Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Kotver!gm2 (Windows 7 64bit)


  • This topic is locked This topic is locked
6 replies to this topic

#1 lferkins

lferkins

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 07 November 2016 - 09:03 AM

Based on dramatic increase in internet usage, since 24 October.  Several removal attempts failed.  Get "restart to complete removal" request from Norton several times each day.

 

FRST log follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Lenny (administrator) on LENNY-XPS8700 (07-11-2016 08:24:35)
Running from C:\Users\Lenny\Desktop
Loaded Profiles: Lenny (Available Profiles: Lenny)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Lenny\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Lenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Citi Virtual Account Numbers\CitiVAN.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11733888 2012-12-03] (Motorola Solutions, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [886272 2012-05-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [76872 2012-06-25] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [588288 2016-01-08] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Citi Virtual Account Numbers\CitiVAN.exe [435712 2014-02-07] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758280 2016-06-17] (APN)
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-16] (Google Inc.)
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [Amazon Music] => C:\Users\Lenny\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-14] ()
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [Dropbox Update] => C:\Users\Lenny\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [**dwrnat<*>] => "C:\Users\Lenny\AppData\Local\5884f577\83637238.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lenny\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2014-01-27]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0415f9f2.lnk [2016-11-07]
ShortcutTarget: 0415f9f2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06656d68.lnk [2016-10-24]
ShortcutTarget: 06656d68.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-06-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{6DC427C8-35F7-4FA7-A9E0-3E00BCBC7E79}: [DhcpNameServer] 24.154.1.68 24.154.1.7
Tcpip\..\Interfaces\{FA46FB72-898A-4E0F-B6E8-0A93038F828F}: [DhcpNameServer] 192.168.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2180218618-3025520610-2622418656-1001 -> {2B5E2B0B-E743-47EF-9837-6A20E6E53E2D} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.7.0.15&apn_uid=AB4D42AA-409B-4E27-BB6A-89B1A1B7C9EF&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.16428&doi=2014-01-19&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKU\S-1-5-21-2180218618-3025520610-2622418656-1001 -> {720AF791-EBF4-420A-A79D-378FD61B08E8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2180218618-3025520610-2622418656-1001 -> {A5FA6232-6836-4E1F-8A86-3EDC22FC6878} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2016-06-17] (APN LLC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Citi Virtual Account Numbers\CitiVANHelper.dll [2014-01-07] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2016-06-17] (APN LLC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2016-06-17] (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2016-06-17] (APN LLC.)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Citi Virtual Account Numbers\CitiVANToolbar.dll [2014-01-07] (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2180218618-3025520610-2622418656-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10N-17037/webex/ieatgpc1.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-10-24]
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Citi Virtual Account Numbers
FF Extension: (Virtual Account Numbers for Firefox) - C:\Program Files (x86)\Citi Virtual Account Numbers [2014-10-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-10-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2180218618-3025520610-2622418656-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Lenny\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-2180218618-3025520610-2622418656-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Lenny\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-05-09] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2180218618-3025520610-2622418656-1001: LWA64Plugin15.8 -> C:\Users\Lenny\AppData\Local\Microsoft\LWAPlugin\15.8.20018.735\npLWAPlugin15.8-x64.dll [2015-02-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2180218618-3025520610-2622418656-1001: LWAPlugin15.8 -> C:\Users\Lenny\AppData\Local\Microsoft\LWAPlugin\15.8.20018.735\npLWAPlugin15.8.dll [2015-02-10] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default [2016-11-07]
CHR Extension: (Google Docs) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-10-08]
CHR Extension: (Google Search) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-10]
CHR Extension: (Google Docs Offline) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Gmail) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-06-17] (APN LLC.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-03] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-06-25] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-08-19] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-08-19] (Creative Labs) [File not signed]
R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
S3 iumsvc; c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-12-03] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\N360.exe [289080 2016-09-23] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386160 2012-12-03] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20161102.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608000.032\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2016-10-12] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20161104.001\IDSvia64.sys [1012952 2016-10-27] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-11-14] (Rsupport Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160708.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160708.008\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-07 08:24 - 2016-11-07 08:24 - 00041057 _____ C:\Users\Lenny\Desktop\FRST.txt
2016-11-07 08:24 - 2016-11-07 08:24 - 00000000 ____D C:\FRST
2016-11-07 08:23 - 2016-11-07 08:23 - 02410496 _____ (Farbar) C:\Users\Lenny\Desktop\FRST64.exe
2016-11-07 08:23 - 2016-11-07 08:23 - 01759744 _____ (Farbar) C:\Users\Lenny\Desktop\FRST.exe
