Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W64.Viknok.B!nf - please help with this


  • This topic is locked This topic is locked
36 replies to this topic

#1 Atlantic33

Atlantic33

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 20 May 2017 - 09:46 PM

Hello, I've posted and received help on this virus that has infected my HP laptop before on here but now back to square one. I tried several downloads and scans from help here but nothing has gotten rid of this virus as it still shows up on my Norton antivirus scan saying it needs manual removal. My computer runs slow and freezes while on the internet.

 

File insight on Norton says infected file: c:\windows\System32\sysprep\cryptbase.dll

 

Please, any new help is welcomed, I want to be done with this virus once and for all. Thank you

 

-Atlantic33



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 25 May 2017 - 05:42 PM

Hi Atlantic33 :)

 

My name is polskamachina and I would like to welcome you back to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

In order for me to give you the best help possible:
 
Please download either the 32-bit version or 64-bit version (depending on which version of Windows you have) of Farbar Recovery Scan Tool and save it to your Desktop. If you're not sure which version you have, try both of them. Only one of them will run successfully.

  • Right-click FRST or FRST64 then click, Run as administrator
  • When the tool opens, click Yes to disclaimer
  • Press the Scan button
  • When finished, it will produce two logs named, FRST.txt and Addition.txt in the same directory from which the tool was run
  • Please copy and paste those two logs into your next reply to me

In summary I will need from you:

  • FRST.txt
  • Addition.txt

Let me know if you have any questions.

 

polskamachina



#3 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 25 May 2017 - 07:38 PM

Hi, thank you so much your help is most appreciated! I will follow the rules. I will begin to follow your instructions for the scan. Stand by. Thanks again  

 

