Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Trojan.Kotver!gm2 virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 Dr0use

Dr0use

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 24 October 2016 - 09:07 AM

Hello,

 

About a week or so ago I downloaded iTunes and received an error of some sort so I uninstalled it with no issues.  Shortly after I got a pop up from Norton telling me it detected an issue so I ran a scan.  It is now telling me I have Trojan.Kotver!gm2.  After I ran the scan it tells me it will be resolved with a restart, however, it never removes it.  I have read through some discussions on here and tried running some programs such as rkill, fixtool64 and ccleaner.  All are telling me there is nothing to fix, however, whenever I run a scan again, Norton is saying the virus is still there.  If someone could please assist me with removing this virus I would greatly appreciate it. 

 

Also I don't know if this helps at all but whenever I try to run a full scan with any type of malware/adware programs it usually does not complete and crashes my pc. 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 24 October 2016 - 09:44 AM

Hi Dr0use :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Let's begin by getting a set of FRST logs.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Dr0use

Dr0use
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 24 October 2016 - 10:43 AM

Hi Aura,

 

Thanks for the quick reply.  I ran the FRST scan and here are the results. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Dan (administrator) on DAN-PC (24-10-2016 11:35:25)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\n360.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\n360.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1424896 2006-03-21] (CANON INC.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM-x32\...\Run: [VAIORegistration] => C:\Program Files\Sony\First Experience\WelcomeLauncher.exe [16384 2008-06-26] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [VAIOSurvey] => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM-x32\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [AML] => C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe [1097728 2008-06-13] (Sony)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SysWOW64\VESWinlogon.dll [2008-07-28] (Sony Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\Run: [**lmovq<*>] => "C:\Users\Dan\AppData\Local\6d7b7bee\2cf5ea02.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2008-08-12]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8ec656ef.lnk [2016-10-22]
ShortcutTarget: 8ec656ef.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a2435b16.lnk [2016-10-24]
ShortcutTarget: a2435b16.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{4287C950-702A-435D-8498-C0E06D492DA1}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.com/vaiopeople_f08
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.com/vaiopeople_f08
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2419179289-805309009-3091124471-1000 -> DefaultScope {31C4BF0B-3A75-47B1-963B-561D0041688E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2419179289-805309009-3091124471-1000 -> {31C4BF0B-3A75-47B1-963B-561D0041688E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [2008-08-12] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0\bin\jp2ssv.dll => No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2419179289-805309009-3091124471-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2016-06-20] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2419179289-805309009-3091124471-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\1jw28jcm.default-1475697668884 [2016-10-24]
FF Homepage: Mozilla\Firefox\Profiles\1jw28jcm.default-1475697668884 -> hxxp://www.msn.com/
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2419179289-805309009-3091124471-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\Exts\Chrome.crx [2016-09-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\Exts\Chrome.crx [2016-09-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1371136 2008-04-30] (Intel® Corporation) [File not signed]
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\N360.exe [289080 2016-09-23] (Symantec Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-04-30] (Intel® Corporation) [File not signed]
R2 RtkAudioService; C:\Windows\RtkAudioService.exe [139808 2008-07-15] (Realtek Semiconductor)
S3 SOHCImp; C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19456 2008-01-30] (ArcSoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20161019.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608000.032\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S1 DMICall; C:\Windows\SysWOW64\DRIVERS\DMICall.sys [10216 2008-07-11] (Sony Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-10-19] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2016-10-18] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20161020.001\IDSvia64.sys [1012440 2016-10-04] (Symantec Corporation)
S2 MCSTRM; no ImagePath
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [64512 2008-07-17] (REDC)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-09-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1608000.032\SYMTDIV.SYS [468152 2016-09-23] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160816.018\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160816.018\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 11:35 - 2016-10-24 11:37 - 00021562 _____ C:\Users\Dan\Desktop\FRST.txt
2016-10-24 11:33 - 2016-10-24 11:33 - 02407424 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00032207.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00031567.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00031544.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00030707.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00030679.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00029963.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00027626.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00027359.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00027320.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00026861.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00025516.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00024944.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00024600.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00023421.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00023140.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00022997.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00020245.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00019209.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00018521.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00018412.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00018323.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00018110.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00017577.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00017156.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00016436.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00015478.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00015321.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00014231.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00014152.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00013634.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00012590.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00012496.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00012448.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00011028.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00011027.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00009800.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00008651.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00007856.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00007845.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00007313.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00004239.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00001883.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00001532.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00001446.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00000939.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00000656.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00000368.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00031250.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00026728.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00023280.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00017885.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00014357.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00010903.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00010445.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00008865.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00005577.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00003958.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00002871.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00002037.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00001875.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00031225.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00031177.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00030972.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00030284.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00029753.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00029584.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00029560.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028937.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028865.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028656.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028426.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028121.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00027966.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00027952.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00027691.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00027294.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026666.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026613.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026355.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026180.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026148.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026131.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026092.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00025316.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00025087.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00024353.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00023794.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00023331.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00022812.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00022580.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00022353.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00022002.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00021907.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00021723.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00020414.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00019695.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00019571.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00019321.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00019175.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00018487.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00018377.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00017901.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00017623.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00017192.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00016856.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00015115.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00014625.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00014281.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00013717.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00013514.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00013122.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00012964.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00012738.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00012512.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00011272.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00011019.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00010004.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00009948.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00008311.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00008225.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00007326.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00006438.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00006075.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00005205.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004865.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004808.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004779.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004598.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004547.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004089.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00003719.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00002760.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00001979.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00001808.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00000531.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00000327.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00000315.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00000077.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00031690.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00031619.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00030234.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00028492.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00027032.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00026145.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00025030.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00022076.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00020518.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00017180.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00016699.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00012155.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00011401.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00008658.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00004527.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00004469.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00004078.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00001914.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00001712.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00000719.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00032076.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00031485.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030681.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030454.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030423.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030421.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030159.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00028861.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00028830.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00028553.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00028095.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00027271.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00027253.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00025499.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00025222.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00023749.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00022733.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00022086.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00021462.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00020769.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00019561.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00018775.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00018409.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00017295.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00014815.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00014358.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00013592.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00012981.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00012980.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00012869.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010823.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010790.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010689.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010427.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010131.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00009882.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00009077.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00008829.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00008663.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00008546.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00008391.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00007473.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00005861.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00004608.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00002379.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00001627.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00001363.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00000987.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00000445.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00000394.tmp
2016-10-23 22:59 - 2016-10-23 22:59 - 670769219 _____ C:\Windows\MEMORY.DMP
2016-10-23 22:59 - 2016-10-23 22:59 - 00273480 _____ C:\Windows\Minidump\Mini102316-01.dmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00032579.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00032185.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00032061.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00031336.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00031153.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00030608.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00030162.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00028313.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00028163.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00027620.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00027000.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00026725.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00026635.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00025898.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00025554.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00025484.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00024329.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00023112.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00022528.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00021448.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00021360.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00020665.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00019626.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00019340.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00018865.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00018107.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00018005.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00017802.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00017646.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00016363.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00014275.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00012253.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00011049.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00010250.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00009271.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00008671.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00008149.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00007268.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00006439.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00005695.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00005441.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00004399.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00004388.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00004358.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00002988.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00002209.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00002030.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00001432.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00001032.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00030621.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00028491.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00027784.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00025724.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00022966.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00020246.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00018030.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00017791.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00015353.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00013258.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00012727.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00011097.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00011056.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00010959.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00008210.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00007103.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00005200.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00002787.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00000434.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00031878.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00031170.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00029261.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00028343.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00027035.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00026852.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00025384.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00022781.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00022375.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00022243.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00016533.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00016132.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00013795.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00007314.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00005419.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00003219.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00003128.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00002541.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00029664.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00016686.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00015876.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00015203.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00012312.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00012228.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00012181.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00012013.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00011298.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00009832.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00006393.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00005128.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00031311.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00030141.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00030013.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00029976.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00029465.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00027687.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00026888.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00026420.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00025820.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00024417.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00023145.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00022041.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00019586.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00019471.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00018351.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00017398.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00015127.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00015123.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00012310.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00012204.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00011306.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00010782.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00010567.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00010154.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00009598.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00008281.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00007678.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00006108.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00002931.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00002754.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00001919.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00001407.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00000638.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00000064.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032758.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032580.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032578.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032385.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032305.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00029771.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00029028.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00028989.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00028476.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00026828.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00024547.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00024020.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00022927.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00022053.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00020967.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00020450.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00020444.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00020394.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00017302.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00016016.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00015129.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00014512.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00013175.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00012838.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00011502.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00011330.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00011000.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00010586.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00009505.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00007937.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00007671.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00007586.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00006852.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00006624.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00005575.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00004915.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00004384.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00001700.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00001361.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00000408.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00030654.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00019618.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00015023.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00013712.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00013676.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00013165.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00012256.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00012066.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00005807.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00001196.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00001158.tmp
2016-10-23 22:13 - 2016-10-23 22:13 - 01340008 ____T C:\Windows\SysWOW64\00026585.tmp
2016-10-23 20:33 - 2016-10-23 20:33 - 01340008 ____T C:\Windows\SysWOW64\00023726.tmp
2016-10-23 20:33 - 2016-10-23 20:33 - 01340008 ____T C:\Windows\SysWOW64\00015710.tmp
2016-10-23 20:33 - 2016-10-23 20:33 - 01340008 ____T C:\Windows\SysWOW64\00011187.tmp
2016-10-23 20:33 - 2016-10-23 20:33 - 01340008 ____T C:\Windows\SysWOW64\00007604.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00032725.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00032430.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00032219.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00032166.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00031938.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00031855.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00031533.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00031164.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00030214.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00029708.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00029514.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00029512.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00029167.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00028946.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00028769.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00028006.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00027887.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00027432.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00026971.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00026291.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00026013.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00025681.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00025360.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00025346.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00024831.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00024495.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00023905.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00023667.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00023595.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00023118.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00022847.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00022369.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00021371.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00020880.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00020748.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019837.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019531.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019304.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019264.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019020.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00018766.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00018643.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00018302.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00018017.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00017984.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00017372.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00017152.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00017059.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016974.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016660.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016576.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016073.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016020.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00015872.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00015496.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00014371.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00014211.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013999.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013853.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013588.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013062.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013050.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00012885.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00010784.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00010725.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00010703.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00010597.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00009500.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00009404.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00009360.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00008804.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00008721.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00008111.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00007693.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00007485.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00007329.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00007141.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00006110.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00006077.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00005935.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00005420.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00004461.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00003837.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00003035.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002804.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002383.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002075.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002039.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002022.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00001760.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00001522.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00000966.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00000836.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00000124.tmp
2016-10-22 13:41 - 2016-10-22 13:41 - 00077920 _____ C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-22 13:38 - 2016-10-22 13:38 - 00326336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00032485.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00032226.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00031743.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00030468.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00029871.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00029730.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00029037.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00028594.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00028108.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00027299.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00026810.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00025208.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00022685.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00022238.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00020149.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00020089.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00018987.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00017942.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00016441.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00016427.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00014891.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00011937.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00011886.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00010654.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00009476.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00008872.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00008687.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00007788.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00007174.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00007023.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00006390.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00006041.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00005976.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00005076.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00003169.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00001117.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00000487.tmp
2016-10-22 12:18 - 2016-10-22 12:18 - 01340008 ____T C:\Windows\SysWOW64\00030199.tmp
2016-10-22 12:17 - 2016-10-22 12:17 - 01340008 ____T C:\Windows\SysWOW64\00002291.tmp
2016-10-22 12:16 - 2016-10-22 12:16 - 01340008 ____T C:\Windows\SysWOW64\00006930.tmp
2016-10-22 12:15 - 2016-10-22 12:15 - 01340008 ____T C:\Windows\SysWOW64\00020679.tmp
2016-10-22 12:14 - 2016-10-22 12:14 - 01340008 ____T C:\Windows\SysWOW64\00017946.tmp
2016-10-22 12:13 - 2016-10-22 12:13 - 01340008 ____T C:\Windows\SysWOW64\00003181.tmp
2016-10-22 12:12 - 2016-10-22 12:12 - 01340008 ____T C:\Windows\SysWOW64\00022596.tmp
2016-10-22 12:11 - 2016-10-22 12:11 - 01340008 ____T C:\Windows\SysWOW64\00014879.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00032563.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00032122.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00028862.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00028634.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00027038.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00026583.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00025993.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00024744.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00024141.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00023827.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00022923.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00020994.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00020470.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00020182.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00019962.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00019711.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00018473.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00010238.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00008402.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00007862.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00007017.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00006780.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00000670.tmp
2016-10-21 22:47 - 2016-10-21 22:51 - 00000000 ___DC C:\FRST
2016-10-21 10:42 - 2016-10-21 10:42 - 01340008 ____T C:\Windows\SysWOW64\00032757.tmp
2016-10-21 10:42 - 2016-10-21 10:42 - 01340008 ____T C:\Windows\SysWOW64\00032662.tmp
2016-10-21 10:42 - 2016-10-21 10:42 - 01340008 ____T C:\Windows\SysWOW64\00032391.tmp
2016-10-21 10:42 - 2016-10-21 10:42 - 01340008 ____T C:\Windows\SysWOW64\00031322.tmp
2016-10-21 10:25 - 2016-10-21 10:25 - 01340008 ____T C:\Windows\SysWOW64\00032394.tmp
2016-10-21 10:25 - 2016-10-21 10:25 - 01340008 ____T C:\Windows\SysWOW64\00032138.tmp
2016-10-21 10:25 - 2016-10-21 10:25 - 01340008 ____T C:\Windows\SysWOW64\00031612.tmp
2016-10-21 10:25 - 2016-10-21 10:25 - 01340008 ____T C:\Windows\SysWOW64\00031400.tmp
2016-10-21 10:22 - 2016-10-21 10:22 - 01340008 ____T C:\Windows\SysWOW64\00031132.tmp
2016-10-21 10:05 - 2016-10-21 10:05 - 01340008 ____T C:\Windows\SysWOW64\00032386.tmp
2016-10-21 10:05 - 2016-10-21 10:05 - 01340008 ____T C:\Windows\SysWOW64\00031672.tmp
2016-10-21 10:05 - 2016-10-21 10:05 - 01340008 ____T C:\Windows\SysWOW64\00031631.tmp
2016-10-21 10:05 - 2016-10-21 10:05 - 01340008 ____T C:\Windows\SysWOW64\00031315.tmp
2016-10-21 10:04 - 2016-10-21 10:04 - 01340008 ____T C:\Windows\SysWOW64\00032279.tmp
2016-10-21 09:56 - 2016-10-21 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-21 09:52 - 2016-10-21 09:52 - 01340008 ____T C:\Windows\SysWOW64\00031550.tmp
2016-10-21 09:52 - 2016-10-21 09:52 - 01340008 ____T C:\Windows\SysWOW64\00031262.tmp
2016-10-21 09:51 - 2016-10-21 09:51 - 01340008 ____T C:\Windows\SysWOW64\00031603.tmp
2016-10-21 09:51 - 2016-10-21 09:51 - 01340008 ____T C:\Windows\SysWOW64\00031403.tmp
2016-10-21 09:51 - 2016-10-21 09:51 - 01340008 ____T C:\Windows\SysWOW64\00030954.tmp
2016-10-21 09:36 - 2016-10-21 09:36 - 00000000 ____D C:\Users\Dan\AppData\Local\ESET
2016-10-21 09:29 - 2016-10-21 09:29 - 00003040 _____ C:\Windows\System32\Tasks\{8D57AA34-09BE-42D0-BFCD-099226022C29}
2016-10-20 19:31 - 2016-10-22 13:36 - 00000000 ___DC C:\AdwCleaner
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00028586.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00017556.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00008447.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00003870.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00000419.tmp
2016-10-20 07:26 - 2016-10-20 07:26 - 01340008 ____T C:\Windows\SysWOW64\00032740.tmp
2016-10-20 07:26 - 2016-10-20 07:26 - 01340008 ____T C:\Windows\SysWOW64\00031223.tmp
2016-10-20 07:26 - 2016-10-20 07:26 - 01340008 ____T C:\Windows\SysWOW64\00030992.tmp
2016-10-19 13:32 - 2016-10-19 13:32 - 00000000 ____C C:\autoexec.bat
2016-10-19 13:30 - 2016-10-19 13:30 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-10-18 20:23 - 2016-10-18 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-18 19:58 - 2016-10-18 19:58 - 01340008 ____T C:\Windows\SysWOW64\00032637.tmp
2016-10-18 19:58 - 2016-10-18 19:58 - 01340008 ____T C:\Windows\SysWOW64\00031689.tmp
2016-10-18 19:57 - 2016-10-18 19:57 - 01340008 ____T C:\Windows\SysWOW64\00032648.tmp
2016-10-18 19:57 - 2016-10-18 19:57 - 01340008 ____T C:\Windows\SysWOW64\00032444.tmp
2016-10-18 19:57 - 2016-10-18 19:57 - 01340008 ____T C:\Windows\SysWOW64\00032374.tmp
2016-10-18 19:57 - 2016-10-18 19:57 - 01340008 ____T C:\Windows\SysWOW64\00031276.tmp
2016-10-18 19:56 - 2016-10-18 19:56 - 01340008 ____T C:\Windows\SysWOW64\00032661.tmp
2016-10-18 19:28 - 2016-10-18 19:28 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-10-18 15:16 - 2016-10-18 19:13 - 00000436 _____ C:\Windows\system32\.crusader
2016-10-18 13:53 - 2016-10-18 15:18 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-18 08:44 - 2016-10-18 08:44 - 01340008 ____T C:\Windows\SysWOW64\00030461.tmp
2016-10-07 09:23 - 2016-10-17 21:55 - 00000000 ____D C:\ProgramData\Roxio
2016-10-07 09:23 - 2016-10-07 09:23 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Roxio
2016-10-05 15:22 - 2016-08-24 13:08 - 00163002 _____ C:\Users\Dan\Documents\DansResume.pdf
2016-10-05 15:22 - 2016-04-01 17:27 - 00171730 _____ C:\Users\Dan\Documents\Brianna Young - External Resume.pdf
2016-10-05 15:04 - 2016-10-06 10:09 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-10-05 14:57 - 2016-10-06 10:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-10-05 10:10 - 2016-10-05 10:10 - 01340008 ____T C:\Windows\SysWOW64\00030898.tmp
2016-10-04 09:42 - 2016-05-14 11:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-04 09:42 - 2016-05-14 11:53 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-10-04 09:42 - 2016-05-14 11:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-04 09:42 - 2016-05-14 11:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-04 09:42 - 2016-05-14 11:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2016-10-04 09:42 - 2016-05-14 10:38 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-04 09:42 - 2016-05-14 10:38 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-04 09:42 - 2016-05-14 10:38 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-04 09:42 - 2016-05-11 09:10 - 00516328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-04 09:38 - 2016-06-10 10:45 - 02802176 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-04 09:35 - 2016-06-25 12:04 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-10-04 09:35 - 2016-06-25 12:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-04 09:35 - 2016-06-25 12:04 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-10-04 09:35 - 2016-06-25 12:03 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-10-04 09:35 - 2016-06-25 12:03 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-10-04 09:35 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2016-10-04 09:35 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-10-04 09:35 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-10-04 09:35 - 2016-06-25 11:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-10-04 09:35 - 2016-06-25 11:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-10-04 09:35 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-10-04 09:29 - 2016-05-12 10:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-04 09:29 - 2016-05-12 10:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-04 09:23 - 2016-05-10 11:55 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-10-04 09:23 - 2016-05-10 11:54 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-10-04 09:23 - 2016-05-10 11:54 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-10-04 09:23 - 2016-05-10 11:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-10-04 09:23 - 2016-05-10 11:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-10-04 09:23 - 2016-05-10 11:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-10-04 09:23 - 2016-05-10 10:55 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-10-04 09:23 - 2016-05-10 10:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-10-04 09:23 - 2016-05-10 10:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-10-04 09:07 - 2016-06-20 14:24 - 18804736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-04 09:07 - 2016-06-20 14:21 - 02351616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-04 09:07 - 2016-06-20 14:16 - 10940416 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-04 09:07 - 2016-06-20 14:15 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-04 09:07 - 2016-06-20 14:15 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-04 09:07 - 2016-06-20 14:14 - 02159104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-04 09:07 - 2016-06-20 14:14 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-04 09:07 - 2016-06-20 14:14 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-04 09:07 - 2016-06-20 14:13 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-04 09:07 - 2016-06-20 14:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-04 09:07 - 2016-06-20 14:13 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-10-04 09:07 - 2016-06-20 14:13 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-10-04 09:07 - 2016-06-20 13:50 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-04 09:07 - 2016-06-20 13:48 - 12842496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-04 09:07 - 2016-06-20 13:46 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-04 09:07 - 2016-06-20 13:45 - 09755136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-04 09:07 - 2016-06-20 13:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-04 09:07 - 2016-06-20 13:44 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-04 09:07 - 2016-06-20 13:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-04 09:07 - 2016-06-20 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-04 09:07 - 2016-06-20 13:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-10-04 09:07 - 2016-06-20 13:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-10-04 08:44 - 2016-10-22 14:18 - 00000000 ____D C:\Users\Dan\AppData\Roaming\fd89780c
2016-10-04 08:44 - 2016-10-22 14:18 - 00000000 ____D C:\Users\Dan\AppData\Local\6d7b7bee
2016-10-01 15:54 - 2016-10-06 10:14 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Octoshape
2016-10-01 15:53 - 2016-10-01 15:53 - 00000000 ____D C:\Users\Dan\AppData\LocalLow\DTV
2016-09-28 10:47 - 2016-09-28 10:47 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-09-28 10:39 - 2016-09-28 10:39 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 11:29 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-24 11:29 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-24 09:29 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-24 09:28 - 2008-08-12 16:22 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-10-24 09:28 - 2006-11-02 11:42 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-23 22:59 - 2011-02-25 09:49 - 00000000 ____D C:\Windows\Minidump
2016-10-23 20:41 - 2011-10-14 18:12 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2016-10-21 23:08 - 2014-12-29 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 14:56 - 2014-12-01 13:59 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6
2016-10-21 14:56 - 2006-11-02 11:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-21 09:16 - 2014-01-23 13:57 - 00000000 ____D C:\Users\Dan\AppData\Local\NPE
2016-10-21 08:57 - 2014-05-20 12:27 - 00000000 ____D C:\NPE
2016-10-20 12:32 - 2008-08-12 14:23 - 00000000 ____D C:\Windows\Panther
2016-10-20 12:32 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\inf
2016-10-20 09:21 - 2011-11-18 09:54 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-20 09:20 - 2008-08-12 17:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-20 08:40 - 2013-02-22 12:34 - 00000680 _____ C:\Users\Dan\AppData\Local\d3d9caps.dat
2016-10-20 07:55 - 2006-11-02 08:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-19 14:50 - 2009-06-28 19:57 - 00000000 ____D C:\Users\Dan
2016-10-06 10:17 - 2009-06-28 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-06 10:09 - 2009-07-20 18:49 - 00000000 ____D C:\ProgramData\Apple Computer
2016-10-06 09:56 - 2009-07-20 18:47 - 00000000 ____D C:\ProgramData\Apple
2016-10-04 13:35 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2016-10-01 15:54 - 2009-06-29 14:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Mozilla
2016-09-28 10:40 - 2011-08-04 07:55 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2016-09-28 10:39 - 2015-08-06 16:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-09-28 10:32 - 2011-08-04 07:56 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-09-28 10:32 - 2011-08-04 07:56 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-09-28 10:28 - 2013-08-15 12:55 - 00000000 ____D C:\Windows\system32\MRT
2016-09-28 10:27 - 2006-11-02 08:35 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-09-27 07:58 - 2011-08-04 07:55 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-09-26 08:59 - 2016-06-23 10:44 - 00000000 ____D C:\Windows\System32\Tasks\Remediation