2016-11-06 09:03 - 2016-11-06 09:03 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-06 09:03 - 2016-11-06 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-06 09:03 - 2016-11-06 09:03 - 00000000 ____D C:\Program Files\iTunes
2016-11-06 09:03 - 2016-11-06 09:03 - 00000000 ____D C:\Program Files\iPod
2016-11-06 03:37 - 2016-11-06 03:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00031563.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00028378.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00027921.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00026980.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00026835.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00025498.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00023508.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00020646.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00018892.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00017238.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00017218.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00017159.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00013858.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00013113.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00013097.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00012986.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00012888.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00011415.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00009510.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00009204.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00004950.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00004445.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00003554.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00003344.tmp
2016-11-04 16:21 - 2016-11-04 16:21 - 01340008 ____T C:\Windows\SysWOW64\00002395.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00032739.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00029382.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00028568.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00027990.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00027139.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00026950.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00026763.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00026665.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00025090.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00024976.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00024457.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00024181.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00024001.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00023975.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00022459.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00021563.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00021012.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00018745.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00015916.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00015747.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00014982.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00014073.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00013353.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00012429.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00011810.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00011291.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00010465.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00010410.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00009761.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00009504.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00005015.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00003569.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00003493.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00002115.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00002106.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00001738.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00001387.tmp
2016-11-04 16:20 - 2016-11-04 16:20 - 01340008 ____T C:\Windows\SysWOW64\00001338.tmp
2016-10-29 06:33 - 2016-10-29 06:34 - 43109433 _____ C:\Users\Lenny\Downloads\2016-10 rewards $8 level.zip
2016-10-27 13:31 - 2016-10-27 13:31 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-25 09:45 - 2016-10-25 09:45 - 02805768 _____ (Symantec Corporation) C:\Users\Lenny\Downloads\FixToolKotver64.exe
2016-10-24 17:38 - 2016-10-24 17:38 - 00003008 _____ C:\Windows\System32\Tasks\{8C88CA14-0701-4B96-8D88-096BBE6297C5}
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00032609.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00032084.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00031661.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00030606.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00030305.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00030143.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00028089.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00028020.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00027701.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00025621.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00025201.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00023854.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00022727.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00022369.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00022139.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00021555.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00021126.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00020439.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00019310.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00019027.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00017793.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00016657.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00015510.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00013540.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00011976.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00011830.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00011823.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00011640.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00010574.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00009815.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00009513.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00008560.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00008261.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00006201.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00005220.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00002703.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00001783.tmp