-A33



#4 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 25 May 2017 - 08:03 PM

Ran the scan here is the copy and paste:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by The Sullivans (administrator) on THESULLIVANS-HP (25-05-2017 20:52:00)
Running from C:\Users\The Sullivans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQ939EGU
Loaded Profiles: The Sullivans (Available Profiles: The Sullivans & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lexmark International, Inc.) C:\windows\System32\spool\drivers\x64\3\lxeeserv.exe
( ) C:\windows\System32\lxeecoms.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\nis.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\windows\System32\igfxtray.exe
(ArcSoft, Inc.) C:\windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\windows\System32\igfxext.exe
(Intel Corporation) C:\windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\System32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-07] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-07] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [lxeemon.exe] => C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe [770728 2010-05-17] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe [148280 2010-05-17] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-21] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1193728 2017-02-15] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2012-01-31] (Hewlett-Packard Company)
HKU\S-1-5-21-3984708552-4041334046-2540603348-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3984708552-4041334046-2540603348-1001\...\Run: [RESTART_STICKY_NOTES] => C:\windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
Startup: C:\Users\The Sullivans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-01-02]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5A3C428B-5588-4F82-8B79-09D5E3D16B62}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3984708552-4041334046-2540603348-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3984708552-4041334046-2540603348-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3984708552-4041334046-2540603348-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3984708552-4041334046-2540603348-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3984708552-4041334046-2540603348-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3984708552-4041334046-2540603348-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-07] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-21] (Hewlett-Packard)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-21] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-01] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.1.14\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.1.14\coFFAddon [2017-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.1.14\coFFAddon
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-18]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-18]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-07] (Qualcomm Atheros Commnucations) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 lxeeCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
R2 lxee_device; C:\windows\SysWOW64\lxeecoms.exe [598696 2010-04-14] ( )
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-21] () [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\NIS.exe [326160 2017-05-11] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362056 2014-11-18] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719552 2017-02-15] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-07] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-02] (ArcSoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.1.14\Definitions\BASHDefs\20170522.003\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
R3 BTATH_LWFLT; C:\windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-07] (Qualcomm Atheros)
R1 ccSet_NIS; C:\windows\system32\drivers\NISx64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.1.14\Definitions\IPSDefs\20170525.001\IDSvia64.sys [1053824 2017-05-19] (Symantec Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-21] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1862536 2012-07-27] ()
R3 SRTSP; C:\windows\System32\Drivers\NISx64\1609030.00D\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NISx64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
S3 sscdserd; C:\windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NISx64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-20] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NISx64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\Drivers\NISx64\1609030.00D\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-04-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-04-25] (Zemana Ltd.)
R1 ESProtectionDriver; \??\C:\windows\system32\drivers\mbae64.sys [X]
S3 MBAMProtection; \??\C:\windows\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\windows\system32\drivers\mwac.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.1.14\Definitions\SDSDefs\20161211.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.1.14\Definitions\SDSDefs\20161211.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-25 12:56 - 2017-05-25 12:56 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2017-05-20 14:41 - 2017-05-20 14:41 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
2017-05-20 13:45 - 2017-05-20 13:45 - 00010760 _____ C:\Users\The Sullivans\Documents\Gerard's Handyman Work Customer Information.xlsx
2017-05-20 13:45 - 2017-05-20 13:45 - 00000165 ____H C:\Users\The Sullivans\Documents\~$Gerard's Handyman Work Customer Information.xlsx
2017-05-09 17:06 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-05-09 17:06 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-05-09 17:06 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-05-09 17:06 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-05-09 17:06 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-05-09 17:06 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-05-09 17:06 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-05-09 17:06 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-05-09 17:06 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-05-09 17:06 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-05-09 17:06 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-05-09 17:06 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-05-09 17:06 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-05-09 17:06 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-05-09 17:06 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-05-09 17:06 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-05-09 17:06 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-05-09 17:06 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-05-09 17:06 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-05-09 17:06 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-05-09 17:06 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-05-09 17:06 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-05-09 17:06 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-05-09 17:06 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-05-09 17:06 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-05-09 17:06 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-09 17:06 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-09 17:06 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-05-09 17:06 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2017-05-09 17:06 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdosys.dll
2017-05-09 17:06 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-05-09 17:06 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-05-09 17:06 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2017-05-09 17:06 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2017-05-09 17:06 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2017-05-09 17:06 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2017-05-09 17:06 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2017-05-09 17:06 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2017-05-09 17:06 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2017-05-09 17:06 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2017-05-09 17:06 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2017-05-09 17:06 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-05-09 17:06 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-05-09 17:06 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-05-09 17:06 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-05-09 17:06 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-05-09 17:06 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-05-09 17:06 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-05-09 17:06 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-05-09 17:06 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-05-09 17:06 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-05-09 17:06 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-05-09 