==================== Files in the root of some directories =======

2010-06-18 12:45 - 2012-12-03 13:54 - 0000004 _____ () C:\Users\Dan\AppData\Roaming\2CD467
2010-06-18 12:45 - 2012-12-03 13:54 - 0870128 _____ () C:\Users\Dan\AppData\Roaming\mcs.rma
2011-10-15 00:25 - 2011-10-15 00:25 - 0042166 _____ () C:\Users\Dan\AppData\Roaming\UserTile.png
2010-01-07 09:22 - 2010-01-07 09:22 - 0000552 _____ () C:\Users\Dan\AppData\Local\d3d8caps.dat
2013-02-22 12:34 - 2016-10-20 08:40 - 0000680 _____ () C:\Users\Dan\AppData\Local\d3d9caps.dat
2010-06-19 15:19 - 2010-06-19 15:19 - 0003584 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-19 08:48 - 2011-07-25 08:25 - 0001940 _____ () C:\Users\Dan\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2011-01-14 15:38 - 2011-01-14 15:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-24 09:37

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Dan (24-10-2016 11:38:31)
Running from C:\Users\Dan\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-06-29 01:43:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2419179289-805309009-3091124471-500 - Administrator - Disabled)
Dan (S-1-5-21-2419179289-805309009-3091124471-1000 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-2419179289-805309009-3091124471-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
ArcSoft Magic-i Visual Effects (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version:  - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM-x32\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version:  - ArcSoft)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Canon iP6700D (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.00.06190 - Sony Corporation)
Click to Disc (x32 Version: 1.2.00.06190 - Sony Corporation) Hidden
Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.00 - Sony Corporation)
Click to Disc Editor (x32 Version: 1.2.00 - Sony Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Control Center (HKLM\...\{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}) (Version: 1.2.0702 - Dolby)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel® Corporation)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.8.0.50 - Symantec Corporation)
OpenMG Secure Module 5.1.00 (HKLM-x32\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (x32 Version: 5.1.00.05200 - Sony Corporation) Hidden
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.58 - Realtek Semiconductor Corp.)
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.1.00.07300 - Sony Corporation)
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.4.0.20080627.1647 - Sony Corporation)
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.2.02.06170 - Sony Corporation)
Sony Video Shared Library (HKLM-x32\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.4.00 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Unity Web Player (HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 1.00.0813 - Sony)
VAIO Content Folder Setting (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.17290 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}) (Version: 3.2.00.06115 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.2.00.06115 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM-x32\...\{FE697886-F392-4E0D-A0C0-47587BF60992}) (Version: 3.2.00.06062 - Sony Corporation)
VAIO Content Metadata Manager Setting (x32 Version: 3.2.00.06062 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{CB8A8696-93EC-414E-A752-850AB133F68A}) (Version: 3.2.00.06112 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.2.00.06112 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.1.00.07110 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.00.06200 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.2.00.06200 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.1.00.07280 - Sony Corporation)
VAIO Help and Support (HKLM-x32\...\{D47FE987-EA3D-424B-9886-B752501D7CE7}) (Version: 6.00.0806.64.FW - Sony Corporation)
VAIO Launcher (HKLM-x32\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.1.00.06130 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.1.00.05240 - Sony Corporation)
VAIO Media plus (x32 Version: 1.1.00.05240 - Sony Corporation) Hidden
VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.00.06240 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.3.00.06240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM-x32\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.1.00.06110 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM-x32\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (HKLM-x32\...\{E1D25278-B51A-4163-BC3D-20A4D2D09F98}) (Version: 1.00.0229 - Sony)
VAIO OOBE and Welcome Center (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 6.00.0813.64.US - Sony Corporation)
VAIO Original Function Setting (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.1.00.08060 - Sony Corporation)
VAIO Startup Assistant (HKLM-x32\...\{DFD0E9A9-F24A-492B-8975-8C938E32408F}) (Version: 3.00.0731 - Sony)
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.0722 - Sony Corporation)
VAIO Update 4 (HKLM-x32\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.0.0.07150 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.2.00.05200 - Sony Corporation)
VAIO Wireless Wizard (HKLM-x32\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.01.0722 - Sony)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WIDCOMM Bluetooth Software 6.2.0.4500 (HKLM\...\{E464702F-5433-46EC-8F65-159276C0A54F}) (Version: 6.2.0.4500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinDVD BD for VAIO (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.516 - InterVideo Inc.)
WinDVD BD for VAIO (x32 Version: 8.0-B9.516 - InterVideo Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{1704815D-0A03-44ff-8646-1AE1FE84E313}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE => No File
CustomCLSID: HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE => No File
CustomCLSID: HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A00484D-EA02-4D25-A275-E7C101F65638} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {25F7A0EC-FC6F-4A6A-85BF-23DBAEF30787} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {682497FC-AAB4-4AB4-84B3-F1192E07B229} - System32\Tasks\{FE85210D-9EE5-43F6-A6FE-D53B5CE7BFA3} => pcalua.exe -a "C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P9X7A28\LimeWireWin[1].exe" -d C:\Windows\system32
Task: {6F91F9D4-4554-400C-95E9-FF4ACFE87FEA} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2008-08-13] (Sony Electronics, Inc.)
Task: {887B5268-6401-43E3-9EFA-59C10DE0269C} - System32\Tasks\{B114021F-27ED-4052-A505-652FB4CFE06D} => pcalua.exe -a "C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2L2BPON\LimeWireWin[1].exe" -d C:\Windows\system32
Task: {898736F7-902F-4A30-A1CB-844EA73AC31D} - System32\Tasks\{42CFA487-6CBB-41A7-B8B2-7A8CF14A51BB} => pcalua.exe -a "C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EFRZMRS\LimeWireWin[1].exe" -d C:\Users\Dan
Task: {AE8768A4-DE29-4B4F-9C4B-FDF7723B19D8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {C9FE80CC-F091-4896-B2E2-F28A12118C07} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-07-15] (Sony Corporation)
Task: {CB745AE1-34E4-4B59-934C-BF3283F54090} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {D764E65B-E19C-4A37-A4B9-691B0033BEAE} - System32\Tasks\{8D57AA34-09BE-42D0-BFCD-099226022C29} => pcalua.exe -a C:\Users\Dan\Desktop\esetsmartinstaller_enu.exe -d C:\Users\Dan\Desktop
Task: {DA0E12BB-B35F-49F1-85C5-1E1FF7568AE4} - System32\Tasks\Test TimeTrigger => C:\Users\Dan\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {E034C307-5E28-4127-994D-679C6C2663D2} - System32\Tasks\{98DCD307-D15B-49D9-AD61-7610F3946829} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
Task: {E62882D1-EE3D-4CF1-9907-6C0AED2BA44E} - System32\Tasks\{D9898B15-55CD-4C51-9B36-A2C39B31F5FA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {EBF91592-ADE3-49C2-87B8-802F06855A39} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {F772A09B-AD25-4460-A36E-91411BFA2AFD} - System32\Tasks\Microsoft\Windows\RestartManager\{BC85F772-2624-4cb6-ABE2-D2499C1DB857} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dan\AppData\Local\6d7b7bee\2cf5ea02.lnk -> C:\Users\Dan\AppData\Local\6d7b7bee\0a947e17.bat ()

