Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016 Ran by Wally (administrator) on WALLY_OFFICE (29-01-2016 14:32:46) Running from C:\Users\Wally\Desktop Loaded Profiles: Wally (Available Profiles: Wally & DefaultAppPool) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\n360.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\n360.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe (COMODO) C:\ZZZ\CCE\CCE.exe (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\nacl64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\conathst.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Users\Wally\AppData\Local\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\vdeck.exe [2243584 2009-07-28] (VIA) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [72736 2016-01-18] (Prosoftnet) HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1985056 2016-01-18] (Prosoftnet) HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [Spotify Web Helper] => C:\Users\Wally\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-27] (Spotify Ltd) HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [join.me.launcher] => C:\Users\Wally\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc) HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-21] (SUPERAntiSpyware) HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A) ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A) ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-15] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Wally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8610.lnk [2015-10-22] CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{329f6fe0-f89c-4917-8c6a-1171e2c847e8}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/ HKU\S-1-5-21-1830817234-4242773262-1291581639-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://finance.yahoo.com/ hxxp://nria.net/ BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll => No File BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-26] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-26] (Oracle Corporation) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.) Toolbar: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.) Toolbar: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File Toolbar: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation) Toolbar: HKU\S-1-5-21-1830817234-4242773262-1291581639-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Wally\AppData\Roaming\Mozilla\Firefox\Profiles\n2umwrkm.default FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10082_campaign_141219__yaff FF SearchEngineOrder.1: Yahoo FF SearchEngineOrder.2: FF SelectedSearchEngine: Yahoo FF Homepage: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_wcyid10082_campaign_141219__yaff FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20141040,20030,0,100,0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-26] (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [No File] FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-07-26] ( ) FF Plugin-x32: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin) FF Plugin-x32: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin) FF Plugin HKU\S-1-5-21-1830817234-4242773262-1291581639-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Wally\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Plugin HKU\S-1-5-21-1830817234-4242773262-1291581639-1000: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin) FF Plugin HKU\S-1-5-21-1830817234-4242773262-1291581639-1000: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin) FF Plugin HKU\S-1-5-21-1830817234-4242773262-1291581639-1000: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin) FF Plugin ProgramFiles/Appdata: C:\Users\Wally\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-10-29] (Google) FF Extension: Yahoo! Toolbar - C:\Users\Wally\AppData\Roaming\Mozilla\Firefox\Profiles\n2umwrkm.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-02-28] [not signed] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-01-14] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-08-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Thunderbird\Extensions: [eacontb@outlook-apps.com] - C:\Program Files (x86)\DS Development\Email Address Collector\ThunderbirdExtension FF Extension: Email Address Collector connector - C:\Program Files (x86)\DS Development\Email Address Collector\ThunderbirdExtension [2015-02-28] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://vinstaller.com/kmsx/yhome.html?hspart=w3i&hsimp=yhs-syctransfer&type=__PARAM__ CHR StartupUrls: Default -> "hxxp://www.msn.com/","hxxp://www.finance.yahoo.com/","hxxp://www.cnbc.com/" CHR DefaultSearchURL: Default -> hxxp://vinstaller.com/kmsx/ysearch.html?hspart=w3i&fr=w3i&p={searchTerms}&type=__PARAM__ CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxp://vinstaller.com/kmsx/ysuggest.html?output=fxjson&command={searchTerms} CHR Profile: C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bejeweled) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-02-27] CHR Extension: (Google Drive) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (McAfee Security Scan+) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-20] CHR Extension: (Norton Security Toolbar) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-07] CHR Extension: (Google Search) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Norton Identity Safe) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-29] CHR Extension: (Google Maps) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18] CHR Extension: (Norton Identity Safe) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgpiocdhdmnglomggfjkkonjjfahnom [2014-06-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01] CHR Extension: (Bitdefender QuickScan) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-15] CHR Extension: (Gmail) - C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-29] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-29] CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [154656 2016-01-18] (Prosoftnet) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.) R2 N360; C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [216080 2012-07-26] (Nitro PDF Software) R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [15552 2012-11-08] (Seagate Technology LLC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20160125.001_716\BHDrvx64.sys [1665608 2016-01-25] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20160128.001\IDSvia64.sys [767224 