17:06 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-05-09 17:06 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-05-09 17:06 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-05-09 17:06 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-05-09 17:06 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-05-09 17:06 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-05-09 17:06 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-05-09 17:06 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-05-09 17:06 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-05-09 17:06 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-05-09 17:06 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-05-09 17:06 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-05-09 17:06 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-05-09 17:06 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-05-09 17:06 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-05-09 17:06 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-05-09 17:06 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-05-09 17:06 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-05-09 17:06 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-05-09 17:06 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-05-09 17:06 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-05-09 17:06 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-05-09 17:06 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-05-09 17:06 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-05-09 17:06 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-05-09 17:06 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-05-09 17:06 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-05-09 17:06 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-05-09 17:06 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-05-09 17:06 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-05-09 17:06 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-05-09 17:06 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-05-09 17:06 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-05-09 17:06 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-05-09 17:06 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-05-09 17:06 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-09 17:06 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-05-09 17:06 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-05-09 17:06 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-05-09 17:06 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-05-09 17:06 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-05-09 17:06 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-05-09 17:06 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-05-09 17:06 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-05-09 17:06 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-05-09 17:06 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-05-09 17:06 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-05-09 17:06 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-05-09 17:06 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-05-09 17:06 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-05-09 17:06 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-05-09 17:06 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-05-09 17:06 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-05-09 17:06 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-05-09 17:06 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-05-09 17:06 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2017-05-09 17:06 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2017-05-09 17:06 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2017-05-09 17:06 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2017-05-09 17:06 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2017-05-09 17:06 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2017-05-09 17:06 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2017-05-09 17:06 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2017-05-09 17:06 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-05-09 17:06 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2017-05-09 17:06 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-05-09 17:06 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2017-05-09 17:06 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-05-09 17:06 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-05-09 17:06 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-05-09 17:06 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-05-09 17:06 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2017-05-09 17:06 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-05-09 17:06 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2017-05-09 17:06 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2017-05-09 17:06 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2017-05-09 17:06 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\pla.dll
2017-05-09 17:06 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\pdh.dll
2017-05-09 17:06 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\windows\SysWOW64\pla.dll
2017-05-09 17:06 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\windows\SysWOW64\pdh.dll
2017-05-09 17:06 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\plasrv.exe
2017-05-09 17:06 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2017-05-09 17:06 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys
2017-05-09 17:06 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-05-09 17:06 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-04-25 13:28 - 2017-05-25 20:52 - 00113823 _____ C:\windows\ZAM.krnl.trace
2017-04-25 13:28 - 2017-05-25 20:52 - 00068994 _____ C:\windows\ZAM_Guard.krnl.trace
2017-04-25 13:28 - 2017-04-25 13:28 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2017-04-25 13:28 - 2017-04-25 13:28 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2017-04-25 13:28 - 2017-04-25 13:28 - 00000000 ____D C:\Users\The Sullivans\AppData\Local\Zemana
2017-04-25 13:27 - 2017-04-25 13:27 - 06466204 _____ C:\Users\The Sullivans\Downloads\Zemana.AntiMalware.Portable.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-25 20:52 - 2017-04-01 15:26 - 00000000 ____D C:\FRST
2017-05-25 20:41 - 2014-11-28 18:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-25 14:42 - 2014-01-12 15:08 - 00000000 ____D C:\windows\system32\Macromed
2017-05-25 14:41 - 2012-04-16 06:58 - 00000000 ____D C:\ProgramData\PDFC
2017-05-25 12:40 - 2009-07-14 00:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-25 12:40 - 2009-07-14 00:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-25 12:35 - 2015-07-03 16:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-25 12:31 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-05-20 23:02 - 2013-01-02 20:33 - 00000000 ____D C:\windows\system32\appmgmt
2017-05-20 15:14 - 2015-12-04 22:13 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-20 14:46 - 2015-11-29 10:40 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2017-05-20 14:41 - 2016-12-09 23:14 - 00002395 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-05-20 14:41 - 2016-12-09 23:14 - 00002395 _____ C:\ProgramData\Desktop\Norton Internet Security.lnk
2017-05-20 14:41 - 2016-12-09 23:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-05-20 14:41 - 2013-01-02 19:01 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2017-05-20 14:06 - 2016-12-09 23:14 - 00102608 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2017-05-20 14:06 - 2016-12-09 23:14 - 00008339 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2017-05-16 14:12 - 2016-01-27 13:18 - 00000000 ____D C:\Users\The Sullivans\Documents\Regis College MSN, NP Documents
2017-05-10 16:26 - 2013-01-17 12:21 - 00000000 ____D C:\Users\The Sullivans\AppData\Local\CrashDumps
2017-05-10 16:12 - 2009-07-14 01:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2017-05-10 16:12 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2017-05-10 16:07 - 2009-07-14 00:45 - 00342328 _____ C:\windows\system32\FNTCACHE.DAT
2017-05-10 16:04 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2017-05-09 22:55 - 2012-04-16 06:49 - 00759192 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2017-05-07 13:45 - 2014-12-26 12:57 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-01 22:47 - 2017-04-05 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-01 22:47 - 2017-04-05 14:56 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-01 22:46 - 2017-04-05 14:57 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-29 21:39 - 2016-05-20 15:28 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1b2cdcb212905
2017-04-29 21:39 - 2016-05-20 15:28 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1b2cdcaac9390
2017-04-26 14:03 - 2013-01-04 12:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-25 13:28 - 2013-01-02 18:09 - 00000000 ____D C:\Users\The Sullivans