==================== Loaded Modules (Whitelisted) ==============

2008-07-21 16:01 - 2008-07-21 16:01 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-09-06 13:27 - 2007-09-06 13:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-04-30 22:45 - 2008-04-30 22:45 - 00335872 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-06-28 21:49 - 2008-06-02 15:37 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
2009-06-28 21:49 - 2008-06-23 15:22 - 00040960 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
2009-06-28 21:49 - 2008-06-23 15:22 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2008-08-12 17:18 - 2008-07-28 20:45 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2008-08-12 17:18 - 2008-07-28 20:45 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2009-06-28 21:49 - 2008-06-02 15:37 - 00118784 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
2009-06-28 21:49 - 2008-06-02 15:37 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
2009-06-28 21:49 - 2008-04-17 03:59 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
2009-06-28 21:49 - 2008-06-02 15:37 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
2009-06-28 21:49 - 2008-04-17 03:59 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
2009-06-28 21:49 - 2008-04-17 03:59 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
2009-06-28 21:49 - 2008-06-02 15:37 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00036864 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00040960 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2009-06-28 21:49 - 2008-04-17 04:00 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Classes\22e82358: "C:\Windows\system32\mshta.exe" "javascript:NpDpt2p="kw8xck";M6k5=new ActiveXObject("WScript.Shell");I00BQhCm="O";BHF8T=M6k5.RegRead("HKCU\\software\\qdlh\\kchzoymck");NF6Xdck="cHUnb";eval(BHF8T);myv0Lb3H="wEmnb5EQ";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{61A3247A-25F5-4F67-B6AF-E06FE3907FEF}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{F4869BB3-420C-4AC2-A2D6-56C5BE9594D3}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{23D1FD89-53CA-4C5F-A131-6CDBF7FBFC0E}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{38C0922B-5225-45E3-8A89-5CA8212426C5}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{F621D995-9163-4919-8FBE-E23B993B1306}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{540DB2E6-A604-4AAF-B81A-D98CAEA55532}] => (Allow) svchost.exe
FirewallRules: [{22FB7B2F-20AF-42DC-AF3C-99B4F9F61611}] => (Allow) LPort=80
FirewallRules: [{00BDDFF3-EBB8-4F1D-B2B1-92CCB285C921}] => (Allow) LPort=80
FirewallRules: [{C71ECCEB-4786-49F7-A46B-E8F2FDAF7A67}] => (Allow) LPort=80
FirewallRules: [{AEF51257-10F0-40F8-AEF1-09D670FE952D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{289BBA84-29C1-45D4-A53D-3C2111D6795D}] => (Allow) LPort=2869
FirewallRules: [{D3A65CF4-0023-4224-8BE8-ED00C3BE9E46}] => (Allow) LPort=1900
FirewallRules: [{9EA36011-9555-4567-AE0D-09726324CA1B}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{97159B3A-27DA-437F-8E72-C4002CDF1093}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{940E78B8-B103-4539-BB0F-61E4D752DFDC}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{E111E5BA-919B-44E1-90C9-3053C71E31D0}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{2518148D-AE3E-41F7-A9CB-76D7D789C4C7}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{248AF315-6D5F-4C78-B691-15315533097C}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{F357813B-73FC-467C-9018-DF99ED8F039C}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{09B42B83-2BDB-40C3-B6B0-1EEAA8D85726}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{8E32850A-7A0D-407B-B867-8DB361F97337}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{03103A1D-225D-4062-A4C4-ECE3C5227EAA}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{A6075080-2607-498F-B67D-E2ED689975BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A56DA782-3ED7-4527-9DCD-870764C43F07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A77B004C-6927-4D7F-B23C-AD1F75AF78C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDC5A0CE-F68D-49C4-A91B-E5B0F55E2D0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

22-10-2016 00:54:33 JRT Pre-Junkware Removal
22-10-2016 13:46:58 JRT Pre-Junkware Removal
23-10-2016 22:27:50 VAIO Care Automatic Restore Point
24-10-2016 10:30:28 VAIO Care Automatic Restore Point

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2016 09:54:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 49.0.2.6136, time stamp 0x5807b9c5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc000001d, fault offset 0x00490000,
process id 0x1b38, application start time 0x01d22dfe27f2ac20.

Error: (10/24/2016 09:48:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16800, time stamp 0x57682b3c, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc000001d, fault offset 0x02690000,
process id 0x1a80, application start time 0x01d22dfcece43910.

Error: (10/24/2016 09:45:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 49.0.2.6136, time stamp 0x5807b9c5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc000001d, fault offset 0x00ea0000,
process id 0xd6c, application start time 0x01d22dfcd3a4e7b0.

Error: (10/24/2016 09:29:52 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (10/24/2016 09:29:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2016 09:27:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 49.0.2.6136, time stamp 0x5807b9c5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc000001d, fault offset 0x00360000,
process id 0x16e8, application start time 0x01d22dfa6706bfaa.

Error: (10/24/2016 09:25:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 49.0.2.6136, time stamp 0x5807b9c5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc000001d, fault offset 0x00490000,
process id 0x228, application start time 0x01d22dfa160d591a.

Error: (10/24/2016 09:15:55 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (10/24/2016 09:15:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2016 07:52:32 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

System errors:
=============
Error: (10/24/2016 11:34:28 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:33:06 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:32:56 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:32:50 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:32:21 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:28:31 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:28:01 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:27:42 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:27:41 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:27:33 AM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
  Date: 2016-10-24 11:38:25.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:38:24.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:38:23.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:38:23.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:37:29.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:37:28.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:37:27.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:37:26.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:37:26.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 11:37:25.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3934.11 MB
Available physical RAM: 1225.04 MB
Total Virtual: 8067.49 MB
Available Virtual: 4726.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.77 GB) (Free:119.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 3B24829C)
Partition 1: (Not Active) - (Size=10.1 GB) - (Type=27)
Partition 2: (Active) - (Size=222.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 24 October 2016 - 12:15 PM

Thank you for the logs :)

We'll run a first fix with FRST followed by a scan with Malwarebytes. The fix I made should take care of Kovter.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
After running the FRST fix, Malwarebytes and restarting, do you still get prompts about Kovter?

Your next reply(ies) should therefore contain:
  • Copy/pasted content of FRST's fixlog.txt;
  • Copy/pasted Malwarebytes clean log;
  • Answer to my question about Kovter's alerts;

Attached Files


Edited by Aura, 24 October 2016 - 12:19 PM.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:35 PM

Posted 24 October 2016 - 12:16 PM

Moved to Malware Removal logs forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Dr0use

Dr0use
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 24 October 2016 - 06:04 PM

Here are the logs from the scans:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Dan (24-10-2016 13:59:50) Run:3
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\Run: [**lmovq<*>] => "C:\Users\Dan\AppData\Local\6d7b7bee\2cf5ea02.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8ec656ef.lnk [2016-10-22]
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a2435b16.lnk [2016-10-24]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.com/vaiopeople_f08
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.com/vaiopeople_f08
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2419179289-805309009-3091124471-1000 -> DefaultScope {31C4BF0B-3A75-47B1-963B-561D0041688E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2419179289-805309009-3091124471-1000 -> {31C4BF0B-3A75-47B1-963B-561D0041688E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-2419179289-805309009-3091124471-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File]

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>

S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160816.018\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160816.018\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

CustomCLSID: HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{1704815D-0A03-44ff-8646-1AE1FE84E313}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE => No File
CustomCLSID: HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE => No File
CustomCLSID: HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE => No File

Task: {682497FC-AAB4-4AB4-84B3-F1192E07B229} - System32\Tasks\{FE85210D-9EE5-43F6-A6FE-D53B5CE7BFA3} => pcalua.exe -a "C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P9X7A28\LimeWireWin[1].exe" -d C:\Windows\system32
Task: {887B5268-6401-43E3-9EFA-59C10DE0269C} - System32\Tasks\{B114021F-27ED-4052-A505-652FB4CFE06D} => pcalua.exe -a "C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2L2BPON\LimeWireWin[1].exe" -d C:\Windows\system32
Task: {898736F7-902F-4A30-A1CB-844EA73AC31D} - System32\Tasks\{42CFA487-6CBB-41A7-B8B2-7A8CF14A51BB} => pcalua.exe -a "C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EFRZMRS\LimeWireWin[1].exe" -d C:\Users\Dan
Task: {D764E65B-E19C-4A37-A4B9-691B0033BEAE} - System32\Tasks\{8D57AA34-09BE-42D0-BFCD-099226022C29} => pcalua.exe -a C:\Users\Dan\Desktop\esetsmartinstaller_enu.exe -d C:\Users\Dan\Desktop
Task: {DA0E12BB-B35F-49F1-85C5-1E1FF7568AE4} - System32\Tasks\Test TimeTrigger => C:\Users\Dan\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {E034C307-5E28-4127-994D-679C6C2663D2} - System32\Tasks\{98DCD307-D15B-49D9-AD61-7610F3946829} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain

C:\Users\Dan\AppData\Local\6d7b7bee
C:\Users\Dan\AppData\Roaming\fd89780c
C:\Users\Dan\AppData\Roaming\2CD467
C:\Users\Dan\AppData\Roaming\mcs.rma
C:\Users\Dan\AppData\Roaming\UserTile.png
C:\Users\Dan\AppData\Local\d3d8caps.dat
C:\Users\Dan\AppData\Local\d3d9caps.dat

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Classes\22e82358: "C:\Windows\system32\mshta.exe" "javascript:NpDpt2p="kw8xck";M6k5=new ActiveXObject("WScript.Shell");I00BQhCm="O";BHF8T=M6k5.RegRead("HKCU\\software\\qdlh\\kchzoymck");NF6Xdck="cHUnb";eval(BHF8T);myv0Lb3H="wEmnb5EQ";" <===== ATTENTION