2016-10-24 15:11 - 2016-10-24 15:11 - 01340008 ____T C:\Windows\SysWOW64\00001456.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00031473.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00030643.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00029479.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00029368.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00029322.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00028728.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00027614.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00027580.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00026496.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00026003.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00025824.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00025515.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00022939.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00022643.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00022167.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00021382.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00021213.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00021021.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00020862.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00018894.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00018237.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00016092.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00013567.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00013002.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00012538.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00012410.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00010058.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00009658.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00007984.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00006097.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00005510.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00003939.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00002938.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00001977.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00000814.tmp
2016-10-24 15:10 - 2016-10-24 15:10 - 01340008 ____T C:\Windows\SysWOW64\00000591.tmp
2016-10-24 13:32 - 2016-10-24 13:32 - 00003008 _____ C:\Windows\System32\Tasks\{E52EFDD6-2F61-4C40-803C-E09D20ED110D}
2016-10-24 12:51 - 2016-10-24 12:51 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-10-24 12:43 - 2016-10-24 12:43 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-10-24 12:41 - 2016-10-24 12:41 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\7df15461
2016-10-24 12:41 - 2016-10-24 12:41 - 00000000 ____D C:\Users\Lenny\AppData\Local\5884f577
2016-10-22 14:49 - 2016-10-22 14:49 - 00001004 _____ C:\Users\Lenny\Desktop\IrfanView.lnk
2016-10-22 14:49 - 2016-10-22 14:49 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-10-22 12:55 - 2016-10-22 14:49 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-10-22 12:55 - 2016-10-22 14:49 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\IrfanView
2016-10-22 12:55 - 2016-10-22 12:55 - 00001854 _____ C:\Users\Lenny\Desktop\IrfanView 64 Thumbnails.lnk
2016-10-22 12:55 - 2016-10-22 12:55 - 00000980 _____ C:\Users\Lenny\Desktop\IrfanView 64.lnk
2016-10-22 12:55 - 2016-10-22 12:55 - 00000000 ____D C:\Program Files\IrfanView
2016-10-21 20:57 - 2016-10-21 20:57 - 00007149 _____ C:\Users\Lenny\Downloads\Avis Ereceipt Durango.pdf
2016-10-13 16:53 - 2016-10-13 16:53 - 00001671 _____ C:\Users\Lenny\Desktop\Adobe Bridge  CS6 (64 Bit).lnk
2016-10-13 16:52 - 2016-10-13 16:52 - 00014175 _____ C:\Users\Lenny\Desktop\Adobe Photoshop  CS6 (64 Bit).lnk
2016-10-12 14:20 - 2016-10-12 14:20 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-10-12 14:12 - 2016-10-12 14:12 - 00000924 _____ C:\Windows\system32\.crusader
2016-10-12 14:04 - 2016-10-12 14:19 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-12 14:04 - 2016-10-12 14:04 - 00000128 _____ C:\Windows\ntbtlog.txt
2016-10-12 14:03 - 2016-10-12 14:04 - 11579432 _____ (SurfRight B.V.) C:\Users\Lenny\Downloads\HitmanPro_x64.exe
2016-10-12 14:01 - 2016-10-12 14:02 - 02744744 _____ (Symantec Corporation) C:\Users\Lenny\Downloads\FixTool64.exe
2016-10-12 13:58 - 2016-10-12 13:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Lenny\Downloads\rkill (1).exe
2016-10-12 13:57 - 2016-10-12 13:57 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Lenny\Downloads\rkill.exe
2016-10-12 13:48 - 2016-10-12 13:48 - 00000000 ____D C:\NPE
2016-10-12 13:46 - 2016-10-12 13:46 - 03423928 _____ (Symantec Corporation) C:\Users\Lenny\Downloads\NPE (1).exe
2016-10-12 09:37 - 2016-10-12 09:37 - 03423928 _____ (Symantec Corporation) C:\Users\Lenny\Downloads\NPE.exe
2016-10-11 15:00 - 2016-09-30 10:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 15:00 - 2016-09-30 10:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-11 15:00 - 2016-09-30 02:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 15:00 - 2016-09-30 01:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 15:00 - 2016-09-30 01:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 15:00 - 2016-09-30 01:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 15:00 - 2016-09-30 00:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-11 15:00 - 2016-09-30 00:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-11 15:00 - 2016-09-30 00:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-11 15:00 - 2016-09-30 00:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 15:00 - 2016-09-30 00:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-11 15:00 - 2016-09-30 00:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 15:00 - 2016-09-30 00:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 15:00 - 2016-09-30 00:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-11 15:00 - 2016-09-30 00:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 15:00 - 2016-09-30 00:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-11 15:00 - 2016-09-30 00:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-11 15:00 - 2016-09-29 23:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-11 15:00 - 2016-09-29 23:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-11 15:00 - 2016-09-12 16:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 15:00 - 2016-09-12 15:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 15:00 - 2016-09-12 14:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 15:00 - 2016-09-12 13:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 15:00 - 2016-09-12 13:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 15:00 - 2016-09-10 11:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 15:00 - 2016-09-10 10:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 15:00 - 2016-08-12 12:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 15:00 - 2016-08-12 12:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 15:00 - 2016-08-12 11:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-11 15:00 - 2016-08-12 11:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 15:00 - 2016-08-12 11:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-11 15:00 - 2016-08-06 10:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-11 15:00 - 2016-08-06 10:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-11 15:00 - 2016-08-06 10:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-11 15:00 - 2016-08-06 10:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-11 15:00 - 2016-08-06 10:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-11 15:00 - 2016-08-06 10:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-11 15:00 - 2016-08-06 10:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-11 15:00 - 2016-08-06 10:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-11 15:00 - 2016-08-06 10:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-11 15:00 - 2016-08-06 09:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-11 15:00 - 2016-06-14 12:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-11 15:00 - 2016-06-14 12:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-11 15:00 - 2016-06-14 12:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 15:00 - 2016-06-14 12:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-11 15:00 - 2016-06-14 10:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-11 15:00 - 2016-06-14 10:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-11 14:59 - 2016-09-30 15:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-11 14:59 - 2016-09-30 14:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-11 14:59 - 2016-09-30 10:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-11 14:59 - 2016-09-30 01:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-11 14:59 - 2016-09-30 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-11 14:59 - 2016-09-30 01:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-11 14:59 - 2016-09-30 01:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-11 14:59 - 2016-09-30 01:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-11 14:59 - 2016-09-30 01:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-11 14:59 - 2016-09-30 01:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-11 14:59 - 2016-09-30 01:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-11 14:59 - 2016-09-30 01:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-11 14:59 - 2016-09-30 01:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-11 14:59 - 2016-09-30 01:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-11 14:59 - 2016-09-30 01:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-11 14:59 - 2016-09-30 01:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-11 14:59 - 2016-09-30 01:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-11 14:59 - 2016-09-30 01:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-11 14:59 - 2016-09-30 00:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-11 14:59 - 2016-09-30 00:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-11 14:59 - 2016-09-30 00:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-11 14:59 - 2016-09-30 00:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-11 14:59 - 2016-09-30 00:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-11 14:59 - 2016-09-30 00:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-11 14:59 - 2016-09-30 00:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-11 14:59 - 2016-09-30 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-11 14:59 - 2016-09-30 00:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-11 14:59 - 2016-09-30 00:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-11 14:59 - 2016-09-30 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-11 14:59 - 2016-09-30 00:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-11 14:59 - 2016-09-30 00:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-11 14:59 - 2016-09-30 00:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-11 14:59 - 2016-09-30 00:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-11 14:59 - 2016-09-30 00:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-11 14:59 - 2016-09-30 00:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-11 14:59 - 2016-09-30 00:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-11 14:59 - 2016-09-30 00:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-11 14:59 - 2016-09-30 00:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-11 14:59 - 2016-09-30 00:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-11 14:59 - 2016-09-30 00:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-11 14:59 - 2016-09-30 00:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-11 14:59 - 2016-09-30 00:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-11 14:59 - 2016-09-30 00:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-11 14:59 - 2016-09-30 00:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-11 14:59 - 2016-09-30 00:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-11 14:59 - 2016-09-30 00:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-11 14:59 - 2016-09-30 00:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-11 14:59 - 2016-09-30 00:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-11 14:59 - 2016-09-29 23:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 14:59 - 2016-09-29 23:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-11 14:59 - 2016-09-15 10:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 14:59 - 2016-09-15 10:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-11 14:59 - 2016-09-15 10:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 14:59 - 2016-09-15 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-11 14:59 - 2016-09-12 16:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 14:59 - 2016-09-12 16:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-11 14:59 - 2016-09-12 16:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-11 14:59 - 2016-09-12 16:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-11 14:59 - 2016-09-12 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-11 14:59 - 2016-09-12 15:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-11 14:59 - 2016-09-12 15:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-11 14:59 - 2016-09-12 15:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-11 14:59 - 2016-09-12 15:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-11 14:59 - 2016-09-12 15:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-11 14:59 - 2016-09-12 15:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-11 14:59 - 2016-09-12 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-11 14:59 - 2016-09-12 15:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-11 14:59 - 2016-09-09 13:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 14:59 - 2016-09-09 13:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 14:59 - 2016-09-09 13:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 13:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-11 14:59 - 2016-09-09 13:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-11 14:59 - 2016-09-09 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-11 14:59 - 2016-09-09 13:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-11 14:59 - 2016-09-09 13:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-11 14:59 - 2016-09-09 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-11 14:59 - 2016-09-09 12:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-11 14:59 - 2016-09-09 12:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-11 14:59 - 2016-09-09 12:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-11 14:59 - 2016-09-09 12:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-11 14:59 - 2016-09-09 12:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-11 14:59 - 2016-09-09 12:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-11 14:59 - 2016-09-09 12:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-11 14:59 - 2016-09-09 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-11 14:59 - 2016-09-09 12:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-11 14:59 - 2016-09-09 10:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 14:59 - 2016-09-09 10:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 14:59 - 2016-09-09 10:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 14:59 - 2016-09-09 10:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 14:59 - 2016-09-09 10:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 14:59 - 2016-09-09 10:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 14:59 - 2016-09-09 10:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 14:59 - 2016-09-08 15:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 14:59 - 2016-09-08 15:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-11 14:59 - 2016-09-08 15:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 14:59 - 2016-09-08 15:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-11 14:59 - 2016-09-08 09:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 14:59 - 2016-09-08 09:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 14:59 - 2016-08-29 10:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 14:59 - 2016-08-29 10:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-11 14:59 - 2016-08-29 10:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-11 14:59 - 2016-08-29 10:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-11 14:59 - 2016-08-29 10:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-11 14:59 - 2016-08-29 10:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-11 14:59 - 2016-08-29 10:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-11 14:59 - 2016-08-29 09:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-11 14:59 - 2016-08-16 15:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-11 14:59 - 2016-08-16 15:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-11 14:59 - 2016-08-16 15:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-11 14:59 - 2016-08-16 15:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-11 14:59 - 2016-08-16 15:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-11 14:59 - 2016-08-16 15:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-11 14:59 - 2016-08-16 15:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-11 14:59 - 2016-08-12 12:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-11 14:59 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-11 14:59 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-11 14:59 - 2016-08-12 11:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-11 14:59 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-11 14:59 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-11 14:59 - 2016-08-06 10:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-11 14:59 - 2016-08-06 10:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-11 14:59 - 2016-08-06 10:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-11 14:59 - 2016-08-06 10:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-11 14:59 - 2016-08-06 09:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-11 14:59 - 2016-08-06 09:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-11 14:59 - 2016-07-22 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-11 14:59 - 2016-07-22 09:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-11 14:59 - 2016-06-14 12:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-11 14:59 - 2016-06-14 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-11 14:59 - 2016-06-14 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-11 14:59 - 2016-06-14 10:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-11 14:59 - 2016-06-14 10:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-11 14:59 - 2016-06-14 10:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-11 14:59 - 2016-06-14 10:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-11 14:59 - 2016-06-14 10:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-11 14:59 - 2016-06-14 10:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-11 14:59 - 2016-06-14 10:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-11 09:23 - 2016-10-12 14:11 - 00000000 ____D C:\Users\Lenny\AppData\Local\60005c14
2016-10-11 09:23 - 2016-10-11 09:23 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\64afb2a9
2016-10-08 21:21 - 2016-10-24 13:39 - 00000000 ____D C:\Users\Lenny\AppData\Local\NPE
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-07 08:03 - 2013-08-19 07:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-07 08:01 - 2015-06-18 20:44 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2180218618-3025520610-2622418656-1001UA.job