==================== Files in the root of some directories =======

2015-11-13 16:43 - 2015-11-13 16:43 - 0000288 _____ () C:\Users\The Sullivans\AppData\Roaming\.backup.dm
2014-12-17 22:20 - 2014-12-17 22:20 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-02-21 15:32 - 2013-02-21 15:32 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-02-24 21:02 - 2017-05-11 16:53 - 0005794 _____ () C:\ProgramData\lxee.log
2016-11-19 17:52 - 2016-11-19 17:57 - 0000248 _____ () C:\ProgramData\lxeeDiagnostics.log
2013-02-21 18:14 - 2014-12-17 22:18 - 0031450 _____ () C:\ProgramData\lxeeJSW.log
2013-02-21 15:10 - 2017-05-25 12:31 - 0237196 _____ () C:\ProgramData\lxeescan.log
2014-08-21 13:42 - 2014-08-21 13:42 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-01 19:13

==================== End of FRST.txt ============================



#5 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 25 May 2017 - 08:05 PM

And addition txt

 

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by The Sullivans (25-05-2017 20:53:58)
Running from C:\Users\The Sullivans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQ939EGU
Windows 7 Professional Service Pack 1 (X64) (2013-01-02 22:09:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3984708552-4041334046-2540603348-500 - Administrator - Disabled)
Guest (S-1-5-21-3984708552-4041334046-2540603348-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3984708552-4041334046-2540603348-1003 - Limited - Enabled)
The Sullivans (S-1-5-21-3984708552-4041334046-2540603348-1001 - Administrator - Enabled) => C:\Users\The Sullivans

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.0.0.4 - Hewlett-Packard Company)
Download Manager (HKLM-x32\...\{A8266D1C-7FBB-4DEB-9861-7BCAC6856ACE}) (Version: 1.20 - Neurotic Media)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1106.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version:  - Lexmark International, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.9.3.13 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.1.3 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.11 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 2016 (HKLM-x32\...\{06584914-3DC6-4C37-AB84-30342BB5D93D}) (Version: 16.0.19911 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2023895B-92E8-4091-8020-5EAB5779ECCA} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {37DA4D9E-5D63-4117-95CA-0867E80B4CCA} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-05-11] (Symantec Corporation)
Task: {94D42985-C8CD-421A-AFE6-707662FC0407} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {AF9D9895-DF0C-4EFA-BC41-E3041773A36F} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {C9D3049F-182C-4048-B189-764F6E56F0C2} - System32\Tasks\GoogleUpdateTaskMachineUA1d1b2cdcb212905 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DC846ECC-4DF8-4538-A233-E96137B33BFC} - System32\Tasks\GoogleUpdateTaskMachineCore1d1b2cdcaac9390 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F08F6177-590C-4787-9E27-B00A8A1A9D1B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.3.13\WSCStub.exe [2017-05-11] (Symantec Corporation)
Task: {FB4E4B61-0E15-4401-ABF1-0E6153F83924} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d15eb9cdbd2a46.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d15eb9ce347ee6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForThe Sullivans.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-01-17 19:57 - 2012-01-17 19:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-21 19:14 - 2012-03-21 19:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 05:03 - 2011-10-12 05:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 16:18 - 2010-09-06 16:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-21 18:34 - 2012-03-21 18:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-02-21 15:11 - 2009-11-04 09:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-21 18:36 - 2012-03-21 18:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-07 21:15 - 2012-08-07 21:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-03-26 23:33 - 2012-03-26 23:33 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll
2013-02-21 15:08 - 2010-05-17 09:52 - 00770728 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
2013-02-21 15:08 - 2010-05-17 09:52 - 00148280 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
2012-02-10 17:26 - 2012-02-10 17:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2012-10-21 20:09 - 2012-03-28 13:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-03-21 19:00 - 2012-03-21 19:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-21 18:34 - 2012-03-21 18:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-21 18:59 - 2012-03-21 18:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-21 19:04 - 2012-03-21 19:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-21 19:02 - 2012-03-21 19:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-21 18:38 - 2012-03-21 18:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-21 18:39 - 2012-03-21 18:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2013-02-21 15:08 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
2013-02-21 15:08 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
2013-02-21 15:08 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
2013-02-21 15:08 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
2013-02-21 15:06 - 2009-02-20 04:48 - 00381440 _____ () C:\windows\system32\lxeesm.dll
2013-02-21 15:06 - 2009-02-20 04:48 - 00023552 _____ () C:\windows\system32\lxeesmr.dll
2013-02-21 15:08 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL
2013-02-21 15:08 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
2013-02-21 15:08 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL
2013-02-21 15:08 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL
2013-02-21 15:08 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL
2013-02-21 15:08 - 2010-04-05 06:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll
2013-02-21 15:08 - 2010-04-05 06:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
2013-02-21 15:08 - 2010-04-05 06:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll
2013-02-21 15:08 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
2013-02-21 15:08 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
2017-05-25 12:32 - 2017-05-25 12:32 - 00098816 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32api.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00110080 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\pywintypes27.dll
2017-05-25 12:32 - 2017-05-25 12:32 - 00364544 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\pythoncom27.dll
2017-05-25 12:32 - 2017-05-25 12:32 - 00320512 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32com.shell.shell.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00914432 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\_hashlib.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 01176576 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\wx._core_.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00806400 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\wx._gdi_.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00816128 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\wx._windows_.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 01067008 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\wx._controls_.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00733184 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\wx._misc_.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00682496 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\pysqlite2._sqlite.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00088064 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\_ctypes.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00686080 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\unicodedata.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00119808 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32file.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00108544 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32security.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00007168 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\hashobjs_ext.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00017920 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\thumbnails_ext.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00088064 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\usb_ext.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00012800 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\common.time34.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00018432 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32event.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00167936 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32gui.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00046080 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\_socket.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 01303552 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\_ssl.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00128512 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\_elementtree.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00127488 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\pyexpat.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00038912 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32inet.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00036864 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\_psutil_windows.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00524248 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\windows._lib_cacheinvalidation.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00011264 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32crypt.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00123392 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\wx._wizard.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00077312 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\wx._html2.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00027648 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\_multiprocessing.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00020480 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\_yappi.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00035840 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32process.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00078848 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\wx._animate.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00024064 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32pipe.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00010240 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\select.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00025600 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32pdh.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00017408 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32profile.pyd
2017-05-25 12:32 - 2017-05-25 12:32 - 00022528 ____R () C:\Users\The Sullivans\AppData\Local\Temp\_MEI45002\win32ts.pyd
2011-04-08 12:57 - 2011-04-08 12:57 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2017-05-14 19:11 - 2017-05-14 19:11 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\823fb789f2ad94c2ce33a6a11f82d7ea\IsdiInterop.ni.dll
2012-04-16 06:52 - 2012-02-01 21:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-10-21 20:09 - 2012-03-28 13:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-11-28 22:43 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3984708552-4041334046-2540603348-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\The Sullivans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0196DD2A-B023-41D4-8CCC-117305C07B5C}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Btvstack.exe
FirewallRules: [{C7DCE270-6BE9-486F-8FF3-33FF2B23998B}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
FirewallRules: [{D64BAD1A-46D3-4719-81C3-5C1BF5AB05AD}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
FirewallRules: [{FD8FC658-6F20-4978-8C66-1429574297DE}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{A068B8A1-10FF-416A-B6E7-F6F0253B7CE6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{32A9B31C-F657-4F03-AEF9-E9A17538808F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0944405B-F499-47B4-B27E-8A6283D95C41}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BA83680-3B39-43AB-A1FA-E5358E1D1B9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3960E7B8-5912-4A84-B64F-5EA85E23349C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{76D6D301-73E4-444B-BD5C-7F2DA0CBC537}C:\program files (x86)\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\bluetooth suite\btvstack.exe
FirewallRules: [UDP Query User{6DE4466F-BDAE-4446-AFCD-A2373C4C1D5D}C:\program files (x86)\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{94B4B254-07B2-4ECA-BF1A-09FDBCD3F538}C:\program files (x86)\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{3D2494D6-4931-4E69-9224-53EAB537510E}C:\program files (x86)\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\bluetooth suite\bttray.exe
FirewallRules: [{AC54F69E-812D-4CCC-BB51-79C370BCDEAE}] => (Allow) C:\windows\system32\lxeecoms.exe
FirewallRules: [{CE0F9AB6-06E2-4D92-AE36-2C6750C9CAB2}] => (Allow) C:\windows\system32\LXEEcoms.exe
FirewallRules: [{04CA2BD2-3668-4BFC-8A5B-307F12E60F43}] => (Allow) C:\windows\system32\LXEEcoms.exe
FirewallRules: [{2F30060A-DCBA-439E-A507-AFB6C30089F3}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{58CB7136-0D81-4ADE-909E-9FC65265A514}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [TCP Query User{66C65679-01D6-4B50-A935-F4A2F78D5C3D}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{01DCE617-DC10-4D1F-A14A-459DB306F42E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{02AD87D8-1894-4C19-AF3A-D217389DE8BF}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{4AF4DBFE-AE61-4FF2-8E43-F2C65C93EFAD}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{9ED3729B-66C9-49ED-ABE9-78EACCF7AF34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72EAE78E-53F3-4AAB-8312-203F7339C292}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EA02AA08-7C16-4F50-9C4F-FF9886E3C0FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B53221E-35EE-48F3-B762-74EEE8A2860F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{326A4C3C-1933-480D-B151-0B2036220CE4}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