2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00032207.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00031567.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00031544.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00030707.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00030679.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00029963.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00027626.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00027359.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00027320.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00026861.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00025516.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00024944.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00024600.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00023421.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00023140.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00022997.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00020245.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00019209.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00018521.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00018412.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00018323.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00018110.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00017577.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00017156.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00016436.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00015478.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00015321.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00014231.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00014152.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00013634.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00012590.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00012496.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00012448.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00011028.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00011027.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00009800.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00008651.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00007856.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00007845.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00007313.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00004239.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00001883.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00001532.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00001446.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00000939.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00000656.tmp
2016-10-24 09:00 - 2016-10-24 09:00 - 01340008 ____T C:\Windows\SysWOW64\00000368.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00031250.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00026728.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00023280.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00017885.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00014357.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00010903.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00010445.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00008865.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00005577.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00003958.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00002871.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00002037.tmp
2016-10-24 08:59 - 2016-10-24 08:59 - 01340008 ____T C:\Windows\SysWOW64\00001875.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00031225.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00031177.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00030972.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00030284.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00029753.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00029584.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00029560.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028937.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028865.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028656.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028426.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00028121.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00027966.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00027952.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00027691.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00027294.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026666.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026613.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026355.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026180.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026148.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026131.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00026092.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00025316.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00025087.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00024353.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00023794.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00023331.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00022812.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00022580.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00022353.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00022002.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00021907.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00021723.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00020414.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00019695.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00019571.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00019321.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00019175.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00018487.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00018377.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00017901.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00017623.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00017192.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00016856.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00015115.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00014625.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00014281.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00013717.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00013514.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00013122.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00012964.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00012738.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00012512.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00011272.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00011019.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00010004.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00009948.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00008311.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00008225.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00007326.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00006438.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00006075.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00005205.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004865.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004808.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004779.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004598.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004547.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00004089.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00003719.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00002760.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00001979.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00001808.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00000531.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00000327.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00000315.tmp
2016-10-24 08:13 - 2016-10-24 08:13 - 01340008 ____T C:\Windows\SysWOW64\00000077.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00031690.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00031619.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00030234.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00028492.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00027032.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00026145.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00025030.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00022076.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00020518.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00017180.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00016699.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00012155.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00011401.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00008658.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00004527.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00004469.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00004078.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00001914.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00001712.tmp
2016-10-24 08:12 - 2016-10-24 08:12 - 01340008 ____T C:\Windows\SysWOW64\00000719.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00032076.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00031485.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030681.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030454.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030423.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030421.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00030159.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00028861.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00028830.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00028553.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00028095.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00027271.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00027253.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00025499.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00025222.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00023749.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00022733.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00022086.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00021462.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00020769.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00019561.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00018775.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00018409.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00017295.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00014815.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00014358.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00013592.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00012981.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00012980.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00012869.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010823.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010790.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010689.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010427.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00010131.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00009882.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00009077.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00008829.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00008663.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00008546.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00008391.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00007473.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00005861.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00004608.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00002379.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00001627.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00001363.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00000987.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00000445.tmp
2016-10-24 07:47 - 2016-10-24 07:47 - 01340008 ____T C:\Windows\SysWOW64\00000394.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00032579.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00032185.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00032061.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00031336.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00031153.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00030608.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00030162.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00028313.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00028163.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00027620.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00027000.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00026725.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00026635.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00025898.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00025554.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00025484.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00024329.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00023112.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00022528.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00021448.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00021360.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00020665.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00019626.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00019340.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00018865.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00018107.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00018005.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00017802.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00017646.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00016363.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00014275.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00012253.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00011049.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00010250.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00009271.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00008671.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00008149.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00007268.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00006439.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00005695.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00005441.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00004399.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00004388.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00004358.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00002988.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00002209.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00002030.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00001432.tmp
2016-10-23 22:49 - 2016-10-23 22:49 - 01340008 ____T C:\Windows\SysWOW64\00001032.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00030621.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00028491.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00027784.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00025724.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00022966.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00020246.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00018030.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00017791.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00015353.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00013258.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00012727.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00011097.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00011056.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00010959.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00008210.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00007103.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00005200.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00002787.tmp
2016-10-23 22:48 - 2016-10-23 22:48 - 01340008 ____T C:\Windows\SysWOW64\00000434.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00031878.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00031170.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00029261.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00028343.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00027035.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00026852.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00025384.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00022781.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00022375.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00022243.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00016533.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00016132.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00013795.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00007314.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00005419.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00003219.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00003128.tmp
2016-10-23 22:47 - 2016-10-23 22:47 - 01340008 ____T C:\Windows\SysWOW64\00002541.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00029664.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00016686.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00015876.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00015203.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00012312.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00012228.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00012181.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00012013.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00011298.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00009832.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00006393.tmp
2016-10-23 22:36 - 2016-10-23 22:36 - 01340008 ____T C:\Windows\SysWOW64\00005128.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00031311.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00030141.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00030013.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00029976.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00029465.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00027687.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00026888.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00026420.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00025820.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00024417.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00023145.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00022041.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00019586.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00019471.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00018351.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00017398.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00015127.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00015123.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00012310.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00012204.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00011306.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00010782.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00010567.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00010154.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00009598.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00008281.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00007678.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00006108.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00002931.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00002754.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00001919.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00001407.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00000638.tmp
2016-10-23 22:35 - 2016-10-23 22:35 - 01340008 ____T C:\Windows\SysWOW64\00000064.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032758.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032580.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032578.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032385.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00032305.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00029771.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00029028.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00028989.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00028476.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00026828.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00024547.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00024020.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00022927.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00022053.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00020967.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00020450.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00020444.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00020394.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00017302.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00016016.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00015129.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00014512.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00013175.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00012838.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00011502.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00011330.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00011000.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00010586.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00009505.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00007937.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00007671.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00007586.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00006852.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00006624.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00005575.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00004915.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00004384.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00001700.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00001361.tmp
2016-10-23 22:34 - 2016-10-23 22:34 - 01340008 ____T C:\Windows\SysWOW64\00000408.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00030654.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00019618.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00015023.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00013712.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00013676.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00013165.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00012256.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00012066.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00005807.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00001196.tmp
2016-10-23 22:33 - 2016-10-23 22:33 - 01340008 ____T C:\Windows\SysWOW64\00001158.tmp
2016-10-23 22:13 - 2016-10-23 22:13 - 01340008 ____T C:\Windows\SysWOW64\00026585.tmp
2016-10-23 20:33 - 2016-10-23 20:33 - 01340008 ____T C:\Windows\SysWOW64\00023726.tmp
2016-10-23 20:33 - 2016-10-23 20:33 - 01340008 ____T C:\Windows\SysWOW64\00015710.tmp
2016-10-23 20:33 - 2016-10-23 20:33 - 01340008 ____T C:\Windows\SysWOW64\00011187.tmp
2016-10-23 20:33 - 2016-10-23 20:33 - 01340008 ____T C:\Windows\SysWOW64\00007604.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00032725.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00032430.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00032219.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00032166.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00031938.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00031855.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00031533.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00031164.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00030214.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00029708.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00029514.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00029512.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00029167.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00028946.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00028769.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00028006.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00027887.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00027432.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00026971.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00026291.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00026013.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00025681.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00025360.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00025346.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00024831.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00024495.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00023905.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00023667.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00023595.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00023118.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00022847.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00022369.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00021371.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00020880.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00020748.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019837.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019531.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019304.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019264.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00019020.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00018766.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00018643.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00018302.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00018017.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00017984.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00017372.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00017152.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00017059.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016974.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016660.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016576.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016073.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00016020.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00015872.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00015496.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00014371.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00014211.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013999.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013853.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013588.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013062.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00013050.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00012885.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00010784.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00010725.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00010703.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00010597.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00009500.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00009404.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00009360.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00008804.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00008721.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00008111.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00007693.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00007485.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00007329.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00007141.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00006110.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00006077.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00005935.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00005420.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00004461.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00003837.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00003035.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002804.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002383.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002075.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002039.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00002022.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00001760.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00001522.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00000966.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00000836.tmp
2016-10-23 20:32 - 2016-10-23 20:32 - 01340008 ____T C:\Windows\SysWOW64\00000124.tmp
2016-10-22 13:38 - 2016-10-22 13:38 - 00326336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00032485.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00032226.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00031743.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00030468.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00029871.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00029730.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00029037.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00028594.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00028108.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00027299.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00026810.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00025208.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00022685.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00022238.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00020149.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00020089.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00018987.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00017942.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00016441.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00016427.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00014891.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00011937.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00011886.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00010654.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00009476.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00008872.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00008687.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00007788.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00007174.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00007023.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00006390.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00006041.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00005976.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00005076.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00003169.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00001117.tmp
2016-10-22 12:19 - 2016-10-22 12:19 - 01340008 ____T C:\Windows\SysWOW64\00000487.tmp
2016-10-22 12:18 - 2016-10-22 12:18 - 01340008 ____T C:\Windows\SysWOW64\00030199.tmp
2016-10-22 12:17 - 2016-10-22 12:17 - 01340008 ____T C:\Windows\SysWOW64\00002291.tmp
2016-10-22 12:16 - 2016-10-22 12:16 - 01340008 ____T C:\Windows\SysWOW64\00006930.tmp
2016-10-22 12:15 - 2016-10-22 12:15 - 01340008 ____T C:\Windows\SysWOW64\00020679.tmp
2016-10-22 12:14 - 2016-10-22 12:14 - 01340008 ____T C:\Windows\SysWOW64\00017946.tmp
2016-10-22 12:13 - 2016-10-22 12:13 - 01340008 ____T C:\Windows\SysWOW64\00003181.tmp
2016-10-22 12:12 - 2016-10-22 12:12 - 01340008 ____T C:\Windows\SysWOW64\00022596.tmp
2016-10-22 12:11 - 2016-10-22 12:11 - 01340008 ____T C:\Windows\SysWOW64\00014879.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00032563.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00032122.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00028862.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00028634.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00027038.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00026583.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00025993.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00024744.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00024141.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00023827.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00022923.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00020994.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00020470.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00020182.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00019962.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00019711.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00018473.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00010238.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00008402.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00007862.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00007017.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00006780.tmp
2016-10-22 02:37 - 2016-10-22 02:37 - 01340008 ____T C:\Windows\SysWOW64\00000670.tmp
2016-10-21 10:42 - 2016-10-21 10:42 - 01340008 ____T C:\Windows\SysWOW64\00032757.tmp
2016-10-21 10:42 - 2016-10-21 10:42 - 01340008 ____T C:\Windows\SysWOW64\00032662.tmp
2016-10-21 10:42 - 2016-10-21 10:42 - 01340008 ____T C:\Windows\SysWOW64\00032391.tmp
2016-10-21 10:42 - 2016-10-21 10:42 - 01340008 ____T C:\Windows\SysWOW64\00031322.tmp
2016-10-21 10:25 - 2016-10-21 10:25 - 01340008 ____T C:\Windows\SysWOW64\00032394.tmp
2016-10-21 10:25 - 2016-10-21 10:25 - 01340008 ____T C:\Windows\SysWOW64\00032138.tmp
2016-10-21 10:25 - 2016-10-21 10:25 - 01340008 ____T C:\Windows\SysWOW64\00031612.tmp
2016-10-21 10:25 - 2016-10-21 10:25 - 01340008 ____T C:\Windows\SysWOW64\00031400.tmp
2016-10-21 10:22 - 2016-10-21 10:22 - 01340008 ____T C:\Windows\SysWOW64\00031132.tmp
2016-10-21 10:05 - 2016-10-21 10:05 - 01340008 ____T C:\Windows\SysWOW64\00032386.tmp
2016-10-21 10:05 - 2016-10-21 10:05 - 01340008 ____T C:\Windows\SysWOW64\00031672.tmp
2016-10-21 10:05 - 2016-10-21 10:05 - 01340008 ____T C:\Windows\SysWOW64\00031631.tmp
2016-10-21 10:05 - 2016-10-21 10:05 - 01340008 ____T C:\Windows\SysWOW64\00031315.tmp
2016-10-21 10:04 - 2016-10-21 10:04 - 01340008 ____T C:\Windows\SysWOW64\00032279.tmp
2016-10-21 09:52 - 2016-10-21 09:52 - 01340008 ____T C:\Windows\SysWOW64\00031550.tmp
2016-10-21 09:52 - 2016-10-21 09:52 - 01340008 ____T C:\Windows\SysWOW64\00031262.tmp
2016-10-21 09:51 - 2016-10-21 09:51 - 01340008 ____T C:\Windows\SysWOW64\00031603.tmp
2016-10-21 09:51 - 2016-10-21 09:51 - 01340008 ____T C:\Windows\SysWOW64\00031403.tmp
2016-10-21 09:51 - 2016-10-21 09:51 - 01340008 ____T C:\Windows\SysWOW64\00030954.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00028586.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00017556.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00008447.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00003870.tmp
2016-10-20 07:27 - 2016-10-20 07:27 - 01340008 ____T C:\Windows\SysWOW64\00000419.tmp
2016-10-20 07:26 - 2016-10-20 07:26 - 01340008 ____T C:\Windows\SysWOW64\00032740.tmp
2016-10-20 07:26 - 2016-10-20 07:26 - 01340008 ____T C:\Windows\SysWOW64\00031223.tmp
2016-10-20 07:26 - 2016-10-20 07:26 - 01340008 ____T C:\Windows\SysWOW64\00030992.tmp
2016-10-18 19:58 - 2016-10-18 19:58 - 01340008 ____T C:\Windows\SysWOW64\00032637.tmp
2016-10-18 19:58 - 2016-10-18 19:58 - 01340008 ____T C:\Windows\SysWOW64\00031689.tmp
2016-10-18 19:57 - 2016-10-18 19:57 - 01340008 ____T C:\Windows\SysWOW64\00032648.tmp
2016-10-18 19:57 - 2016-10-18 19:57 - 01340008 ____T C:\Windows\SysWOW64\00032444.tmp
2016-10-18 19:57 - 2016-10-18 19:57 - 01340008 ____T C:\Windows\SysWOW64\00032374.tmp
2016-10-18 19:57 - 2016-10-18 19:57 - 01340008 ____T C:\Windows\SysWOW64\00031276.tmp
2016-10-18 19:56 - 2016-10-18 19:56 - 01340008 ____T C:\Windows\SysWOW64\00032661.tmp
2016-10-05 10:10 - 2016-10-05 10:10 - 01340008 ____T C:\Windows\SysWOW64\00030898.tmp