2016-11-07 07:56 - 2016-10-06 01:00 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-11-07 07:51 - 2014-05-27 11:13 - 00000000 ___RD C:\Users\Lenny\Dropbox
2016-11-07 07:51 - 2013-09-01 12:26 - 00000000 ____D C:\Users\Lenny\Documents\Outlook Files
2016-11-07 07:51 - 2013-09-01 11:19 - 00000000 ____D C:\MailFolders
2016-11-07 07:50 - 2014-02-21 12:32 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-07 07:50 - 2013-08-19 08:08 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-11-07 07:50 - 2013-08-19 08:08 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-11-07 07:50 - 2013-08-19 07:57 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-11-07 07:49 - 2014-02-21 12:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-07 07:42 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-07 07:42 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-07 07:39 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-07 07:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-07 07:34 - 2013-08-19 09:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-07 07:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-07 02:00 - 2014-08-16 06:31 - 00000000 ____D C:\Users\Lenny\AppData\Local\Adobe
2016-11-07 01:51 - 2015-08-30 20:29 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-11-06 22:01 - 2015-06-18 20:43 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2180218618-3025520610-2622418656-1001Core.job
2016-11-06 14:53 - 2015-12-10 07:51 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-11-06 10:14 - 2015-11-08 07:44 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5D326DC-EA1C-4755-A94E-533DDB916596}
2016-11-06 09:55 - 2016-07-22 16:54 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-11-06 09:03 - 2014-04-08 21:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-04 20:56 - 2015-06-18 20:44 - 00003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2180218618-3025520610-2622418656-1001UA
2016-11-04 20:56 - 2015-06-18 20:43 - 00003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2180218618-3025520610-2622418656-1001Core
2016-10-31 15:21 - 2013-09-01 17:50 - 00000000 ____D C:\Wallpaper
2016-10-29 06:04 - 2013-11-26 08:28 - 00000000 ____D C:\Users\Lenny\AppData\Local\Google
2016-10-28 15:07 - 2015-04-03 15:40 - 00000000 ____D C:\Users\Lenny\AppData\Local\Amazon Music
2016-10-27 13:32 - 2014-05-27 11:10 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Dropbox
2016-10-27 05:50 - 2014-05-05 14:56 - 00003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-10-27 03:03 - 2013-08-19 07:45 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-27 03:03 - 2013-08-19 07:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 03:03 - 2013-08-19 07:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-27 03:03 - 2013-08-19 07:45 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-27 03:03 - 2013-08-19 07:45 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-26 21:19 - 2014-05-05 14:56 - 00003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2016-10-24 12:47 - 2013-08-19 08:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-24 12:43 - 2015-07-03 06:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-10-24 12:43 - 2013-09-04 13:05 - 00002227 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-10-24 12:43 - 2013-09-04 13:04 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2016-10-24 12:43 - 2013-08-31 10:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-10-21 21:25 - 2013-11-03 15:28 - 00000000 ____D C:\ProgramData\Oracle
2016-10-21 20:57 - 2014-08-29 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-21 20:57 - 2013-09-01 17:28 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-21 20:56 - 2014-08-29 13:51 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-21 20:49 - 2014-02-21 12:33 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-21 20:36 - 2013-09-04 13:05 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-10-21 20:36 - 2013-09-04 13:05 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-10-13 16:55 - 2015-04-02 08:24 - 00002161 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-10-12 09:38 - 2014-03-31 14:41 - 00000000 ____D C:\Program Files (x86)\CDex
2016-10-12 09:38 - 2013-09-04 12:59 - 00000000 ____D C:\ProgramData\Norton
2016-10-12 05:28 - 2013-08-31 10:44 - 00000000 ___RD C:\Users\Lenny\Virtual Machines
2016-10-12 03:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-10-12 02:36 - 2013-12-07 09:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 02:36 - 2013-12-07 09:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-12 02:36 - 2009-07-13 23:45 - 04948936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 02:34 - 2014-12-11 03:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-12 02:34 - 2014-05-06 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-12 02:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-12 02:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-12 02:16 - 2013-09-03 21:29 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 02:05 - 2013-12-07 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 02:05 - 2013-09-03 21:29 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 19:59 - 2015-01-15 07:50 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2014-11-22 08:05 - 2015-04-14 11:13 - 0000132 _____ () C:\Users\Lenny\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-07-27 11:58 - 2015-09-19 20:51 - 0000132 _____ () C:\Users\Lenny\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-09-23 13:51 - 2016-06-11 21:14 - 0000000 _____ () C:\Users\Lenny\AppData\Roaming\Caches
2013-09-23 13:51 - 2016-06-11 21:14 - 0000000 _____ () C:\Users\Lenny\AppData\Roaming\Carbon
2013-08-31 17:40 - 2013-08-31 17:40 - 145762520 _____ () C:\Users\Lenny\AppData\Local\ACCCx2_1_1_220.zip.aamdownload
2013-08-31 17:40 - 2013-08-31 17:40 - 0001732 _____ () C:\Users\Lenny\AppData\Local\ACCCx2_1_1_220.zip.aamdownload.aamd
2016-06-11 21:14 - 2016-06-11 21:14 - 0000000 _____ () C:\ProgramData\Basic Synth
2016-06-11 21:14 - 2016-06-11 21:14 - 0000000 _____ () C:\ProgramData\Calibrators
2016-06-11 21:14 - 2016-06-11 21:14 - 0000000 _____ () C:\ProgramData\CMMs
2016-06-11 21:14 - 2016-06-11 21:14 - 0000000 _____ () C:\ProgramData\Common
2013-09-23 13:51 - 2016-06-11 21:14 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-09-23 13:52 - 2016-06-11 21:14 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2013-09-23 13:51 - 2016-06-11 21:14 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2013-09-23 13:51 - 2016-06-11 21:14 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 00:19
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 lferkins