2016-01-27] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20160129.001\ENG64.SYS [138488 2016-01-27] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20160129.001\EX64.SYS [2148080 2016-01-27] (Symantec Corporation) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.) R1 RemotePCHelpDesk; C:\Windows\system32\DRIVERS\RemotePCHelpDesk.sys [13120 2012-10-05] (Pro Softnet Crop provider) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-29] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-29 14:32 - 2016-01-29 14:33 - 00025767 _____ C:\Users\Wally\Desktop\FRST.txt 2016-01-29 14:32 - 2016-01-29 14:32 - 00000000 ____D C:\FRST 2016-01-29 14:31 - 2016-01-29 14:32 - 02370560 _____ (Farbar) C:\Users\Wally\Desktop\FRST64.exe 2016-01-29 13:42 - 2016-01-29 13:42 - 00000768 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt 2016-01-29 12:32 - 2016-01-29 12:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Identity Safe 2016-01-29 10:57 - 2016-01-29 10:59 - 00076120 _____ C:\TDSSKiller.3.1.0.9_29.01.2016_10.57.36_log.txt 2016-01-29 10:56 - 2016-01-29 10:56 - 25543261 _____ C:\Users\Wally\Desktop\cce_2.5.242177.201_x64.zip 2016-01-29 08:37 - 2016-01-29 08:37 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Wally\Desktop\tdsskiller.exe 2016-01-29 08:37 - 2016-01-29 08:37 - 00004490 _____ C:\TDSSKiller.3.1.0.9_29.01.2016_08.37.30_log.txt 2016-01-28 15:17 - 2016-01-28 15:17 - 00001889 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-01-28 15:17 - 2016-01-28 15:17 - 00000000 ____D C:\Users\Wally\AppData\Roaming\SUPERAntiSpyware.com 2016-01-28 15:17 - 2016-01-28 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-01-28 15:16 - 2016-01-28 15:16 - 24553296 _____ (SUPERAntiSpyware) C:\Users\Wally\Desktop\SUPERAntiSpyware.exe 2016-01-28 13:49 - 2016-01-28 14:32 - 00000000 ____D C:\EEK 2016-01-28 13:48 - 2016-01-28 13:48 - 210336376 _____ C:\Users\Wally\Desktop\EmsisoftEmergencyKit.exe 2016-01-28 09:49 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-01-28 09:49 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-01-28 09:49 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-01-28 09:49 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-01-28 09:49 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-01-28 09:48 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-01-28 09:48 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-28 09:48 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-28 09:48 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-28 09:48 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2016-01-28 09:48 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-28 09:48 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-28 09:48 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-01-28 09:48 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-01-28 09:48 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-01-28 09:48 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-01-28 09:48 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2016-01-28 09:48 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-01-28 09:48 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-01-28 09:48 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2016-01-28 09:48 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2016-01-28 09:48 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-28 09:48 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-01-28 09:48 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-01-28 09:48 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-01-28 09:48 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-01-28 09:48 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-01-28 09:48 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-01-28 09:48 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-01-28 09:48 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-01-28 09:48 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-01-28 09:48 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-01-28 09:48 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-01-28 09:48 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-01-28 09:48 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll 2016-01-28 09:48 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2016-01-28 09:48 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll 2016-01-28 09:48 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-01-28 09:48 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll 2016-01-28 09:48 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-01-28 09:48 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-01-28 09:48 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll 2016-01-28 09:48 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2016-01-28 09:48 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe 2016-01-28 09:48 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2016-01-28 09:48 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-01-28 09:48 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-01-28 09:48 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll 2016-01-28 09:48 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll 2016-01-28 09:48 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-01-28 09:48 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-01-28 09:48 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-01-28 09:48 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll 2016-01-28 09:48 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-01-28 09:48 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2016-01-28 09:48 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-01-28 09:48 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll 2016-01-28 09:48 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2016-01-28 09:48 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-01-28 09:48 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-01-28 09:48 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll 2016-01-28 09:48 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-01-28 09:48 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2016-01-28 09:48 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2016-01-28 09:48 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-01-28 09:48 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll 2016-01-28 09:48 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2016-01-28 09:48 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2016-01-28 09:48 