20-05-2017 23:01:41 Removed Sophos Virus Removal Tool.
25-05-2017 20:38:48 Removed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2017 08:41:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Exception code: 0xc0000005
Fault offset: 0x0000000000091cac
Faulting process id: 0xe58
Faulting application start time: 0x01d2d5746091b03e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 0aa04325-41ac-11e7-a86a-20689de5b948

Error: (05/25/2017 08:15:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15863102

Error: (05/25/2017 08:15:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15863102

Error: (05/25/2017 08:15:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2017 08:14:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15853071

Error: (05/25/2017 08:14:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15853071

Error: (05/25/2017 08:14:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2017 03:51:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36395

Error: (05/25/2017 03:51:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36395

Error: (05/25/2017 03:51:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (05/25/2017 08:15:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/25/2017 08:15:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/25/2017 08:15:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/25/2017 08:15:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/25/2017 08:15:52 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (05/25/2017 08:15:51 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (05/25/2017 03:19:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/25/2017 02:59:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/25/2017 01:01:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/25/2017 12:35:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

CodeIntegrity:
===================================
  Date: 2014-11-28 21:37:59.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-28 21:37:59.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 3976.57 MB
Available physical RAM: 1626.48 MB
Total Virtual: 7951.32 MB
Available Virtual: 4311.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.14 GB) (Free:331.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:20.32 GB) (Free:3.12 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E201C75A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of Addition.txt ============================



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 26 May 2017 - 11:14 PM

Hi Atlantic33,

 

I am reviewing your logs and preparing a fix for you. Thank you for your patience. :busy:

 

polskamachina



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 27 May 2017 - 09:40 PM

Hi Atlantic33 :)

 

Sorry for the delay. Let's get started.

We need to search for a file with FRST:

 

Please download an updated copy of FRST64 and save it your Desktop

  • Right-click FRST64.exe and select Run As Administrator
  • In the Search box, copy and paste the following: 
    cryptbase.dll
  • This time, click the Search Files button.
  • Allow FRST to run. it may take a while depending on how many files it has to process
  • When the scan has completed, a log file, Search.txt, will appear in the folder (Desktop) from which the tool was run
  • Please copy and paste that file into your next reply to me

Next:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click and select Run As Administrator
  • The tool will start to update the database if one is required
  • Click on the Scan button
  • AdwCleaner will begin...be patient as the scan may take some time to complete
  • After the scan has finished, click on the Logfile button
  • A window will open which lists the logs of your scans
  • Click on the Scan tab
  • Double-click the most recent scan which will be at the top of the list....the log will appear
  • Review the results...see note below
  • After reviewing the log, click on the Clean button
  • Press OK when asked to close all programs and follow the onscreen prompts
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report)
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list
  • Please copy and paste the contents of AdwCleaner[CX].txt in your next reply to me
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
    Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
    • Double-click on the setup file, mbam-setup-bc.1878-2.2.1.1043.exe, then click on Run to install.
    • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

      malwarebytes-anti-malware-fix-now.jpg
      .
    • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
      .
    • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
    • You will be prompted to update Malwarebytes...click on the Update Now button.

      malwarebytes-anti-malware-2-0-update-now
      .
    • The THREAT SCAN will automatically begin.

      malwarebytes-anti-malware-scan.jpg
      .
    • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

      malwarebytes-anti-malware-potential-thre
      .
    • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

      mbam4_zps490948cc.png
      .
    • After rebooting the computer, copy and paste the mbam.log in your next reply.
    • .To retrieve the Malwarebytes Anti-Malware scan log information:
      • Open Malwarebytes Anti-Malware.
      • Click the History Tab at the top and select Application Logs.
      • Select (check) the box next to Scan Log. Choose the most current scan.
      • Click the View button.
      • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
      • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
      • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system

In summary I will need from you:

  • Search.txt
  • AdwCleaner log
  • Malwarebytes log
  • How is your computer performing now?

