy\jnscC447.tmp a variant of Win32/Adware.ConvertAd.ABM application cleaned by deleting
C:\AdwCleaner\quarantine\files\kwakqiqebdquphgtvvvgnnjccpunrpgy\knsA7D2.tmp a variant of Win32/Adware.ConvertAd.AIB application cleaned by deleting
C:\AdwCleaner\quarantine\files\kwakqiqebdquphgtvvvgnnjccpunrpgy\rnshC06E.exe a variant of Win32/Adware.ConvertAd.AHZ.gen application cleaned by deleting
C:\AdwCleaner\quarantine\files\kwakqiqebdquphgtvvvgnnjccpunrpgy\Uninstall.exe Win32/Adware.ConvertAd.AEY application cleaned by deleting
C:\AdwCleaner\quarantine\files\kwakqiqebdquphgtvvvgnnjccpunrpgy\vnsmA78F.tmp Win32/Adware.ConvertAd.AEY application cleaned by deleting
C:\AdwCleaner\quarantine\files\mycefghktinlblxyubxmuhvebjtgxrsd\uninstaller.exe a variant of MSIL/Injector.QAB trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\ngquecweogllacieieepkhczymsccgae\WebShield.exe a variant of Win32/Adware.ProNetWork.A application cleaned by deleting
C:\AdwCleaner\quarantine\files\stfecazlcfaepkuwfmldmkbhlwymeilq\Uninstaller.exe a variant of MSIL/Injector.QAB trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\stfecazlcfaepkuwfmldmkbhlwymeilq\wizzcaster.exe a variant of MSIL/Adware.CsdiMonetize.B application cleaned by deleting
C:\AdwCleaner\quarantine\files\vxnpibwyvpqcjgajqezrlvwlgqisnekq\qnsy92A0.tmp a variant of Win32/Adware.ConvertAd.AEX application cleaned by deleting
C:\AdwCleaner\quarantine\files\vxnpibwyvpqcjgajqezrlvwlgqisnekq\Uninstall.exe Win32/Adware.ConvertAd.AHL application cleaned by deleting
C:\AdwCleaner\quarantine\files\xrsyrrqjyypfcwoaraipzbjypfurrtyn\uninstall.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\AdwCleaner\quarantine\files\zbsiqtgprhmwytnmtajrehckyxdiohdt\uninstaller.exe a variant of MSIL/Injector.QAB trojan cleaned by deleting
C:\FRST\Quarantine\C\Windows\1519471269773700f7637e6437a185b9.exe.xBAD a variant of Win32/Packed.NSISmod.R suspicious application cleaned by deleting
C:\Program Files (x86)\CPUID\PC Wizard 2013\systweakasp_c.exe MSIL/AdvancedSystemProtector.D potentially unwanted application deleted
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Dell T7500\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFMMB8M\wpad[1].dat JS/ProxyChanger.BQ trojan cleaned by deleting
C:\Users\Dell T7500\Documents\couponprinter.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Dell T7500\Downloads\ccsetup519pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Dell T7500\Downloads\firefox-patch.js JS/TrojanDownloader.Agent.OTF trojan cleaned by deleting
C:\Users\Dell T7500\Downloads\pc-wizard_2014.2.13.exe MSIL/AdvancedSystemProtector.D potentially unwanted application deleted
C:\Windows\CouponPrinter.ocx a variant of Win32/Adware.Coupons.AA application cleaned by deleting
E:\DELLT7500-PC\Backup Set 2016-01-31 213731\Backup Files 2016-02-08 165759\Backup files 5.zip MSIL/AdvancedSystemProtector.D potentially unwanted application deleted
E:\DELLT7500-PC\Backup Set 2016-01-31 213731\Backup Files 2016-07-03 190008\Backup files 1.zip JS/Adware.InterYield.A application deleted
E:\DELLT7500-PC\Backup Set 2016-07-10 190007\Backup Files 2016-07-10 190007\Backup files 6.zip MSIL/AdvancedSystemProtector.D potentially unwanted application deleted
E:\DELLT7500-PC\Backup Set 2016-07-10 190007\Backup Files 2016-07-17 190007\Backup files 6.zip JS/TrojanDownloader.Agent.OTF trojan deleted
E:\DELLT7500-PC\Backup Set 2016-07-10 190007\Backup Files 2016-08-21 190007\Backup files 1.zip a variant of Win32/Adware.Coupons.AA application deleted
E:\DELLT7500-PC\Backup Set 2016-07-10 190007\Backup Files 2016-08-28 190000\Backup files 4.zip JS/ProxyChanger.BQ trojan deleted
CHECKUP

Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Emsisoft Anti-Malware           
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Adobe Flash Player 22.0.0.209  
 Mozilla Firefox (48.0.2) 
 Google Chrome (51.0.2704.103) 
 Google Chrome (52.0.2743.116) 
 Google Chrome (plugins...) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Emsisoft Anti-Malware a2guard.exe   
 EMSISOFT ANTI-MALWARE a2start.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log`````````````````````` 
 

 

Attached Files



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:09 AM

Posted 03 September 2016 - 03:50 PM

That looks good. I think we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:09 AM

Posted 04 September 2016 - 09:55 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users