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**lmovq<*> => value not found.
C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8ec656ef.lnk => not found.
C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a2435b16.lnk => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31C4BF0B-3A75-47B1-963B-561D0041688E} => key not found.
HKCR\CLSID\{31C4BF0B-3A75-47B1-963B-561D0041688E} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKCR\PROTOCOLS\Handler\livecall => key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKCR\PROTOCOLS\Handler\msnim => key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0 => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2 => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => key not found.
AntiLog32 => service not found.
IpInIp => service not found.
MBAMSwissArmy => service not found.
NAVENG => service not found.
NAVEX15 => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{1704815D-0A03-44ff-8646-1AE1FE84E313} => key not found.
HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16} => key not found.
HKU\S-1-5-21-2419179289-805309009-3091124471-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{682497FC-AAB4-4AB4-84B3-F1192E07B229} => key not found.
C:\Windows\System32\Tasks\{FE85210D-9EE5-43F6-A6FE-D53B5CE7BFA3} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE85210D-9EE5-43F6-A6FE-D53B5CE7BFA3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{887B5268-6401-43E3-9EFA-59C10DE0269C} => key not found.
C:\Windows\System32\Tasks\{B114021F-27ED-4052-A505-652FB4CFE06D} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B114021F-27ED-4052-A505-652FB4CFE06D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{898736F7-902F-4A30-A1CB-844EA73AC31D} => key not found.
C:\Windows\System32\Tasks\{42CFA487-6CBB-41A7-B8B2-7A8CF14A51BB} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{42CFA487-6CBB-41A7-B8B2-7A8CF14A51BB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D764E65B-E19C-4A37-A4B9-691B0033BEAE} => key not found.
C:\Windows\System32\Tasks\{8D57AA34-09BE-42D0-BFCD-099226022C29} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8D57AA34-09BE-42D0-BFCD-099226022C29} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA0E12BB-B35F-49F1-85C5-1E1FF7568AE4} => key not found.
C:\Windows\System32\Tasks\Test TimeTrigger => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E034C307-5E28-4127-994D-679C6C2663D2} => key not found.
C:\Windows\System32\Tasks\{98DCD307-D15B-49D9-AD61-7610F3946829} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{98DCD307-D15B-49D9-AD61-7610F3946829} => key not found.
"C:\Users\Dan\AppData\Local\6d7b7bee" => not found.
"C:\Users\Dan\AppData\Roaming\fd89780c" => not found.
"C:\Users\Dan\AppData\Roaming\2CD467" => not found.
"C:\Users\Dan\AppData\Roaming\mcs.rma" => not found.
"C:\Users\Dan\AppData\Roaming\UserTile.png" => not found.
"C:\Users\Dan\AppData\Local\d3d8caps.dat" => not found.
"C:\Users\Dan\AppData\Local\d3d9caps.dat" => not found.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Software\Classes\22e82358 => key not found.
"C:\Windows\SysWOW64\00032207.tmp" => not found.
"C:\Windows\SysWOW64\00031567.tmp" => not found.
"C:\Windows\SysWOW64\00031544.tmp" => not found.
"C:\Windows\SysWOW64\00030707.tmp" => not found.
"C:\Windows\SysWOW64\00030679.tmp" => not found.
"C:\Windows\SysWOW64\00029963.tmp" => not found.
"C:\Windows\SysWOW64\00027626.tmp" => not found.
"C:\Windows\SysWOW64\00027359.tmp" => not found.
"C:\Windows\SysWOW64\00027320.tmp" => not found.
"C:\Windows\SysWOW64\00026861.tmp" => not found.
"C:\Windows\SysWOW64\00025516.tmp" => not found.
"C:\Windows\SysWOW64\00024944.tmp" => not found.
"C:\Windows\SysWOW64\00024600.tmp" => not found.
"C:\Windows\SysWOW64\00023421.tmp" => not found.
"C:\Windows\SysWOW64\00023140.tmp" => not found.
"C:\Windows\SysWOW64\00022997.tmp" => not found.
"C:\Windows\SysWOW64\00020245.tmp" => not found.
"C:\Windows\SysWOW64\00019209.tmp" => not found.
"C:\Windows\SysWOW64\00018521.tmp" => not found.
"C:\Windows\SysWOW64\00018412.tmp" => not found.
"C:\Windows\SysWOW64\00018323.tmp" => not found.
"C:\Windows\SysWOW64\00018110.tmp" => not found.
"C:\Windows\SysWOW64\00017577.tmp" => not found.
"C:\Windows\SysWOW64\00017156.tmp" => not found.
"C:\Windows\SysWOW64\00016436.tmp" => not found.
"C:\Windows\SysWOW64\00015478.tmp" => not found.
"C:\Windows\SysWOW64\00015321.tmp" => not found.
"C:\Windows\SysWOW64\00014231.tmp" => not found.
"C:\Windows\SysWOW64\00014152.tmp" => not found.
"C:\Windows\SysWOW64\00013634.tmp" => not found.
"C:\Windows\SysWOW64\00012590.tmp" => not found.
"C:\Windows\SysWOW64\00012496.tmp" => not found.
"C:\Windows\SysWOW64\00012448.tmp" => not found.
"C:\Windows\SysWOW64\00011028.tmp" => not found.
"C:\Windows\SysWOW64\00011027.tmp" => not found.
"C:\Windows\SysWOW64\00009800.tmp" => not found.
"C:\Windows\SysWOW64\00008651.tmp" => not found.
"C:\Windows\SysWOW64\00007856.tmp" => not found.
"C:\Windows\SysWOW64\00007845.tmp" => not found.
"C:\Windows\SysWOW64\00007313.tmp" => not found.
"C:\Windows\SysWOW64\00004239.tmp" => not found.
"C:\Windows\SysWOW64\00001883.tmp" => not found.
"C:\Windows\SysWOW64\00001532.tmp" => not found.
"C:\Windows\SysWOW64\00001446.tmp" => not found.
"C:\Windows\SysWOW64\00000939.tmp" => not found.
"C:\Windows\SysWOW64\00000656.tmp" => not found.
"C:\Windows\SysWOW64\00000368.tmp" => not found.
"C:\Windows\SysWOW64\00031250.tmp" => not found.
"C:\Windows\SysWOW64\00026728.tmp" => not found.
"C:\Windows\SysWOW64\00023280.tmp" => not found.
"C:\Windows\SysWOW64\00017885.tmp" => not found.
"C:\Windows\SysWOW64\00014357.tmp" => not found.
"C:\Windows\SysWOW64\00010903.tmp" => not found.
"C:\Windows\SysWOW64\00010445.tmp" => not found.
"C:\Windows\SysWOW64\00008865.tmp" => not found.
"C:\Windows\SysWOW64\00005577.tmp" => not found.
"C:\Windows\SysWOW64\00003958.tmp" => not found.
"C:\Windows\SysWOW64\00002871.tmp" => not found.
"C:\Windows\SysWOW64\00002037.tmp" => not found.
"C:\Windows\SysWOW64\00001875.tmp" => not found.
"C:\Windows\SysWOW64\00031225.tmp" => not found.
"C:\Windows\SysWOW64\00031177.tmp" => not found.
"C:\Windows\SysWOW64\00030972.tmp" => not found.
"C:\Windows\SysWOW64\00030284.tmp" => not found.
"C:\Windows\SysWOW64\00029753.tmp" => not found.
"C:\Windows\SysWOW64\00029584.tmp" => not found.
"C:\Windows\SysWOW64\00029560.tmp" => not found.
"C:\Windows\SysWOW64\00028937.tmp" => not found.
"C:\Windows\SysWOW64\00028865.tmp" => not found.
"C:\Windows\SysWOW64\00028656.tmp" => not found.
"C:\Windows\SysWOW64\00028426.tmp" => not found.
"C:\Windows\SysWOW64\00028121.tmp" => not found.
"C:\Windows\SysWOW64\00027966.tmp" => not found.
"C:\Windows\SysWOW64\00027952.tmp" => not found.
"C:\Windows\SysWOW64\00027691.tmp" => not found.
"C:\Windows\SysWOW64\00027294.tmp" => not found.
"C:\Windows\SysWOW64\00026666.tmp" => not found.
"C:\Windows\SysWOW64\00026613.tmp" => not found.
"C:\Windows\SysWOW64\00026355.tmp" => not found.
"C:\Windows\SysWOW64\00026180.tmp" => not found.
"C:\Windows\SysWOW64\00026148.tmp" => not found.
"C:\Windows\SysWOW64\00026131.tmp" => not found.
"C:\Windows\SysWOW64\00026092.tmp" => not found.
"C:\Windows\SysWOW64\00025316.tmp" => not found.
"C:\Windows\SysWOW64\00025087.tmp" => not found.
"C:\Windows\SysWOW64\00024353.tmp" => not found.
"C:\Windows\SysWOW64\00023794.tmp" => not found.
"C:\Windows\SysWOW64\00023331.tmp" => not found.
"C:\Windows\SysWOW64\00022812.tmp" => not found.
"C:\Windows\SysWOW64\00022580.tmp" => not found.
"C:\Windows\SysWOW64\00022353.tmp" => not found.
"C:\Windows\SysWOW64\00022002.tmp" => not found.
"C:\Windows\SysWOW64\00021907.tmp" => not found.
"C:\Windows\SysWOW64\00021723.tmp" => not found.
"C:\Windows\SysWOW64\00020414.tmp" => not found.
"C:\Windows\SysWOW64\00019695.tmp" => not found.
"C:\Windows\SysWOW64\00019571.tmp" => not found.
"C:\Windows\SysWOW64\00019321.tmp" => not found.
"C:\Windows\SysWOW64\00019175.tmp" => not found.
"C:\Windows\SysWOW64\00018487.tmp" => not found.
"C:\Windows\SysWOW64\00018377.tmp" => not found.
"C:\Windows\SysWOW64\00017901.tmp" => not found.
"C:\Windows\SysWOW64\00017623.tmp" => not found.
"C:\Windows\SysWOW64\00017192.tmp" => not found.
"C:\Windows\SysWOW64\00016856.tmp" => not found.
"C:\Windows\SysWOW64\00015115.tmp" => not found.
"C:\Windows\SysWOW64\00014625.tmp" => not found.
"C:\Windows\SysWOW64\00014281.tmp" => not found.
"C:\Windows\SysWOW64\00013717.tmp" => not found.
"C:\Windows\SysWOW64\00013514.tmp" => not found.
"C:\Windows\SysWOW64\00013122.tmp" => not found.
"C:\Windows\SysWOW64\00012964.tmp" => not found.
"C:\Windows\SysWOW64\00012738.tmp" => not found.
"C:\Windows\SysWOW64\00012512.tmp" => not found.
"C:\Windows\SysWOW64\00011272.tmp" => not found.
"C:\Windows\SysWOW64\00011019.tmp" => not found.
"C:\Windows\SysWOW64\00010004.tmp" => not found.
"C:\Windows\SysWOW64\00009948.tmp" => not found.
"C:\Windows\SysWOW64\00008311.tmp" => not found.
"C:\Windows\SysWOW64\00008225.tmp" => not found.
"C:\Windows\SysWOW64\00007326.tmp" => not found.
"C:\Windows\SysWOW64\00006438.tmp" => not found.
"C:\Windows\SysWOW64\00006075.tmp" => not found.
"C:\Windows\SysWOW64\00005205.tmp" => not found.
"C:\Windows\SysWOW64\00004865.tmp" => not found.
"C:\Windows\SysWOW64\00004808.tmp" => not found.
"C:\Windows\SysWOW64\00004779.tmp" => not found.
"C:\Windows\SysWOW64\00004598.tmp" => not found.
"C:\Windows\SysWOW64\00004547.tmp" => not found.
"C:\Windows\SysWOW64\00004089.tmp" => not found.
"C:\Windows\SysWOW64\00003719.tmp" => not found.
"C:\Windows\SysWOW64\00002760.tmp" => not found.
"C:\Windows\SysWOW64\00001979.tmp" => not found.
"C:\Windows\SysWOW64\00001808.tmp" => not found.
"C:\Windows\SysWOW64\00000531.tmp" => not found.
"C:\Windows\SysWOW64\00000327.tmp" => not found.
"C:\Windows\SysWOW64\00000315.tmp" => not found.
"C:\Windows\SysWOW64\00000077.tmp" => not found.
"C:\Windows\SysWOW64\00031690.tmp" => not found.
"C:\Windows\SysWOW64\00031619.tmp" => not found.
"C:\Windows\SysWOW64\00030234.tmp" => not found.
"C:\Windows\SysWOW64\00028492.tmp" => not found.
"C:\Windows\SysWOW64\00027032.tmp" => not found.
"C:\Windows\SysWOW64\00026145.tmp" => not found.
"C:\Windows\SysWOW64\00025030.tmp" => not found.
"C:\Windows\SysWOW64\00022076.tmp" => not found.
"C:\Windows\SysWOW64\00020518.tmp" => not found.
"C:\Windows\SysWOW64\00017180.tmp" => not found.
"C:\Windows\SysWOW64\00016699.tmp" => not found.
"C:\Windows\SysWOW64\00012155.tmp" => not found.
"C:\Windows\SysWOW64\00011401.tmp" => not found.
"C:\Windows\SysWOW64\00008658.tmp" => not found.
"C:\Windows\SysWOW64\00004527.tmp" => not found.
"C:\Windows\SysWOW64\00004469.tmp" => not found.
"C:\Windows\SysWOW64\00004078.tmp" => not found.
"C:\Windows\SysWOW64\00001914.tmp" => not found.
"C:\Windows\SysWOW64\00001712.tmp" => not found.
"C:\Windows\SysWOW64\00000719.tmp" => not found.
"C:\Windows\SysWOW64\00032076.tmp" => not found.
"C:\Windows\SysWOW64\00031485.tmp" => not found.
"C:\Windows\SysWOW64\00030681.tmp" => not found.
"C:\Windows\SysWOW64\00030454.tmp" => not found.
"C:\Windows\SysWOW64\00030423.tmp" => not found.
"C:\Windows\SysWOW64\00030421.tmp" => not found.
"C:\Windows\SysWOW64\00030159.tmp" => not found.
"C:\Windows\SysWOW64\00028861.tmp" => not found.
"C:\Windows\SysWOW64\00028830.tmp" => not found.
"C:\Windows\SysWOW64\00028553.tmp" => not found.
"C:\Windows\SysWOW64\00028095.tmp" => not found.
"C:\Windows\SysWOW64\00027271.tmp" => not found.
"C:\Windows\SysWOW64\00027253.tmp" => not found.
"C:\Windows\SysWOW64\00025499.tmp" => not found.
"C:\Windows\SysWOW64\00025222.tmp" => not found.
"C:\Windows\SysWOW64\00023749.tmp" => not found.
"C:\Windows\SysWOW64\00022733.tmp" => not found.
"C:\Windows\SysWOW64\00022086.tmp" => not found.
"C:\Windows\SysWOW64\00021462.tmp" => not found.
"C:\Windows\SysWOW64\00020769.tmp" => not found.
"C:\Windows\SysWOW64\00019561.tmp" => not found.
"C:\Windows\SysWOW64\00018775.tmp" => not found.
"C:\Windows\SysWOW64\00018409.tmp" => not found.
"C:\Windows\SysWOW64\00017295.tmp" => not found.
"C:\Windows\SysWOW64\00014815.tmp" => not found.
"C:\Windows\SysWOW64\00014358.tmp" => not found.
"C:\Windows\SysWOW64\00013592.tmp" => not found.
"C:\Windows\SysWOW64\00012981.tmp" => not found.
"C:\Windows\SysWOW64\00012980.tmp" => not found.
"C:\Windows\SysWOW64\00012869.tmp" => not found.
"C:\Windows\SysWOW64\00010823.tmp" => not found.
"C:\Windows\SysWOW64\00010790.tmp" => not found.
"C:\Windows\SysWOW64\00010689.tmp" => not found.
"C:\Windows\SysWOW64\00010427.tmp" => not found.
"C:\Windows\SysWOW64\00010131.tmp" => not found.
"C:\Windows\SysWOW64\00009882.tmp" => not found.
"C:\Windows\SysWOW64\00009077.tmp" => not found.
"C:\Windows\SysWOW64\00008829.tmp" => not found.
"C:\Windows\SysWOW64\00008663.tmp" => not found.
"C:\Windows\SysWOW64\00008546.tmp" => not found.
"C:\Windows\SysWOW64\00008391.tmp" => not found.
"C:\Windows\SysWOW64\00007473.tmp" => not found.
"C:\Windows\SysWOW64\00005861.tmp" => not found.
"C:\Windows\SysWOW64\00004608.tmp" => not found.
"C:\Windows\SysWOW64\00002379.tmp" => not found.
"C:\Windows\SysWOW64\00001627.tmp" => not found.
"C:\Windows\SysWOW64\00001363.tmp" => not found.
"C:\Windows\SysWOW64\00000987.tmp" => not found.
"C:\Windows\SysWOW64\00000445.tmp" => not found.
"C:\Windows\SysWOW64\00000394.tmp" => not found.
"C:\Windows\SysWOW64\00032579.tmp" => not found.
"C:\Windows\SysWOW64\00032185.tmp" => not found.
"C:\Windows\SysWOW64\00032061.tmp" => not found.
"C:\Windows\SysWOW64\00031336.tmp" => not found.
"C:\Windows\SysWOW64\00031153.tmp" => not found.
"C:\Windows\SysWOW64\00030608.tmp" => not found.
"C:\Windows\SysWOW64\00030162.tmp" => not found.
"C:\Windows\SysWOW64\00028313.tmp" => not found.
"C:\Windows\SysWOW64\00028163.tmp" => not found.
"C:\Windows\SysWOW64\00027620.tmp" => not found.
"C:\Windows\SysWOW64\00027000.tmp" => not found.
"C:\Windows\SysWOW64\00026725.tmp" => not found.
"C:\Windows\SysWOW64\00026635.tmp" => not found.
"C:\Windows\SysWOW64\00025898.tmp" => not found.
"C:\Windows\SysWOW64\00025554.tmp" => not found.
"C:\Windows\SysWOW64\00025484.tmp" => not found.
"C:\Windows\SysWOW64\00024329.tmp" => not found.
"C:\Windows\SysWOW64\00023112.tmp" => not found.
"C:\Windows\SysWOW64\00022528.tmp" => not found.
"C:\Windows\SysWOW64\00021448.tmp" => not found.
"C:\Windows\SysWOW64\00021360.tmp" => not found.
"C:\Windows\SysWOW64\00020665.tmp" => not found.
"C:\Windows\SysWOW64\00019626.tmp" => not found.
"C:\Windows\SysWOW64\00019340.tmp" => not found.
"C:\Windows\SysWOW64\00018865.tmp" => not found.
"C:\Windows\SysWOW64\00018107.tmp" => not found.
"C:\Windows\SysWOW64\00018005.tmp" => not found.
"C:\Windows\SysWOW64\00017802.tmp" => not found.
"C:\Windows\SysWOW64\00017646.tmp" => not found.
"C:\Windows\SysWOW64\00016363.tmp" => not found.
"C:\Windows\SysWOW64\00014275.tmp" => not found.
"C:\Windows\SysWOW64\00012253.tmp" => not found.
"C:\Windows\SysWOW64\00011049.tmp" => not found.
"C:\Windows\SysWOW64\00010250.tmp" => not found.
"C:\Windows\SysWOW64\00009271.tmp" => not found.
"C:\Windows\SysWOW64\00008671.tmp" => not found.
"C:\Windows\SysWOW64\00008149.tmp" => not found.
"C:\Windows\SysWOW64\00007268.tmp" => not found.
"C:\Windows\SysWOW64\00006439.tmp" => not found.
"C:\Windows\SysWOW64\00005695.tmp" => not found.
"C:\Windows\SysWOW64\00005441.tmp" => not found.
"C:\Windows\SysWOW64\00004399.tmp" => not found.
"C:\Windows\SysWOW64\00004388.tmp" => not found.
"C:\Windows\SysWOW64\00004358.tmp" => not found.
"C:\Windows\SysWOW64\00002988.tmp" => not found.
"C:\Windows\SysWOW64\00002209.tmp" => not found.
"C:\Windows\SysWOW64\00002030.tmp" => not found.
"C:\Windows\SysWOW64\00001432.tmp" => not found.
"C:\Windows\SysWOW64\00001032.tmp" => not found.
"C:\Windows\SysWOW64\00030621.tmp" => not found.
"C:\Windows\SysWOW64\00028491.tmp" => not found.
"C:\Windows\SysWOW64\00027784.tmp" => not found.
"C:\Windows\SysWOW64\00025724.tmp" => not found.
"C:\Windows\SysWOW64\00022966.tmp" => not found.
"C:\Windows\SysWOW64\00020246.tmp" => not found.
"C:\Windows\SysWOW64\00018030.tmp" => not found.
"C:\Windows\SysWOW64\00017791.tmp" => not found.
"C:\Windows\SysWOW64\00015353.tmp" => not found.
"C:\Windows\SysWOW64\00013258.tmp" => not found.