Let me know if you have any questions.

polskamachina



#8 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 28 May 2017 - 07:50 AM

No worries for the delay, thanks for sending this along. I will be working on it today



#9 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 28 May 2017 - 08:07 AM

Results of the frst 64: stand by for my other copy and pastes

 

Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by The Sullivans (28-05-2017 08:56:02)
Running from C:\Users\The Sullivans\Downloads
Boot Mode: Normal

================== Search Files: "cryptbase.dll" =============

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23796_none_67a231b92598f2a9\cryptbase.dll
[2017-05-09 17:06][2017-04-27 20:07] 0036352 _____ (Microsoft Corporation) C132F6B85619F4C3EF6377C2D021820F [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23714_none_67f6b0852559e073\cryptbase.dll
[2017-04-11 13:18][2017-03-07 23:53] 0036352 _____ (Microsoft Corporation) 6B7A8624AD3141AC5F351173F35A5052 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23677_none_67b8cff52587d6f7\cryptbase.dll
[2017-03-15 11:55][2017-02-09 11:49] 0036352 _____ (Microsoft Corporation) 0E833F12D2B698604021E11AD0A7B14E [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23642_none_67d43e4725740471\cryptbase.dll
[2017-01-10 15:19][2017-01-05 13:19] 0036352 _____ (Microsoft Corporation) D1454D4A036F52E101F3E6536A7EE1AE [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23601_none_67fe7dad25547b56\cryptbase.dll
[2016-12-13 21:13][2016-11-20 11:52] 0036352 _____ (Microsoft Corporation) 345C404EB5BC39CBFED3E76F1198FA94 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23571_none_67b2cc53258d41c6\cryptbase.dll
[2016-12-08 15:00][2016-10-10 10:50] 0036352 _____ (Microsoft Corporation) 228CF2CB0632BB822D8700EB681EE934 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23545_none_67d73d3f2571534f\cryptbase.dll
[2016-10-11 14:20][2016-09-12 16:25] 0036352 _____ (Microsoft Corporation) 1512B0D94F550D5DABD2FDBC7CBA5B5B [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23539_none_67e60e5325659cba\cryptbase.dll
[2016-09-13 21:04][2016-09-02 10:49] 0036352 _____ (Microsoft Corporation) D3018C01809D5D7DBDCEF5F722B09E91 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23497_none_67a32c512598148b\cryptbase.dll
[2016-08-09 16:52][2016-07-08 10:50] 0036352 _____ (Microsoft Corporation) 7B5FD967AE05EF838F478684281FC6C1 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23452_none_67c96a8f257c2614\cryptbase.dll
[2016-06-15 21:05][2016-05-12 10:51] 0036352 _____ (Microsoft Corporation) 82B76132964E3E9D2140F1BE62515055 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23418_none_67faabfb25564e5a\cryptbase.dll
[2016-05-11 16:04][2016-04-09 01:37] 0036352 _____ (Microsoft Corporation) 3F6179FCEC6473F79FFA75B6ED7C7E11 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23392_none_679e28f9259c98b1\cryptbase.dll
[2016-04-12 17:19][2016-03-17 17:29] 0036352 _____ (Microsoft Corporation) B782F44A047D0D9459F0078A98AA8542 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23391_none_679d28af259d7f5a\cryptbase.dll
[2016-04-12 17:19][2016-03-16 13:25] 0036352 _____ (Microsoft Corporation) 5CC1691DB217BCF20A5F9CD690E042B5 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23390_none_679c2865259e6603\cryptbase.dll
[2016-04-12 17:18][2016-03-15 18:52] 0036352 _____ (Microsoft Corporation) 2E55D962D1E320EB992B590964299C4B [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23349_none_67db3a9b256dbe5d\cryptbase.dll
[2016-03-09 12:35][2016-02-10 13:28] 0036352 _____ (Microsoft Corporation) 0138EE7B1F769D2186AE3FA8E5DD52D0 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23338_none_67e50a3d25668915\cryptbase.dll
[2016-02-09 21:35][2016-01-22 02:07] 0036864 _____ (Microsoft Corporation) 1A11DD2F0C9008A2133BC46BED6A1DF2 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23334_none_67e10915256a23b9\cryptbase.dll
[2016-02-09 21:36][2016-01-16 19:06] 0036352 _____ (Microsoft Corporation) 72A2DB96C3F612E2BE5199C586CF3943 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23313_none_67f5a8a3255ad280\cryptbase.dll
[2016-01-12 14:24][2015-12-30 13:37] 0036352 _____ (Microsoft Corporation) D7928C0DE6C9F4D3E9ED4F6303977EC1 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23250_none_67c7662f257df918\cryptbase.dll
[2015-11-10 15:30][2015-10-19 20:47] 0036864 _____ (Microsoft Corporation) 71F5A705138A07EF6DBC1E590ED64DBA [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23249_none_67db38b5256dc136\cryptbase.dll
[2015-11-10 15:31][2015-10-16 13:43] 0036864 _____ (Microsoft Corporation) 1D4723EB26743E7A447B62C31AB707CC [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23223_none_67ead6d12562f14a\cryptbase.dll
[2015-10-13 15:05][2015-09-28 16:17] 0036864 _____ (Microsoft Corporation) FD53C0A012A11B9F079B4086D3EDB945 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23153_none_67ca6527257b47f6\cryptbase.dll
[2015-09-08 20:17][2015-08-04 13:52] 0036864 _____ (Microsoft Corporation) 58D2EA0E946C6304C251DDDB0E62C8EA [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23142_none_67d434c9257412ae\cryptbase.dll
[2015-09-08 20:17][2015-07-22 19:57] 0036864 _____ (Microsoft Corporation) 3FFEE33FFE96D39A85A01B5769CE4D19 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23136_none_67e305dd25685c19\cryptbase.dll
[2015-08-11 16:35][2015-07-15 13:49] 0036864 _____ (Microsoft Corporation) CC1FDB8FBAD5D47ECD8A938D40998672 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23126_none_67edd5c925604028\cryptbase.dll
[2015-08-11 16:34][2015-07-14 22:59] 0036864 _____ (Microsoft Corporation) E675794D90CD2ABAF2284F44FB6582B6 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23115_none_67f7a56b25590ae0\cryptbase.dll
[2015-07-16 14:31][2015-07-01 13:52] 0036864 _____ (Microsoft Corporation) 1F6632E76F1DF408CFEC04FDE7258F8C [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23112_none_67f4a48d255bbedb\cryptbase.dll
[2015-07-16 14:28][2015-06-27 14:04] 0036864 _____ (Microsoft Corporation) AA2707E9A9B8AE9FDD0F9800A89231E2 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19160_none_6732f9780c68753f\cryptbase.dll
[2016-03-09 12:35][2016-02-11 13:31] 0036352 _____ (Microsoft Corporation) 5D7A25E110E666040C37E16DF634A723 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19135_none_67586aae0c4ba01f\cryptbase.dll
[2016-02-09 21:35][2016-01-22 00:51] 0036352 _____ (Microsoft Corporation) 67BCCAF06AD5F12DC7599AC02A2C40E7 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19131_none_675469860c4f3ac3\cryptbase.dll
[2016-02-09 21:36][2016-01-16 13:32] 0036352 _____ (Microsoft Corporation) 7A07D6B54742CC2A086EF2052DC8A068 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19110_none_676909140c3fe98a\cryptbase.dll
[2016-01-12 14:24][2015-12-30 13:30] 0036352 _____ (Microsoft Corporation) ECA0236432A1C2E695FD50C3AC4CAFCE [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19045_none_674d98dc0c53bee9\cryptbase.dll
[2015-11-10 15:30][2015-10-19 20:45] 0036864 _____ (Microsoft Corporation) 1C9E00CA0D823DC672017D8AB92DBC2A [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19044_none_674c98920c54a592\cryptbase.dll
[2015-11-10 15:31][2015-10-17 13:48] 0036864 _____ (Microsoft Corporation) D8A6B1AD856E97B48C5ED1E9EFA67E24 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19043_none_674b98480c558c3b\cryptbase.dll
[2015-11-10 15:31][2015-10-16 13:37] 0036864 _____ (Microsoft Corporation) 78B798331D5ABABE83C0B4D17656F58C [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19018_none_6771097e0c38b71b\cryptbase.dll
[2015-10-13 15:06][2015-09-28 22:58] 0036864 _____ (Microsoft Corporation) 15192FC6BFCB37AE43A645A9C84AEF2F [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18939_none_675c91ce0c47d512\cryptbase.dll
[2015-09-08 20:17][2015-07-22 13:53] 0036864 _____ (Microsoft Corporation) 772D885BBEA6CD0A20BC6C24E63DB9E6 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18933_none_675690120c4d3d08\cryptbase.dll
[2015-08-11 16:35][2015-07-15 13:54] 0036864 _____ (Microsoft Corporation) 75706C0F199BC7658A98BEE452964587 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18923_none_67615ffe0c452117\cryptbase.dll
[2015-08-11 16:34][2015-07-14 22:55] 0036864 _____ (Microsoft Corporation) 65236D0F685FC427A0F07748DD6775A2 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18912_none_676b2fa00c3debcf\cryptbase.dll
[2015-07-16 14:31][2015-07-01 16:30] 0036864 _____ (Microsoft Corporation) E97B4515FC3846CB5C6853C40E71EF28 [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18909_none_677d01920c2f813f\cryptbase.dll
[2015-07-16 14:28][2015-06-27 13:50] 0036864 _____ (Microsoft Corporation) 42C3F28C43CB8094D4954212AAE0648D [File is digitally signed]