lferkins
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 07 November 2016 - 06:38 PM

Apologies for duplicate posting on this topic.  Every attempt to post the FRST log (from the time, this looks like my second or third attempt), was met with a timeout error and I assumed the attempt had failed.  My fifth attempt also apparently succeeded despite also getting the timeout error.

 

I don't see any obvious way to delete a post, so please be aware of the duplicate.

 

Again, sincerest apologies

 

len.

 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 09 November 2016 - 01:56 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these items in bold via the Control Panel > Programs > Programs and Features.
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C2806}) (Version: 12.40.6.26 - APN, LLC) <==== ATTENTION
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
<<<>>>

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758280 2016-06-17] (APN)
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [**dwrnat<*>] => "C:\Users\Lenny\AppData\Local\5884f577\83637238.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0415f9f2.lnk [2016-11-07]
ShortcutTarget: 0415f9f2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06656d68.lnk [2016-10-24]
ShortcutTarget: 06656d68.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
SearchScopes: HKU\S-1-5-21-2180218618-3025520610-2622418656-1001 -> {2B5E2B0B-E743-47EF-9837-6A20E6E53E2D} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.7.0.15&apn_uid=AB4D42AA-409B-4E27-BB6A-89B1A1B7C9EF&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.16428&doi=2014-01-19&trgb=IE&q={searchTerms}&psv=
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2016-06-17] (APN LLC.)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2016-06-17] (APN LLC.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2016-06-17] (APN LLC.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2016-06-17] (APN LLC.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Norton Security Toolbar) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-06-17] (APN LLC.)
Shortcut: C:\Users\Lenny\AppData\Local\60005c14\411b89a5.lnk -> C:\Users\Lenny\AppData\Local\60005c14\d1acb44d.bat (No File)
Shortcut: C:\Users\Lenny\AppData\Local\5884f577\83637238.lnk -> C:\Users\Lenny\AppData\Local\5884f577\be1848aa.bat ()
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\Software\Classes\bdfe96db: "C:\Windows\system32\mshta.exe" "javascript:W9CbmAK="LGJowbg";H67t=new ActiveXObject("WScript.Shell");jfc5puSy="s6WaE2AJ";u4GuJ=H67t.RegRead("HKCU\\software\\ylmotmqv\\wdgshovr");ec6GM="ZHEet";eval(u4GuJ);X6uTb="8";" <===== ATTENTION
C:\Program Files (x86)\AskPartnerNetwork
C:\Users\Lenny\AppData\Local\5884f577
C:\Users\Lenny\AppData\Local\60005c14
C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0415f9f2.lnk
C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06656d68.lnk
C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Please post the Fixlog.txt file and let me know of any remaing issues with this computer.

#4 lferkins

lferkins
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 09 November 2016 - 06:23 PM

# AdwCleaner v6.030 - Logfile created 09/11/2016 at 18:08:58
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-08.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Lenny - LENNY-XPS8700
# Running from : C:\Users\Lenny\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Lenny\AppData\Local\AskPartnerNetwork
[-] Folder deleted: C:\Users\Lenny\AppData\Local\YSearchUtil
[!] Folder not deleted: C:\Users\Lenny\Documents\DAP
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\AskPartnerNetwork
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AskPartnerNetwork
[-] Folder deleted: C:\Program Files (x86)\ShowMyPCService
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\astrology.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cafeastrology.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mywebface.com
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-4300-76A7-7A786E7484D7}
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKCU\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKLM\SOFTWARE\AskPartnerNetwork
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[#] Key deleted on reboot: [x64] HKCU\Software\AskPartnerNetwork
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\AskPartnerNetwork
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\555.in.th
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\astromenda.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\babylonbee.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\555.in.th
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\astromenda.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\babylonbee.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.ask.com
 
 
*************************
 
:: "Tracing" keys deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [9371 Bytes] - [09/11/2016 18:08:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [8653 Bytes] - [09/11/2016 18:01:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [8726 Bytes] - [09/11/2016 18:08:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9590 Bytes] ##########