"C:\Windows\SysWOW64\00012727.tmp" => not found.
"C:\Windows\SysWOW64\00011097.tmp" => not found.
"C:\Windows\SysWOW64\00011056.tmp" => not found.
"C:\Windows\SysWOW64\00010959.tmp" => not found.
"C:\Windows\SysWOW64\00008210.tmp" => not found.
"C:\Windows\SysWOW64\00007103.tmp" => not found.
"C:\Windows\SysWOW64\00005200.tmp" => not found.
"C:\Windows\SysWOW64\00002787.tmp" => not found.
"C:\Windows\SysWOW64\00000434.tmp" => not found.
"C:\Windows\SysWOW64\00031878.tmp" => not found.
"C:\Windows\SysWOW64\00031170.tmp" => not found.
"C:\Windows\SysWOW64\00029261.tmp" => not found.
"C:\Windows\SysWOW64\00028343.tmp" => not found.
"C:\Windows\SysWOW64\00027035.tmp" => not found.
"C:\Windows\SysWOW64\00026852.tmp" => not found.
"C:\Windows\SysWOW64\00025384.tmp" => not found.
"C:\Windows\SysWOW64\00022781.tmp" => not found.
"C:\Windows\SysWOW64\00022375.tmp" => not found.
"C:\Windows\SysWOW64\00022243.tmp" => not found.
"C:\Windows\SysWOW64\00016533.tmp" => not found.
"C:\Windows\SysWOW64\00016132.tmp" => not found.
"C:\Windows\SysWOW64\00013795.tmp" => not found.
"C:\Windows\SysWOW64\00007314.tmp" => not found.
"C:\Windows\SysWOW64\00005419.tmp" => not found.
"C:\Windows\SysWOW64\00003219.tmp" => not found.
"C:\Windows\SysWOW64\00003128.tmp" => not found.
"C:\Windows\SysWOW64\00002541.tmp" => not found.
"C:\Windows\SysWOW64\00029664.tmp" => not found.
"C:\Windows\SysWOW64\00016686.tmp" => not found.
"C:\Windows\SysWOW64\00015876.tmp" => not found.
"C:\Windows\SysWOW64\00015203.tmp" => not found.
"C:\Windows\SysWOW64\00012312.tmp" => not found.
"C:\Windows\SysWOW64\00012228.tmp" => not found.
"C:\Windows\SysWOW64\00012181.tmp" => not found.
"C:\Windows\SysWOW64\00012013.tmp" => not found.
"C:\Windows\SysWOW64\00011298.tmp" => not found.
"C:\Windows\SysWOW64\00009832.tmp" => not found.
"C:\Windows\SysWOW64\00006393.tmp" => not found.
"C:\Windows\SysWOW64\00005128.tmp" => not found.
"C:\Windows\SysWOW64\00031311.tmp" => not found.
"C:\Windows\SysWOW64\00030141.tmp" => not found.
"C:\Windows\SysWOW64\00030013.tmp" => not found.
"C:\Windows\SysWOW64\00029976.tmp" => not found.
"C:\Windows\SysWOW64\00029465.tmp" => not found.
"C:\Windows\SysWOW64\00027687.tmp" => not found.
"C:\Windows\SysWOW64\00026888.tmp" => not found.
"C:\Windows\SysWOW64\00026420.tmp" => not found.
"C:\Windows\SysWOW64\00025820.tmp" => not found.
"C:\Windows\SysWOW64\00024417.tmp" => not found.
"C:\Windows\SysWOW64\00023145.tmp" => not found.
"C:\Windows\SysWOW64\00022041.tmp" => not found.
"C:\Windows\SysWOW64\00019586.tmp" => not found.
"C:\Windows\SysWOW64\00019471.tmp" => not found.
"C:\Windows\SysWOW64\00018351.tmp" => not found.
"C:\Windows\SysWOW64\00017398.tmp" => not found.
"C:\Windows\SysWOW64\00015127.tmp" => not found.
"C:\Windows\SysWOW64\00015123.tmp" => not found.
"C:\Windows\SysWOW64\00012310.tmp" => not found.
"C:\Windows\SysWOW64\00012204.tmp" => not found.
"C:\Windows\SysWOW64\00011306.tmp" => not found.
"C:\Windows\SysWOW64\00010782.tmp" => not found.
"C:\Windows\SysWOW64\00010567.tmp" => not found.
"C:\Windows\SysWOW64\00010154.tmp" => not found.
"C:\Windows\SysWOW64\00009598.tmp" => not found.
"C:\Windows\SysWOW64\00008281.tmp" => not found.
"C:\Windows\SysWOW64\00007678.tmp" => not found.
"C:\Windows\SysWOW64\00006108.tmp" => not found.
"C:\Windows\SysWOW64\00002931.tmp" => not found.
"C:\Windows\SysWOW64\00002754.tmp" => not found.
"C:\Windows\SysWOW64\00001919.tmp" => not found.
"C:\Windows\SysWOW64\00001407.tmp" => not found.
"C:\Windows\SysWOW64\00000638.tmp" => not found.
"C:\Windows\SysWOW64\00000064.tmp" => not found.
"C:\Windows\SysWOW64\00032758.tmp" => not found.
"C:\Windows\SysWOW64\00032580.tmp" => not found.
"C:\Windows\SysWOW64\00032578.tmp" => not found.
"C:\Windows\SysWOW64\00032385.tmp" => not found.
"C:\Windows\SysWOW64\00032305.tmp" => not found.
"C:\Windows\SysWOW64\00029771.tmp" => not found.
"C:\Windows\SysWOW64\00029028.tmp" => not found.
"C:\Windows\SysWOW64\00028989.tmp" => not found.
"C:\Windows\SysWOW64\00028476.tmp" => not found.
"C:\Windows\SysWOW64\00026828.tmp" => not found.
"C:\Windows\SysWOW64\00024547.tmp" => not found.
"C:\Windows\SysWOW64\00024020.tmp" => not found.
"C:\Windows\SysWOW64\00022927.tmp" => not found.
"C:\Windows\SysWOW64\00022053.tmp" => not found.
"C:\Windows\SysWOW64\00020967.tmp" => not found.
"C:\Windows\SysWOW64\00020450.tmp" => not found.
"C:\Windows\SysWOW64\00020444.tmp" => not found.
"C:\Windows\SysWOW64\00020394.tmp" => not found.
"C:\Windows\SysWOW64\00017302.tmp" => not found.
"C:\Windows\SysWOW64\00016016.tmp" => not found.
"C:\Windows\SysWOW64\00015129.tmp" => not found.
"C:\Windows\SysWOW64\00014512.tmp" => not found.
"C:\Windows\SysWOW64\00013175.tmp" => not found.
"C:\Windows\SysWOW64\00012838.tmp" => not found.
"C:\Windows\SysWOW64\00011502.tmp" => not found.
"C:\Windows\SysWOW64\00011330.tmp" => not found.
"C:\Windows\SysWOW64\00011000.tmp" => not found.
"C:\Windows\SysWOW64\00010586.tmp" => not found.
"C:\Windows\SysWOW64\00009505.tmp" => not found.
"C:\Windows\SysWOW64\00007937.tmp" => not found.
"C:\Windows\SysWOW64\00007671.tmp" => not found.
"C:\Windows\SysWOW64\00007586.tmp" => not found.
"C:\Windows\SysWOW64\00006852.tmp" => not found.
"C:\Windows\SysWOW64\00006624.tmp" => not found.
"C:\Windows\SysWOW64\00005575.tmp" => not found.
"C:\Windows\SysWOW64\00004915.tmp" => not found.
"C:\Windows\SysWOW64\00004384.tmp" => not found.
"C:\Windows\SysWOW64\00001700.tmp" => not found.
"C:\Windows\SysWOW64\00001361.tmp" => not found.
"C:\Windows\SysWOW64\00000408.tmp" => not found.
"C:\Windows\SysWOW64\00030654.tmp" => not found.
"C:\Windows\SysWOW64\00019618.tmp" => not found.
"C:\Windows\SysWOW64\00015023.tmp" => not found.
"C:\Windows\SysWOW64\00013712.tmp" => not found.
"C:\Windows\SysWOW64\00013676.tmp" => not found.
"C:\Windows\SysWOW64\00013165.tmp" => not found.
"C:\Windows\SysWOW64\00012256.tmp" => not found.
"C:\Windows\SysWOW64\00012066.tmp" => not found.
"C:\Windows\SysWOW64\00005807.tmp" => not found.
"C:\Windows\SysWOW64\00001196.tmp" => not found.
"C:\Windows\SysWOW64\00001158.tmp" => not found.
"C:\Windows\SysWOW64\00026585.tmp" => not found.
"C:\Windows\SysWOW64\00023726.tmp" => not found.
"C:\Windows\SysWOW64\00015710.tmp" => not found.
"C:\Windows\SysWOW64\00011187.tmp" => not found.
"C:\Windows\SysWOW64\00007604.tmp" => not found.
"C:\Windows\SysWOW64\00032725.tmp" => not found.
"C:\Windows\SysWOW64\00032430.tmp" => not found.
"C:\Windows\SysWOW64\00032219.tmp" => not found.
"C:\Windows\SysWOW64\00032166.tmp" => not found.
"C:\Windows\SysWOW64\00031938.tmp" => not found.
"C:\Windows\SysWOW64\00031855.tmp" => not found.
"C:\Windows\SysWOW64\00031533.tmp" => not found.
"C:\Windows\SysWOW64\00031164.tmp" => not found.
"C:\Windows\SysWOW64\00030214.tmp" => not found.
"C:\Windows\SysWOW64\00029708.tmp" => not found.
"C:\Windows\SysWOW64\00029514.tmp" => not found.
"C:\Windows\SysWOW64\00029512.tmp" => not found.
"C:\Windows\SysWOW64\00029167.tmp" => not found.
"C:\Windows\SysWOW64\00028946.tmp" => not found.
"C:\Windows\SysWOW64\00028769.tmp" => not found.
"C:\Windows\SysWOW64\00028006.tmp" => not found.
"C:\Windows\SysWOW64\00027887.tmp" => not found.
"C:\Windows\SysWOW64\00027432.tmp" => not found.
"C:\Windows\SysWOW64\00026971.tmp" => not found.
"C:\Windows\SysWOW64\00026291.tmp" => not found.
"C:\Windows\SysWOW64\00026013.tmp" => not found.
"C:\Windows\SysWOW64\00025681.tmp" => not found.
"C:\Windows\SysWOW64\00025360.tmp" => not found.
"C:\Windows\SysWOW64\00025346.tmp" => not found.
"C:\Windows\SysWOW64\00024831.tmp" => not found.
"C:\Windows\SysWOW64\00024495.tmp" => not found.
"C:\Windows\SysWOW64\00023905.tmp" => not found.
"C:\Windows\SysWOW64\00023667.tmp" => not found.
"C:\Windows\SysWOW64\00023595.tmp" => not found.
"C:\Windows\SysWOW64\00023118.tmp" => not found.
"C:\Windows\SysWOW64\00022847.tmp" => not found.
"C:\Windows\SysWOW64\00022369.tmp" => not found.
"C:\Windows\SysWOW64\00021371.tmp" => not found.
"C:\Windows\SysWOW64\00020880.tmp" => not found.
"C:\Windows\SysWOW64\00020748.tmp" => not found.
"C:\Windows\SysWOW64\00019837.tmp" => not found.
"C:\Windows\SysWOW64\00019531.tmp" => not found.
"C:\Windows\SysWOW64\00019304.tmp" => not found.
"C:\Windows\SysWOW64\00019264.tmp" => not found.
"C:\Windows\SysWOW64\00019020.tmp" => not found.
"C:\Windows\SysWOW64\00018766.tmp" => not found.
"C:\Windows\SysWOW64\00018643.tmp" => not found.
"C:\Windows\SysWOW64\00018302.tmp" => not found.
"C:\Windows\SysWOW64\00018017.tmp" => not found.
"C:\Windows\SysWOW64\00017984.tmp" => not found.
"C:\Windows\SysWOW64\00017372.tmp" => not found.
"C:\Windows\SysWOW64\00017152.tmp" => not found.
"C:\Windows\SysWOW64\00017059.tmp" => not found.
"C:\Windows\SysWOW64\00016974.tmp" => not found.
"C:\Windows\SysWOW64\00016660.tmp" => not found.
"C:\Windows\SysWOW64\00016576.tmp" => not found.
"C:\Windows\SysWOW64\00016073.tmp" => not found.
"C:\Windows\SysWOW64\00016020.tmp" => not found.
"C:\Windows\SysWOW64\00015872.tmp" => not found.
"C:\Windows\SysWOW64\00015496.tmp" => not found.
"C:\Windows\SysWOW64\00014371.tmp" => not found.
"C:\Windows\SysWOW64\00014211.tmp" => not found.
"C:\Windows\SysWOW64\00013999.tmp" => not found.
"C:\Windows\SysWOW64\00013853.tmp" => not found.
"C:\Windows\SysWOW64\00013588.tmp" => not found.
"C:\Windows\SysWOW64\00013062.tmp" => not found.
"C:\Windows\SysWOW64\00013050.tmp" => not found.
"C:\Windows\SysWOW64\00012885.tmp" => not found.
"C:\Windows\SysWOW64\00010784.tmp" => not found.
"C:\Windows\SysWOW64\00010725.tmp" => not found.
"C:\Windows\SysWOW64\00010703.tmp" => not found.
"C:\Windows\SysWOW64\00010597.tmp" => not found.
"C:\Windows\SysWOW64\00009500.tmp" => not found.
"C:\Windows\SysWOW64\00009404.tmp" => not found.
"C:\Windows\SysWOW64\00009360.tmp" => not found.
"C:\Windows\SysWOW64\00008804.tmp" => not found.
"C:\Windows\SysWOW64\00008721.tmp" => not found.
"C:\Windows\SysWOW64\00008111.tmp" => not found.
"C:\Windows\SysWOW64\00007693.tmp" => not found.
"C:\Windows\SysWOW64\00007485.tmp" => not found.
"C:\Windows\SysWOW64\00007329.tmp" => not found.
"C:\Windows\SysWOW64\00007141.tmp" => not found.
"C:\Windows\SysWOW64\00006110.tmp" => not found.
"C:\Windows\SysWOW64\00006077.tmp" => not found.
"C:\Windows\SysWOW64\00005935.tmp" => not found.
"C:\Windows\SysWOW64\00005420.tmp" => not found.
"C:\Windows\SysWOW64\00004461.tmp" => not found.
"C:\Windows\SysWOW64\00003837.tmp" => not found.
"C:\Windows\SysWOW64\00003035.tmp" => not found.
"C:\Windows\SysWOW64\00002804.tmp" => not found.
"C:\Windows\SysWOW64\00002383.tmp" => not found.
"C:\Windows\SysWOW64\00002075.tmp" => not found.
"C:\Windows\SysWOW64\00002039.tmp" => not found.
"C:\Windows\SysWOW64\00002022.tmp" => not found.
"C:\Windows\SysWOW64\00001760.tmp" => not found.
"C:\Windows\SysWOW64\00001522.tmp" => not found.
"C:\Windows\SysWOW64\00000966.tmp" => not found.
"C:\Windows\SysWOW64\00000836.tmp" => not found.
"C:\Windows\SysWOW64\00000124.tmp" => not found.
C:\Windows\system32\FNTCACHE.DAT => moved successfully
"C:\Windows\SysWOW64\00032485.tmp" => not found.
"C:\Windows\SysWOW64\00032226.tmp" => not found.
"C:\Windows\SysWOW64\00031743.tmp" => not found.
"C:\Windows\SysWOW64\00030468.tmp" => not found.
"C:\Windows\SysWOW64\00029871.tmp" => not found.
"C:\Windows\SysWOW64\00029730.tmp" => not found.
"C:\Windows\SysWOW64\00029037.tmp" => not found.
"C:\Windows\SysWOW64\00028594.tmp" => not found.
"C:\Windows\SysWOW64\00028108.tmp" => not found.
"C:\Windows\SysWOW64\00027299.tmp" => not found.
"C:\Windows\SysWOW64\00026810.tmp" => not found.
"C:\Windows\SysWOW64\00025208.tmp" => not found.
"C:\Windows\SysWOW64\00022685.tmp" => not found.
"C:\Windows\SysWOW64\00022238.tmp" => not found.
"C:\Windows\SysWOW64\00020149.tmp" => not found.
"C:\Windows\SysWOW64\00020089.tmp" => not found.
"C:\Windows\SysWOW64\00018987.tmp" => not found.
"C:\Windows\SysWOW64\00017942.tmp" => not found.
"C:\Windows\SysWOW64\00016441.tmp" => not found.
"C:\Windows\SysWOW64\00016427.tmp" => not found.
"C:\Windows\SysWOW64\00014891.tmp" => not found.
"C:\Windows\SysWOW64\00011937.tmp" => not found.
"C:\Windows\SysWOW64\00011886.tmp" => not found.
"C:\Windows\SysWOW64\00010654.tmp" => not found.
"C:\Windows\SysWOW64\00009476.tmp" => not found.
"C:\Windows\SysWOW64\00008872.tmp" => not found.
"C:\Windows\SysWOW64\00008687.tmp" => not found.
"C:\Windows\SysWOW64\00007788.tmp" => not found.
"C:\Windows\SysWOW64\00007174.tmp" => not found.
"C:\Windows\SysWOW64\00007023.tmp" => not found.
"C:\Windows\SysWOW64\00006390.tmp" => not found.
"C:\Windows\SysWOW64\00006041.tmp" => not found.
"C:\Windows\SysWOW64\00005976.tmp" => not found.
"C:\Windows\SysWOW64\00005076.tmp" => not found.
"C:\Windows\SysWOW64\00003169.tmp" => not found.
"C:\Windows\SysWOW64\00001117.tmp" => not found.
"C:\Windows\SysWOW64\00000487.tmp" => not found.
"C:\Windows\SysWOW64\00030199.tmp" => not found.
"C:\Windows\SysWOW64\00002291.tmp" => not found.
"C:\Windows\SysWOW64\00006930.tmp" => not found.
"C:\Windows\SysWOW64\00020679.tmp" => not found.
"C:\Windows\SysWOW64\00017946.tmp" => not found.
"C:\Windows\SysWOW64\00003181.tmp" => not found.
"C:\Windows\SysWOW64\00022596.tmp" => not found.
"C:\Windows\SysWOW64\00014879.tmp" => not found.
"C:\Windows\SysWOW64\00032563.tmp" => not found.
"C:\Windows\SysWOW64\00032122.tmp" => not found.
"C:\Windows\SysWOW64\00028862.tmp" => not found.
"C:\Windows\SysWOW64\00028634.tmp" => not found.
"C:\Windows\SysWOW64\00027038.tmp" => not found.
"C:\Windows\SysWOW64\00026583.tmp" => not found.
"C:\Windows\SysWOW64\00025993.tmp" => not found.
"C:\Windows\SysWOW64\00024744.tmp" => not found.
"C:\Windows\SysWOW64\00024141.tmp" => not found.
"C:\Windows\SysWOW64\00023827.tmp" => not found.
"C:\Windows\SysWOW64\00022923.tmp" => not found.
"C:\Windows\SysWOW64\00020994.tmp" => not found.
"C:\Windows\SysWOW64\00020470.tmp" => not found.
"C:\Windows\SysWOW64\00020182.tmp" => not found.
"C:\Windows\SysWOW64\00019962.tmp" => not found.
"C:\Windows\SysWOW64\00019711.tmp" => not found.
"C:\Windows\SysWOW64\00018473.tmp" => not found.
"C:\Windows\SysWOW64\00010238.tmp" => not found.
"C:\Windows\SysWOW64\00008402.tmp" => not found.
"C:\Windows\SysWOW64\00007862.tmp" => not found.
"C:\Windows\SysWOW64\00007017.tmp" => not found.
"C:\Windows\SysWOW64\00006780.tmp" => not found.
"C:\Windows\SysWOW64\00000670.tmp" => not found.
"C:\Windows\SysWOW64\00032757.tmp" => not found.
"C:\Windows\SysWOW64\00032662.tmp" => not found.
"C:\Windows\SysWOW64\00032391.tmp" => not found.
"C:\Windows\SysWOW64\00031322.tmp" => not found.
"C:\Windows\SysWOW64\00032394.tmp" => not found.
"C:\Windows\SysWOW64\00032138.tmp" => not found.
"C:\Windows\SysWOW64\00031612.tmp" => not found.
"C:\Windows\SysWOW64\00031400.tmp" => not found.
"C:\Windows\SysWOW64\00031132.tmp" => not found.
"C:\Windows\SysWOW64\00032386.tmp" => not found.
"C:\Windows\SysWOW64\00031672.tmp" => not found.
"C:\Windows\SysWOW64\00031631.tmp" => not found.
"C:\Windows\SysWOW64\00031315.tmp" => not found.
"C:\Windows\SysWOW64\00032279.tmp" => not found.
"C:\Windows\SysWOW64\00031550.tmp" => not found.
"C:\Windows\SysWOW64\00031262.tmp" => not found.
"C:\Windows\SysWOW64\00031603.tmp" => not found.
"C:\Windows\SysWOW64\00031403.tmp" => not found.
"C:\Windows\SysWOW64\00030954.tmp" => not found.
"C:\Windows\SysWOW64\00028586.tmp" => not found.
"C:\Windows\SysWOW64\00017556.tmp" => not found.
"C:\Windows\SysWOW64\00008447.tmp" => not found.
"C:\Windows\SysWOW64\00003870.tmp" => not found.
"C:\Windows\SysWOW64\00000419.tmp" => not found.
"C:\Windows\SysWOW64\00032740.tmp" => not found.
"C:\Windows\SysWOW64\00031223.tmp" => not found.
"C:\Windows\SysWOW64\00030992.tmp" => not found.
"C:\Windows\SysWOW64\00032637.tmp" => not found.
"C:\Windows\SysWOW64\00031689.tmp" => not found.
"C:\Windows\SysWOW64\00032648.tmp" => not found.
"C:\Windows\SysWOW64\00032444.tmp" => not found.
"C:\Windows\SysWOW64\00032374.tmp" => not found.
"C:\Windows\SysWOW64\00031276.tmp" => not found.
"C:\Windows\SysWOW64\00032661.tmp" => not found.
"C:\Windows\SysWOW64\00030898.tmp" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7427070 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Dan => 1129990 B