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-01-28 09:48 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-01-28 09:48 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2016-01-28 09:48 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2016-01-28 09:48 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-01-28 09:48 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-01-28 09:48 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-01-28 09:48 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-01-28 09:48 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe 2016-01-28 09:48 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-01-28 09:48 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-01-28 09:48 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-01-28 09:48 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-01-28 09:48 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll 2016-01-28 09:48 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll 2016-01-28 09:48 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-01-28 09:48 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-01-28 09:48 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-01-28 09:48 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-01-28 09:48 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-01-28 09:48 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2016-01-28 09:48 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll 2016-01-28 09:48 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-01-28 09:48 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-01-28 09:48 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-01-28 09:48 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll 2016-01-28 09:48 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-01-28 09:48 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2016-01-28 09:48 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-01-28 09:48 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-01-28 09:48 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-01-28 09:48 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-01-28 09:48 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-01-28 09:48 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-01-28 09:48 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-01-28 09:48 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-01-28 09:48 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-01-28 09:48 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-01-28 09:48 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-01-28 09:48 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-01-28 09:48 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2016-01-28 09:48 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-01-28 09:48 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-01-28 09:48 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-01-28 09:48 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-01-28 09:48 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-01-28 09:48 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-01-28 09:48 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-28 09:48 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-01-28 09:48 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-01-28 09:48 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-01-28 09:48 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-01-28 09:48 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-01-28 09:48 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-01-28 09:48 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-01-28 09:48 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-01-28 08:16 - 2016-01-28 08:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-01-27 17:21 - 2016-01-27 17:21 - 00014809 _____ C:\Users\Wally\Desktop\ad11adqp-1.pdf 2016-01-27 17:20 - 2016-01-27 17:20 - 00014807 _____ C:\Users\Wally\Desktop\ad11adqp.pdf 2016-01-27 16:32 - 2016-01-27 16:44 - 00498024 _____ C:\Users\Wally\Desktop\BASE App.pdf 2016-01-27 09:30 - 2016-01-27 09:30 - 00025088 _____ C:\Users\Wally\Desktop\qcheck2015.xls 2016-01-27 09:16 - 2016-01-27 09:23 - 00003289 _____ C:\Users\Wally\Desktop\qcheck2015.TXT 2016-01-25 15:12 - 2015-12-30 14:20 - 07549473 _____ C:\Users\Wally\Desktop\DebtManagementApp.pdf 2016-01-25 10:04 - 2016-01-25 10:04 - 00000298 _____ C:\Users\Wally\Desktop\xxxexportemail.txt 2016-01-24 12:00 - 2016-01-24 12:01 - 05243562 _____ C:\Users\Wally\Downloads\SampleBusinessCreditReport.zip 2016-01-24 10:35 - 2016-01-28 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-22 17:17 - 2016-01-22 17:17 - 00022424 _____ C:\Users\Wally\Desktop\Tucker Albin Associates Letter.pdf 2016-01-22 17:17 - 2016-01-22 17:17 - 00020905 _____ C:\Users\Wally\Desktop\PDL Recovery Letter.pdf 2016-01-21 16:04 - 2016-01-21 16:04 - 00288623 _____ C:\Users\Wally\Downloads\116382244.pdf 2016-01-20 11:10 - 2016-01-28 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive 2016-01-20 11:10 - 2016-01-20 11:10 - 00001249 _____ C:\Users\Public\Desktop\IDrive.lnk 2016-01-20 11:10 - 2015-11-25 13:03 - 00533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll 2016-01-20 11:10 - 2015-11-25 13:03 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll 2016-01-15 12:54 - 2016-01-15 12:54 - 00023040 _____ C:\Users\Wally\Downloads\bank-routing (1).xls 2016-01-15 12:53 - 2016-01-15 12:53 - 00023040 _____ C:\Users\Wally\Downloads\bank-routing.xls 2016-01-15 10:59 - 2016-01-15 10:59 - 03023349 _____ C:\Users\Wally\Desktop\FedACHdir.txt 2016-01-15 09:31 - 2016-01-15 09:31 - 00683965 _____ C:\Users\Wally\Downloads\01-14-2016.pdf 2016-01-15 07:51 - 2016-01-28 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-01-15 07:51 - 2016-01-15 07:51 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-01-15 07:51 - 2016-01-15 07:51 - 00000903 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-01-15 07:51 - 2016-01-15 07:51 - 00000000 ____D C:\Program Files\CCleaner 2016-01-15 07:50 - 2016-01-15 07:50 - 06805328 _____ (Piriform Ltd) C:\Users\Wally\Downloads\ccsetup513.exe 2016-01-15 07:46 - 2016-01-28 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-01-15 07:46 - 2016-01-15 07:46 - 00002049 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-01-14 10:24 - 2016-01-14 10:24 - 00301687 _____ C:\Users\Wally\Desktop\Srbu-prt-un16011408020.pdf 2016-01-14 09:51 - 2016-01-14 09:51 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (22).exe 2016-01-13 15:49 - 2016-01-21 