C:\windows\winsxs\x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7600.16385_none_653c2b9c0f4d8ca6\cryptbase.dll
[2009-07-13 19:12][2009-07-13 21:15] 0036864 _____ (Microsoft Corporation) F08F6FCD09F9BE94C37ACC1B344685FF [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23796_none_c3c0cd3cddf663df\cryptbase.dll
[2017-05-09 17:06][2017-04-27 21:09] 0043520 _____ (Microsoft Corporation) B93A549F378BBD47C16FDB920A64A93C [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23714_none_c4154c08ddb751a9\cryptbase.dll
[2017-04-11 13:18][2017-03-08 00:33] 0043520 _____ (Microsoft Corporation) 7DEC9B36E41341EC9F82C60A4FB4234D [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23677_none_c3d76b78dde5482d\cryptbase.dll
[2017-03-15 11:55][2017-02-09 12:31] 0043520 _____ (Microsoft Corporation) CC9D27AE621DFA994F06DC2779EC84A2 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23642_none_c3f2d9caddd175a7\cryptbase.dll
[2017-01-10 15:19][2017-01-05 14:52] 0043520 _____ (Microsoft Corporation) 30D8D88B22F969C923BD563D1F9D5C05 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23601_none_c41d1930ddb1ec8c\cryptbase.dll
[2016-12-13 21:13][2016-11-21 14:12] 0043520 _____ (Microsoft Corporation) E3CB22452C9323DBBE1AAADA7BD84E69 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23571_none_c3d167d6ddeab2fc\cryptbase.dll
[2016-12-08 15:00][2016-10-10 11:33] 0043520 _____ (Microsoft Corporation) B312BD44E030F8C8F64C02DFE8F3F69B [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23545_none_c3f5d8c2ddcec485\cryptbase.dll
[2016-10-11 14:20][2016-09-12 17:08] 0043520 _____ (Microsoft Corporation) 7641CBA62B9A1586786CC26D50485006 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23539_none_c404a9d6ddc30df0\cryptbase.dll
[2016-09-13 21:04][2016-09-02 11:30] 0043520 _____ (Microsoft Corporation) 3752B0A50F1A239BCD549C753774572C [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23497_none_c3c1c7d4ddf585c1\cryptbase.dll
[2016-08-09 16:52][2016-07-08 11:32] 0043520 _____ (Microsoft Corporation) 814D408924CF9B4109216BBC458517A9 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23452_none_c3e80612ddd9974a\cryptbase.dll
[2016-06-15 21:05][2016-05-12 13:14] 0043520 _____ (Microsoft Corporation) A549864CD8F4EED956698C6DCCC04C2C [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23418_none_c419477eddb3bf90\cryptbase.dll
[2016-05-11 16:04][2016-04-09 02:57] 0043520 _____ (Microsoft Corporation) F2474E18F6E4921CCA71AF6728A285D9 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23392_none_c3bcc47cddfa09e7\cryptbase.dll
[2016-04-12 17:19][2016-03-17 18:50] 0043520 _____ (Microsoft Corporation) 9C73710485E2E1540D869BDB8A8A68CA [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23391_none_c3bbc432ddfaf090\cryptbase.dll
[2016-04-12 17:19][2016-03-16 14:46] 0043520 _____ (Microsoft Corporation) 62C2EBF1B517CC439B5A16CAF06CBCAB [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23390_none_c3bac3e8ddfbd739\cryptbase.dll
[2016-04-12 17:18][2016-03-15 20:13] 0043520 _____ (Microsoft Corporation) 19EFB9D6A8F83542E71BC81ED671E99D [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23349_none_c3f9d61eddcb2f93\cryptbase.dll
[2016-03-09 12:35][2016-02-10 14:49] 0043520 _____ (Microsoft Corporation) A50E9F31CE848913917704144C5A619B [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23338_none_c403a5c0ddc3fa4b\cryptbase.dll
[2016-02-09 21:35][2016-01-22 02:28] 0044032 _____ (Microsoft Corporation) 8CEA0F0636161059DD1862DF320246AC [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23334_none_c3ffa498ddc794ef\cryptbase.dll
[2016-02-09 21:36][2016-01-16 20:29] 0043520 _____ (Microsoft Corporation) 105567FBAB8428620D999BB319A0A113 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23313_none_c4144426ddb843b6\cryptbase.dll
[2016-01-12 14:24][2015-12-30 15:08] 0043520 _____ (Microsoft Corporation) DA16416DE3753B79ED0428452195E83F [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23250_none_c3e601b2dddb6a4e\cryptbase.dll
[2015-11-10 15:30][2015-10-19 21:11] 0044032 _____ (Microsoft Corporation) 764B0B44B0A95A0AC3D9AF52BC212565 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23249_none_c3f9d438ddcb326c\cryptbase.dll
[2015-11-10 15:31][2015-10-16 14:11] 0044032 _____ (Microsoft Corporation) F3D29DA8381EFF5911DFA91F743D4989 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23226_none_c40c7332ddbdae85\cryptbase.dll
[2015-10-13 15:05][2015-10-01 14:06] 0044032 _____ (Microsoft Corporation) 0DBBE36716FADC464CA14686CF6EC87E [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23223_none_c4097254ddc06280\cryptbase.dll
[2015-10-13 15:06][2015-09-28 14:16] 0044032 _____ (Microsoft Corporation) 49142B24FC32C9F5315DAB69FF37A7EB [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23153_none_c3e900aaddd8b92c\cryptbase.dll
[2015-09-08 20:17][2015-08-04 14:12] 0044032 _____ (Microsoft Corporation) 71E13DA4D31671E9AD09341B84656C30 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23142_none_c3f2d04cddd183e4\cryptbase.dll
[2015-09-08 20:17][2015-07-22 18:03] 0044032 _____ (Microsoft Corporation) 179E73AFACB9CAA51B5DB8C7541FB9EC [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23136_none_c401a160ddc5cd4f\cryptbase.dll
[2015-08-11 16:35][2015-07-15 14:09] 0044032 _____ (Microsoft Corporation) 77DBBDB88976154D02FE1DF5EEE6BBA1 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23126_none_c40c714cddbdb15e\cryptbase.dll
[2015-08-11 16:34][2015-07-14 23:19] 0044032 _____ (Microsoft Corporation) 41EA624FCA60939BE73828B5386E8BF5 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23115_none_c41640eeddb67c16\cryptbase.dll
[2015-07-16 14:31][2015-07-01 14:20] 0044032 _____ (Microsoft Corporation) DA160A42DC899DDDD0D368C3D1BA587A [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23112_none_c4134010ddb93011\cryptbase.dll
[2015-07-16 14:28][2015-06-27 14:12] 0044032 _____ (Microsoft Corporation) 9E42DD48EB6211E091646AC333CAD2E9 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19160_none_c35194fbc4c5e675\cryptbase.dll
[2016-03-09 12:35][2016-02-11 14:42] 0043520 _____ (Microsoft Corporation) E7D004C3EC24A3C2AD6FAF1855F29DC9 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19135_none_c3770631c4a91155\cryptbase.dll
[2016-02-09 21:35][2016-01-22 02:13] 0043520 _____ (Microsoft Corporation) 51F4A1B05E04EEAB0856A2C97958656C [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19131_none_c3730509c4acabf9\cryptbase.dll
[2016-02-09 21:36][2016-01-16 14:56] 0043520 _____ (Microsoft Corporation) CF0B39197980D51C7F63C7428FD92BA4 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19110_none_c387a497c49d5ac0\cryptbase.dll
[2016-01-12 14:24][2015-12-30 14:55] 0043520 _____ (Microsoft Corporation) 8645BD647D1ECEB0E6F90E01A4C412EA [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19045_none_c36c345fc4b1301f\cryptbase.dll
[2015-11-10 15:30][2015-10-19 21:05] 0044032 _____ (Microsoft Corporation) 9102E19E45AEDE6077023CF2945261F3 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19044_none_c36b3415c4b216c8\cryptbase.dll
[2015-11-10 15:31][2015-10-17 14:09] 0044032 _____ (Microsoft Corporation) EF74ABA27B854CBE440A4CA241EFB104 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19043_none_c36a33cbc4b2fd71\cryptbase.dll
[2015-11-10 15:31][2015-10-16 14:04] 0044032 _____ (Microsoft Corporation) 854E7750B53B6D8A6FF9A16724DEE4A1 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19018_none_c38fa501c4962851\cryptbase.dll
[2015-10-13 15:06][2015-09-28 23:10] 0044032 _____ (Microsoft Corporation) 3CF93F8BA5016A86073F7ACE4A225D69 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18939_none_c37b2d51c4a54648\cryptbase.dll
[2015-09-08 20:17][2015-07-22 20:02] 0044032 _____ (Microsoft Corporation) E56F2CCCB1AE74A740B8F89818C0380F [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18933_none_c3752b95c4aaae3e\cryptbase.dll
[2015-08-11 16:35][2015-07-15 14:10] 0044032 _____ (Microsoft Corporation) 98432481E11B9EDB54A2B069E465D1CB [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18923_none_c37ffb81c4a2924d\cryptbase.dll
[2015-08-11 16:34][2015-07-14 23:19] 0044032 _____ (Microsoft Corporation) 877C202B847CFA4C3BA7DDB62EB7AB65 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18912_none_c389cb23c49b5d05\cryptbase.dll
[2015-07-16 14:31][2015-07-01 16:48] 0044032 _____ (Microsoft Corporation) E8560BC8E1B85A5A081AEF43626187B1 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18909_none_c39b9d15c48cf275\cryptbase.dll
[2015-07-16 14:28][2015-06-27 14:03] 0044032 _____ (Microsoft Corporation) 6D6208B927C0FF8062737AC9D42AEAD7 [File is digitally signed]