RecycleBin => 225400 B
EmptyTemp: => 16.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:01:02 ====

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/24/2016
Scan Time: 2:21:46 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.24.09
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Dan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325086
Time Elapsed: 59 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.SpyHunter, HKLM\SOFTWARE\ENIGMASOFTWAREGROUP\SpyHunter, Quarantined, [d6337b22a3f7cf671793ba4d58ad41bf],
PUP.Optional.SolidSavings, HKLM\SOFTWARE\WOW6432NODE\Solid Savings, Quarantined, [e128ff9e5f3be84e019fdfd68d76a55b],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}, Quarantined, [9d6cc4d9aaf02e082bd088168a796e92],
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72C28942-D829-4D5D-BC07-1365626A020E}, Quarantined, [f1187f1ef8a253e308b58d50c83bac54],
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Quarantined, [7e8b2776aded191dec6121e634d105fb],
Rogue.AntivirusSuite, HKU\S-1-5-21-2419179289-805309009-3091124471-1000\SOFTWARE\avsuite, Quarantined, [a762534a2971d1656d4078b6a45f58a8],

Registry Values: 3
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}|AppName, Supreme Savings-bg.exe, Quarantined, [9d6cc4d9aaf02e082bd088168a796e92]
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72c28942-d829-4d5d-bc07-1365626a020e}|AppPath, C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar, Quarantined, [f1187f1ef8a253e308b58d50c83bac54]
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|ImagePath, system32\DRIVERS\EsgScanner.sys, Quarantined, [7e8b2776aded191dec6121e634d105fb]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.SpyHunter, C:\Windows\System32\drivers\EsgScanner.sys, Delete-on-Reboot, [3b32caa07d672f8a2e0df5cb3a873f45],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

 

After running the scans I am no longer getting a notice about trojan.kotver, however, when I run the scan it's telling me there are no issues but it's still saying the pc is at risk and will not update?    Hopefully you can see if there's an issue in the logs.



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 24 October 2016 - 07:14 PM

however, when I run the scan it's telling me there are no issues but it's still saying the pc is at risk and will not update?


Are you talking about Norton? And what won't update? The program?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Dr0use

Dr0use
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 24 October 2016 - 07:23 PM

I'm sorry for not being specific.  Yes, after I ran FRST and Malwarebytes and restarted the pc, Norton was still showing a threat on the pc.  I ran a scan through Norton and it say no threats found but it is still saying a fix is needed.  I'm just sure how to identify if it still trojan.kotver or another virus possibly?    Sorry for any confusion.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 24 October 2016 - 07:36 PM

In that case let's get a new set of FRST logs. From there we'll be able to see if Kovter is still there or not (according to the fixlist however, it's gone).

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Dr0use

Dr0use
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 25 October 2016 - 06:53 AM

Okay, here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Dan (administrator) on DAN-PC (24-10-2016 21:17:15)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\n360.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\n360.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1424896 2006-03-21] (CANON INC.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM-x32\...\Run: [VAIORegistration] => C:\Program Files\Sony\First Experience\WelcomeLauncher.exe [16384 2008-06-26] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [VAIOSurvey] => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM-x32\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM-x32\...\Run: [AML] => C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe [1097728 2008-06-13] (Sony)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SysWOW64\VESWinlogon.dll [2008-07-28] (Sony Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2008-08-12]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{4287C950-702A-435D-8498-C0E06D492DA1}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [2008-08-12] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2419179289-805309009-3091124471-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2016-06-20] (Microsoft Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\1jw28jcm.default-1475697668884 [2016-10-24]
FF Homepage: Mozilla\Firefox\Profiles\1jw28jcm.default-1475697668884 -> hxxp://www.msn.com/
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2419179289-805309009-3091124471-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\Exts\Chrome.crx [2016-09-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\Exts\Chrome.crx [2016-09-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1371136 2008-04-30] (Intel® Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\N360.exe [289080 2016-09-23] (Symantec Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-04-30] (Intel® Corporation) [File not signed]
R2 RtkAudioService; C:\Windows\RtkAudioService.exe [139808 2008-07-15] (Realtek Semiconductor)
S3 SOHCImp; C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19456 2008-01-30] (ArcSoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20161019.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608000.032\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S1 DMICall; C:\Windows\SysWOW64\DRIVERS\DMICall.sys [10216 2008-07-11] (Sony Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2016-10-18] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20161020.001\IDSvia64.sys [1012440 2016-10-04] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S2 MCSTRM; no ImagePath
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [64512 2008-07-17] (REDC)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-09-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1608000.032\SYMTDIV.SYS [468152 2016-09-23] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 21:17 - 2016-10-24 21:18 - 00017851 _____ C:\Users\Dan\Desktop\FRST.txt
2016-10-24 20:55 - 2016-10-24 20:55 - 02407424 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2016-10-24 16:47 - 2016-10-24 16:47 - 00000262 _____ C:\ProgramData\SMRResults501.dat
2016-10-24 14:10 - 2016-10-24 21:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-24 14:09 - 2016-10-24 14:09 - 00000941 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-24 14:09 - 2016-10-24 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-24 14:09 - 2016-10-24 14:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-24 14:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-24 14:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-24 14:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-24 14:02 - 2016-10-24 14:03 - 00326336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-24 13:55 - 2016-10-24 13:55 - 22851472 _____ (Malwarebytes ) C:\Users\Dan\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-23 22:59 - 2016-10-23 22:59 - 670769219 _____ C:\Windows\MEMORY.DMP
2016-10-23 22:59 - 2016-10-23 22:59 - 00273480 _____ C:\Windows\Minidump\Mini102316-01.dmp
2016-10-22 13:41 - 2016-10-22 13:41 - 00077920 _____ C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-21 22:47 - 2016-10-24 21:17 - 00000000 ___DC C:\FRST
2016-10-21 09:56 - 2016-10-21 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-21 09:36 - 2016-10-21 09:36 - 00000000 ____D C:\Users\Dan\AppData\Local\ESET
2016-10-20 19:31 - 2016-10-22 13:36 - 00000000 ___DC C:\AdwCleaner
2016-10-19 13:32 - 2016-10-19 13:32 - 00000000 ____C C:\autoexec.bat
2016-10-18 20:23 - 2016-10-18 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-18 19:28 - 2016-10-18 19:28 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-10-18 15:16 - 2016-10-18 19:13 - 00000436 _____ C:\Windows\system32\.crusader
2016-10-18 13:53 - 2016-10-18 15:18 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-18 08:44 - 2016-10-18 08:44 - 01340008 ____T C:\Windows\SysWOW64\00030461.tmp
2016-10-07 09:23 - 2016-10-17 21:55 - 00000000 ____D C:\ProgramData\Roxio
2016-10-07 09:23 - 2016-10-07 09:23 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Roxio
2016-10-05 15:22 - 2016-08-24 13:08 - 00163002 _____ C:\Users\Dan\Documents\DansResume.pdf
2016-10-05 15:22 - 2016-04-01 17:27 - 00171730 _____ C:\Users\Dan\Documents\Brianna Young - External Resume.pdf
2016-10-05 15:04 - 2016-10-06 10:09 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-10-05 14:57 - 2016-10-06 10:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-10-04 09:42 - 2016-05-14 11:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-04 09:42 - 2016-05-14 11:53 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-10-04 09:42 - 2016-05-14 11:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-04 09:42 - 2016-05-14 11:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-04 09:42 - 2016-05-14 11:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2016-10-04 09:42 - 2016-05-14 10:38 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-04 09:42 - 2016-05-14 10:38 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-04 09:42 - 2016-05-14 10:38 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-04 09:42 - 2016-05-11 09:10 - 00516328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-04 09:38 - 2016-06-10 10:45 - 02802176 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-04 09:35 - 2016-06-25 12:04 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-10-04 09:35 - 2016-06-25 12:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-04 09:35 - 2016-06-25 12:04 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-10-04 09:35 - 2016-06-25 12:03 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-10-04 09:35 - 2016-06-25 12:03 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-10-04 09:35 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2016-10-04 09:35 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-10-04 09:35 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-10-04 09:35 - 2016-06-25 11:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-10-04 09:35 - 2016-06-25 11:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-10-04 09:35 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-10-04 09:29 - 2016-05-12 10:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-04 09:29 - 2016-05-12 10:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-04 09:23 - 2016-05-10 11:55 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-10-04 09:23 - 2016-05-10 11:54 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-10-04 09:23 - 2016-05-10 11:54 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-10-04 09:23 - 2016-05-10 11:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-10-04 09:23 - 2016-05-10 11:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-10-04 09:23 - 2016-05-10 11:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-10-04 09:23 - 2016-05-10 10:55 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-10-04 09:23 - 2016-05-10 10:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-10-04 09:23 - 2016-05-10 10:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-10-04 09:07 - 2016-06-20 14:24 - 18804736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-04 09:07 - 2016-06-20 14:21 - 02351616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-04 09:07 - 2016-06-20 14:16 - 10940416 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-04 09:07 - 2016-06-20 14:15 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-04 09:07 - 2016-06-20 14:15 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-04 09:07 - 2016-06-20 14:14 - 02159104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-04 09:07 - 2016-06-20 14:14 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-04 09:07 - 2016-06-20 14:14 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-04 09:07 - 2016-06-20 14:13 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-04 09:07 - 2016-06-20 14:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-04 09:07 - 2016-06-20 14:13 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-10-04 09:07 - 2016-06-20 14:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-10-04 09:07 - 2016-06-20 14:13 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-10-04 09:07 - 2016-06-20 13:50 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-04 09:07 - 2016-06-20 13:48 - 12842496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-04 09:07 - 2016-06-20 13:46 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-04 09:07 - 2016-06-20 13:45 - 09755136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-04 09:07 - 2016-06-20 13:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-04 09:07 - 2016-06-20 13:44 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-04 09:07 - 2016-06-20 13:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-10-04 09:07 - 2016-06-20 13:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-04 09:07 - 2016-06-20 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-04 09:07 - 2016-06-20 13:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-10-04 09:07 - 2016-06-20 13:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-10-04 09:07 - 2016-06-20 13:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-10-01 15:54 - 2016-10-06 10:14 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Octoshape
2016-10-01 15:53 - 2016-10-01 15:53 - 00000000 ____D C:\Users\Dan\AppData\LocalLow\DTV
2016-09-28 10:47 - 2016-09-28 10:47 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-09-28 10:39 - 2016-09-28 10:39 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 20:43 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-24 20:43 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-24 18:43 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-24 18:08 - 2008-08-12 16:22 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-10-24 18:08 - 2006-11-02 11:42 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-24 16:32 - 2014-01-23 13:57 - 00000000 ____D C:\Users\Dan\AppData\Local\NPE
2016-10-24 16:13 - 2014-05-20 12:27 - 00000000 ____D C:\NPE
2016-10-24 15:31 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\DigitalLocker
2016-10-24 13:38 - 2013-02-22 12:38 - 00000000 ____D C:\Users\Dan\AppData\LocalLow\Temp
2016-10-23 22:59 - 2011-02-25 09:49 - 00000000 ____D C:\Windows\Minidump
2016-10-23 20:41 - 2011-10-14 18:12 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2016-10-21 23:08 - 2014-12-29 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 14:56 - 2014-12-01 13:59 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6
2016-10-21 14:56 - 2006-11-02 11:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-20 12:32 - 2008-08-12 14:23 - 00000000 ____D C:\Windows\Panther
2016-10-20 12:32 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\inf
2016-10-20 09:21 - 2011-11-18 09:54 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-20 09:20 - 2008-08-12 17:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-20 07:55 - 2006-11-02 08:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-19 14:50 - 2009-06-28 19:57 - 00000000 ____D C:\Users\Dan
2016-10-06 10:17 - 2009-06-28 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-06 10:09 - 2009-07-20 18:49 - 00000000 ____D C:\ProgramData\Apple Computer
2016-10-06 09:56 - 2009-07-20 18:47 - 00000000 ____D C:\ProgramData\Apple
2016-10-04 13:35 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2016-10-01 15:54 - 2009-06-29 14:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Mozilla
2016-09-28 10:40 - 2011-08-04 07:55 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2016-09-28 10:39 - 2015-08-06 16:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-09-28 10:32 - 2011-08-04 07:56 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-09-28 10:32 - 2011-08-04 07:56 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-09-28 10:28 - 2013-08-15 12:55 - 00000000 ____D C:\Windows\system32\MRT
2016-09-28 10:27 - 2006-11-02 08:35 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-09-27 07:58 - 2011-08-04 07:55 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-09-26 08:59 - 2016-06-23 10:44 - 00000000 ____D C:\Windows\System32\Tasks\Remediation