#5 lferkins

lferkins
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 09 November 2016 - 06:27 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Lenny (09-11-2016 17:51:03) Run:1
Running from C:\Users\Lenny\Desktop
Loaded Profiles: Lenny (Available Profiles: Lenny)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758280 2016-06-17] (APN)
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\...\Run: [**dwrnat<*>] => "C:\Users\Lenny\AppData\Local\5884f577\83637238.lnk" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0415f9f2.lnk [2016-11-07]
ShortcutTarget: 0415f9f2.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06656d68.lnk [2016-10-24]
ShortcutTarget: 06656d68.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
SearchScopes: HKU\S-1-5-21-2180218618-3025520610-2622418656-1001 -> {2B5E2B0B-E743-47EF-9837-6A20E6E53E2D} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.7.0.15&apn_uid=AB4D42AA-409B-4E27-BB6A-89B1A1B7C9EF&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.16428&doi=2014-01-19&trgb=IE&q={searchTerms}&psv=
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2016-06-17] (APN LLC.)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2016-06-17] (APN LLC.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2016-06-17] (APN LLC.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2016-06-17] (APN LLC.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Norton Security Toolbar) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-06-17] (APN LLC.)
Shortcut: C:\Users\Lenny\AppData\Local\60005c14\411b89a5.lnk -> C:\Users\Lenny\AppData\Local\60005c14\d1acb44d.bat (No File)
Shortcut: C:\Users\Lenny\AppData\Local\5884f577\83637238.lnk -> C:\Users\Lenny\AppData\Local\5884f577\be1848aa.bat ()
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\Software\Classes\bdfe96db: "C:\Windows\system32\mshta.exe" "javascript:W9CbmAK="LGJowbg";H67t=new ActiveXObject("WScript.Shell");jfc5puSy="s6WaE2AJ";u4GuJ=H67t.RegRead("HKCU\\software\\ylmotmqv\\wdgshovr");ec6GM="ZHEet";eval(u4GuJ);X6uTb="8";" <===== ATTENTION
C:\Program Files (x86)\AskPartnerNetwork
C:\Users\Lenny\AppData\Local\5884f577
C:\Users\Lenny\AppData\Local\60005c14
C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0415f9f2.lnk
C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06656d68.lnk
C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
[10364] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe => process closed successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value removed successfully
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**dwrnat<*> => value removed successfully
C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0415f9f2.lnk => moved successfully
C:\Windows\System32\mshta.exe => moved successfully
C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06656d68.lnk => moved successfully
C:\Windows\System32\cmd.exe => moved successfully
"HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B5E2B0B-E743-47EF-9837-6A20E6E53E2D}" => key removed successfully
HKCR\CLSID\{2B5E2B0B-E743-47EF-9837-6A20E6E53E2D} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}" => key removed successfully
"HKCR\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5637-4300-76A7-7A786E7484D7} => value removed successfully
HKCR\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5637-4300-76A7-7A786E7484D7} => value removed successfully
HKCR\Wow6432Node\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki" => key removed successfully
APNMCP => service removed successfully
C:\Users\Lenny\AppData\Local\60005c14\411b89a5.lnk => moved successfully
C:\Users\Lenny\AppData\Local\5884f577\83637238.lnk => moved successfully
"HKU\S-1-5-21-2180218618-3025520610-2622418656-1001\Software\Classes\bdfe96db" => key removed successfully
C:\Program Files (x86)\AskPartnerNetwork => moved successfully
C:\Users\Lenny\AppData\Local\5884f577 => moved successfully
C:\Users\Lenny\AppData\Local\60005c14 => moved successfully
"C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0415f9f2.lnk" => not found.
"C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\06656d68.lnk" => not found.
"C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 297594319 B
Java, Flash, Steam htmlcache => 311558 B
Windows/system/drivers => 1779186615 B
Edge => 0 B
Chrome => 804841221 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 58254337 B
LocalService => 0 B
NetworkService => 1154 B
Lenny => 488424280 B
UpdatusUser => 0 B
UpdatusUser => 0 B
 
RecycleBin => 28878828 B
EmptyTemp: => 3.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:52:46 ====


#6 lferkins

lferkins
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 10 November 2016 - 08:24 AM

This morning, Norton scan did not find Kotver!gm2.  There's no other evidence it remains.  Looks like this has worked, but I will remain vigilant for the next few days.  Thanks!

 

FWIW, I believe I was infected by something well-disguised as an Adobe Flash update.

 

len.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 10 November 2016 - 10:15 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users