C:\windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7600.16385_none_c15ac71fc7aafddc\cryptbase.dll
[2009-07-13 19:20][2009-07-13 21:40] 0044032 _____ (Microsoft Corporation) 784FA3DF338E2E8F5F0389D6FAC428AF [File is digitally signed]

C:\windows\SysWOW64\cryptbase.dll
[2017-05-09 17:06][2017-04-27 20:07] 0036352 _____ (Microsoft Corporation) C132F6B85619F4C3EF6377C2D021820F [File is digitally signed]

C:\windows\System32\cryptbase.dll
[2017-05-09 17:06][2017-04-27 21:09] 0043520 _____ (Microsoft Corporation) B93A549F378BBD47C16FDB920A64A93C [File is digitally signed]

C:\windows\System32\sysprep\cryptbase.dll
[2014-04-21 21:54][2014-04-21 21:54] 0361088 _____ (Qualcomm Atheros Commnucations) 2FCF6665DC150652E7341A2EB306EE99 [File not signed]

====== End of Search ======



#10 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 28 May 2017 - 08:18 AM

Adwcleaner was just run and took about 30 seconds to say no threats found. Concerns me because Norton detects it. Here is the log: stand by for more logs

 

# AdwCleaner v6.047 - Logfile created 28/05/2017 at 09:10:54
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-26.6 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : The Sullivans - THESULLIVANS-HP
# Running from : C:\Users\The Sullivans\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5935 Bytes] - [31/03/2017 14:05:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [5482 Bytes] - [31/03/2017 14:03:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [1176 Bytes] - [28/05/2017 09:10:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1249 Bytes] ##########



#11 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 28 May 2017 - 09:18 AM

The malwarebytes was downloaded and instructions followed correctly however after the scan there were no threats found and no restart or log was produced. I am doing a custom scan with the malwarebytes under the C drive. The custom scan for C: drive located one threat: PUP.Optional.Mindspark hwidkrwtkb\tooltabExtension.dll. I quarantined it however I do not believe that this is the threat I have been encountering.

 

My computer still runs the same. Slow and sluggish especially when loading websites. Norton still detects the virus I originally wrote in about..


Edited by Atlantic33, 28 May 2017 - 12:12 PM.


#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 29 May 2017 - 04:48 PM

Hi Atlantic33 :)
 
I have a question for you. Your logs showed that Norton Internet Security has been disabled. Have you re-enabled it since your FRST scan on May 25?
 
Next:
 
Please perform the following tasks:
 
I would like to evaluate the file, C:\windows\System32\sysprep\cryptbase.dll

  • Navigate to this website: https://www.virustotal.com/
  • Click on the empty selection box and a file browser window will appear
  • Find the file, C:\windows\System32\sysprep\cryptbase.dll
  • Click on, Scan it!
  • Copy and paste the link to the report into your next reply to me

The following operation will clean out all your temporary files and your Recycle bin. If there are any files you would like to retrieve from your Recycle bin, you should restore them now!

  • Open Notepad
  • Copy and paste the text below in its entirety into an empty Notepad window:
CreateRestorePoint:
CloseProcesses:
Folder: C:\windows\System32\sysprep
emptytemp:
  • Save the file to your Downloads folder as fixlist.txt  Note: FRST64 and fixlist.txt must be in the same folder in order for the fix to work.
  • Run FRST64
  • Click on Fix
  • It should only take a few moments for the fix to complete
  • If you are asked to restart your computer, please do so
  • When the fix has completed, a new file will be created named Fixlog.txt, and it will be saved to your Downloads folder
  • Please copy and paste that log into your next reply to me

In summary I will need from you:

  • Virustotal link to analysis of cryptbase.dll file
  • Fixlog.txt
  • Is Norton still detecting the virus?
  • How is your computer performing now?

polskamachina



#13 Atlantic33

Atlantic33
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 31 May 2017 - 08:32 PM

Hi, yes I have since re-enabled my Norton. I had to disable it before because it would not allow me to run some of the scans. I am going to next follow your instructions for the next steps. I will need a few days before I can complete this due to time constraints I have so please hang in there with me, I haven't gone anywhere. I will be back in about 2 days.  

 

Thanks

-A



#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 31 May 2017 - 09:35 PM

No problem. Thank you for checking in. See you in a couple of days. :)
 
polskamachina



#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 04 June 2017 - 10:46 AM

Hi Atlantic33 :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users