==================== Files in the root of some directories =======

2010-06-19 15:19 - 2010-06-19 15:19 - 0003584 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-19 08:48 - 2011-07-25 08:25 - 0001940 _____ () C:\Users\Dan\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2011-01-14 15:38 - 2011-01-14 15:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2016-10-24 16:47 - 2016-10-24 16:47 - 0000262 _____ () C:\ProgramData\SMRResults501.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-24 18:56

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Dan (24-10-2016 21:18:43)
Running from C:\Users\Dan\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-06-29 01:43:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2419179289-805309009-3091124471-500 - Administrator - Disabled)
Dan (S-1-5-21-2419179289-805309009-3091124471-1000 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-2419179289-805309009-3091124471-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
ArcSoft Magic-i Visual Effects (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version:  - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM-x32\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version:  - ArcSoft)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Canon iP6700D (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.00.06190 - Sony Corporation)
Click to Disc (x32 Version: 1.2.00.06190 - Sony Corporation) Hidden
Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.00 - Sony Corporation)
Click to Disc Editor (x32 Version: 1.2.00 - Sony Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Control Center (HKLM\...\{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}) (Version: 1.2.0702 - Dolby)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel® Corporation)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.8.0.50 - Symantec Corporation)
OpenMG Secure Module 5.1.00 (HKLM-x32\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (x32 Version: 5.1.00.05200 - Sony Corporation) Hidden
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.58 - Realtek Semiconductor Corp.)
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.1.00.07300 - Sony Corporation)
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.4.0.20080627.1647 - Sony Corporation)
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.2.02.06170 - Sony Corporation)
Sony Video Shared Library (HKLM-x32\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.4.00 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Unity Web Player (HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 1.00.0813 - Sony)
VAIO Content Folder Setting (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.17290 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}) (Version: 3.2.00.06115 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.2.00.06115 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM-x32\...\{FE697886-F392-4E0D-A0C0-47587BF60992}) (Version: 3.2.00.06062 - Sony Corporation)
VAIO Content Metadata Manager Setting (x32 Version: 3.2.00.06062 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{CB8A8696-93EC-414E-A752-850AB133F68A}) (Version: 3.2.00.06112 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.2.00.06112 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.1.00.07110 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.00.06200 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.2.00.06200 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.1.00.07280 - Sony Corporation)
VAIO Help and Support (HKLM-x32\...\{D47FE987-EA3D-424B-9886-B752501D7CE7}) (Version: 6.00.0806.64.FW - Sony Corporation)
VAIO Launcher (HKLM-x32\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.1.00.06130 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.1.00.05240 - Sony Corporation)
VAIO Media plus (x32 Version: 1.1.00.05240 - Sony Corporation) Hidden
VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.00.06240 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.3.00.06240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM-x32\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.1.00.06110 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM-x32\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (HKLM-x32\...\{E1D25278-B51A-4163-BC3D-20A4D2D09F98}) (Version: 1.00.0229 - Sony)
VAIO OOBE and Welcome Center (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 6.00.0813.64.US - Sony Corporation)
VAIO Original Function Setting (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.1.00.08060 - Sony Corporation)
VAIO Startup Assistant (HKLM-x32\...\{DFD0E9A9-F24A-492B-8975-8C938E32408F}) (Version: 3.00.0731 - Sony)
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.0722 - Sony Corporation)
VAIO Update 4 (HKLM-x32\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.0.0.07150 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.2.00.05200 - Sony Corporation)
VAIO Wireless Wizard (HKLM-x32\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.01.0722 - Sony)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WIDCOMM Bluetooth Software 6.2.0.4500 (HKLM\...\{E464702F-5433-46EC-8F65-159276C0A54F}) (Version: 6.2.0.4500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinDVD BD for VAIO (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.516 - InterVideo Inc.)
WinDVD BD for VAIO (x32 Version: 8.0-B9.516 - InterVideo Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A00484D-EA02-4D25-A275-E7C101F65638} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {25F7A0EC-FC6F-4A6A-85BF-23DBAEF30787} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {6F91F9D4-4554-400C-95E9-FF4ACFE87FEA} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2008-08-13] (Sony Electronics, Inc.)
Task: {AE8768A4-DE29-4B4F-9C4B-FDF7723B19D8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {C9FE80CC-F091-4896-B2E2-F28A12118C07} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-07-15] (Sony Corporation)
Task: {E62882D1-EE3D-4CF1-9907-6C0AED2BA44E} - System32\Tasks\{D9898B15-55CD-4C51-9B36-A2C39B31F5FA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {EBF91592-ADE3-49C2-87B8-802F06855A39} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {F248FF23-3AAB-4A4E-BA7B-5ED41486CD13} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {F772A09B-AD25-4460-A36E-91411BFA2AFD} - System32\Tasks\Microsoft\Windows\RestartManager\{BC85F772-2624-4cb6-ABE2-D2499C1DB857} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2008-07-21 16:01 - 2008-07-21 16:01 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-09-06 13:27 - 2007-09-06 13:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-04-30 22:45 - 2008-04-30 22:45 - 00335872 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-06-28 21:49 - 2008-06-02 15:37 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
2009-06-28 21:49 - 2008-06-23 15:22 - 00040960 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
2009-06-28 21:49 - 2008-06-23 15:22 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2008-08-12 17:18 - 2008-07-28 20:45 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2008-08-12 17:18 - 2008-07-28 20:45 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2009-06-28 21:49 - 2008-06-02 15:37 - 00118784 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
2009-06-28 21:49 - 2008-06-02 15:37 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
2009-06-28 21:49 - 2008-04-17 03:59 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
2009-06-28 21:49 - 2008-06-02 15:37 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
2009-06-28 21:49 - 2008-04-17 03:59 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
2009-06-28 21:49 - 2008-04-17 03:59 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
2009-06-28 21:49 - 2008-06-02 15:37 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00036864 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00040960 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2009-06-28 21:49 - 2008-06-23 15:22 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2009-06-28 21:49 - 2008-04-17 04:00 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2419179289-805309009-3091124471-1000\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2419179289-805309009-3091124471-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{61A3247A-25F5-4F67-B6AF-E06FE3907FEF}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{F4869BB3-420C-4AC2-A2D6-56C5BE9594D3}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{23D1FD89-53CA-4C5F-A131-6CDBF7FBFC0E}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{38C0922B-5225-45E3-8A89-5CA8212426C5}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{F621D995-9163-4919-8FBE-E23B993B1306}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{540DB2E6-A604-4AAF-B81A-D98CAEA55532}] => (Allow) svchost.exe
FirewallRules: [{22FB7B2F-20AF-42DC-AF3C-99B4F9F61611}] => (Allow) LPort=80
FirewallRules: [{00BDDFF3-EBB8-4F1D-B2B1-92CCB285C921}] => (Allow) LPort=80
FirewallRules: [{C71ECCEB-4786-49F7-A46B-E8F2FDAF7A67}] => (Allow) LPort=80
FirewallRules: [{AEF51257-10F0-40F8-AEF1-09D670FE952D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{289BBA84-29C1-45D4-A53D-3C2111D6795D}] => (Allow) LPort=2869
FirewallRules: [{D3A65CF4-0023-4224-8BE8-ED00C3BE9E46}] => (Allow) LPort=1900
FirewallRules: [{9EA36011-9555-4567-AE0D-09726324CA1B}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{97159B3A-27DA-437F-8E72-C4002CDF1093}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{940E78B8-B103-4539-BB0F-61E4D752DFDC}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{E111E5BA-919B-44E1-90C9-3053C71E31D0}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{2518148D-AE3E-41F7-A9CB-76D7D789C4C7}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{248AF315-6D5F-4C78-B691-15315533097C}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{F357813B-73FC-467C-9018-DF99ED8F039C}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{09B42B83-2BDB-40C3-B6B0-1EEAA8D85726}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{8E32850A-7A0D-407B-B867-8DB361F97337}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{03103A1D-225D-4062-A4C4-ECE3C5227EAA}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{A6075080-2607-498F-B67D-E2ED689975BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A56DA782-3ED7-4527-9DCD-870764C43F07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A77B004C-6927-4D7F-B23C-AD1F75AF78C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDC5A0CE-F68D-49C4-A91B-E5B0F55E2D0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

22-10-2016 00:54:33 JRT Pre-Junkware Removal
22-10-2016 13:46:58 JRT Pre-Junkware Removal
23-10-2016 22:27:50 VAIO Care Automatic Restore Point
24-10-2016 10:30:28 VAIO Care Automatic Restore Point
24-10-2016 13:37:44 Restore Point Created by FRST
24-10-2016 13:59:56 Restore Point Created by FRST
24-10-2016 15:21:49 VAIO Care Automatic Restore Point
24-10-2016 16:27:58 Norton_Power_Eraser_20161024162757026
24-10-2016 19:44:51 VAIO Care Automatic Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2016 06:45:41 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (10/24/2016 06:44:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2016 06:11:49 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (10/24/2016 06:10:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2016 05:34:26 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (10/24/2016 05:32:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2016 04:49:02 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (10/24/2016 04:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2016 04:13:57 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (10/24/2016 04:13:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/24/2016 08:58:30 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:55:02 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:54:53 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:54:37 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:54:23 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:54:21 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:53:34 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:19:52 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:19:42 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 08:19:25 PM) (Source: DCOM) (EventID: 10016) (User: Dan-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Dan-PC\Dan SID (S-1-5-21-2419179289-805309009-3091124471-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-10-24 21:18:38.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:38.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:37.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:36.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:35.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:35.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:34.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:34.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:05.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-24 21:18:05.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 70%
Total physical RAM: 3934.11 MB
Available physical RAM: 1179.72 MB
Total Virtual: 8061.5 MB
Available Virtual: 4508.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.77 GB) (Free:114.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 3B24829C)
Partition 1: (Not Active) - (Size=10.1 GB) - (Type=27)
Partition 2: (Active) - (Size=222.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

If there's any additional information I can provide, please let me know.  Thank you



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 25 October 2016 - 07:06 AM

I don't see any traces of Kovter on your system anymore. Is there any update available for your Norton installation?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Dr0use

Dr0use
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 25 October 2016 - 08:34 AM

I'm sorry I'm not very computer savy so I apologize if I'm not wording anything right or that.  When I pull up Norton, the Security tab is telling me I need a fix, I click fix now and it runs a scan.  The scan is then coming back saying no threats found but it's still saying it needs a fix.  I tried to run a live update and it finds and downloads the updates but will not process them.  Also, I don't know if this is normal but when I go in to task mgr it shows over 40 things open and running?   Anything else you could suggest?



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 25 October 2016 - 08:57 AM

There's nothing unusual with having 40 processes running on your system. You have a lot of programs installed. For instance, I have 96 processes running on my work laptop.

This being said, your Norton installation could be damaged, and I would reinstall it to see if it's a problem with the program itself, or there's really a threat that needs to be adressed. Did you buy Norton, or did it from your ISP (Verizon, AT&T, etc.)?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Dr0use

Dr0use
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 25 October 2016 - 09:09 AM

I will give that a try.  I currently have it through my ISP (Comcast).



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 25 October 2016 - 09:20 AM

Alright, let me know how it goes :) Maybe Comcast also have an updated version of Norton to install so I would check that as well.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users