16:34 - 00020132 _____ C:\Users\Wally\Desktop\cashflow2015.xlsx 2016-01-13 08:35 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-01-13 08:35 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-01-13 08:35 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-01-13 08:35 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2016-01-13 08:35 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2016-01-13 08:35 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2016-01-13 08:35 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2016-01-13 08:35 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-01-13 08:35 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-01-13 08:35 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-01-13 08:35 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-01-13 08:35 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll 2016-01-13 08:35 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-01-13 08:35 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-01-13 08:35 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-01-13 08:35 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-01-13 08:35 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll 2016-01-13 08:35 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-01-13 08:35 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-01-13 08:35 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-01-13 08:35 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-01-13 08:35 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll 2016-01-13 08:35 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-01-13 08:35 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2016-01-13 08:35 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL 2016-01-13 08:35 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-01-13 08:35 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL 2016-01-13 08:35 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL 2016-01-13 08:35 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll 2016-01-13 08:35 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll 2016-01-13 08:35 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2016-01-13 08:35 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-01-13 08:35 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx 2016-01-13 08:35 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-01-13 08:35 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-01-13 08:35 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2016-01-13 08:35 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-01-13 08:35 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-01-13 08:35 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-01-13 08:35 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL 2016-01-13 08:35 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-01-13 08:35 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2016-01-13 08:35 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll 2016-01-13 08:35 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL 2016-01-13 08:35 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll 2016-01-13 08:35 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll 2016-01-13 08:35 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-01-13 08:35 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-01-13 08:35 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2016-01-13 08:35 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2016-01-13 08:35 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-01-13 08:35 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx 2016-01-13 08:35 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2016-01-13 08:35 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-01-13 08:35 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-01-13 08:35 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2016-01-13 08:35 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL 2016-01-13 08:35 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-01-13 08:35 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL 2016-01-13 08:35 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll 2016-01-13 08:35 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-01-13 08:35 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-01-13 08:35 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-01-13 08:35 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2016-01-13 08:35 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-01-13 08:35 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2016-01-13 08:35 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-01-13 08:35 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-01-13 08:35 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-01-13 08:35 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-01-13 08:35 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-01-13 08:35 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-01-13 08:35 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-01-13 07:57 - 2016-01-13 07:57 - 00198327 _____ C:\Users\Wally\Desktop\OccidentalApp3Pgs.pdf 2016-01-12 13:38 - 2016-01-12 13:38 - 00348995 _____ C:\Users\Wally\Desktop\Occidental MPA 121815.pdf 2016-01-12 11:05 - 2016-01-12 11:53 - 00000000 ____D C:\Users\Wally\AppData\Local\Blue Jeans 2016-01-12 11:05 - 2016-01-12 11:05 - 00000000 ____D C:\Users\Wally\AppData\LocalLow\Blue Jeans 2016-01-12 08:07 - 2016-01-12 08:07 - 00682812 _____ C:\Users\Wally\Downloads\12-14-2015 (1).pdf 2016-01-10 09:08 - 2016-01-10 09:08 - 05299712 _____ C:\Users\Wally\Downloads\ZohoAssist.msi 2016-01-09 09:52 - 2016-01-09 09:52 - 00112023 _____ C:\Users\Wally\Desktop\PDLRecovery.pdf 2016-01-08 14:30 - 2016-01-28 10:25 - 00000000 ____D C:\Users\Wally\AppData\Local\Mozilla Thunderbird 2016-01-07 16:23 - 2016-01-07 16:23 - 00577728 _____ (Zoho) C:\Users\Wally\Downloads\UnattendedClient.exe 2016-01-07 13:05 - 2016-01-12 12:31 - 00000000 ____D C:\Users\Wally\AppData\Local\ZohoMeeting 2016-01-07 13:05 - 2016-01-07 13:05 - 00577728 _____ (Zoho) C:\Users\Wally\Downloads\Join.exe 2016-01-07 13:05 - 2016-01-07 13:05 - 00000000 ____D C:\Program Files (x86)\ZohoMeeting 2016-01-07 12:28 - 2016-01-07 12:28 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (8).exe 2016-01-07 12:10 - 2016-01-07 12:10 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (7).exe 2016-01-06 11:04 - 2016-01-06 11:04 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (21).exe 2016-01-06 11:04 - 2016-01-06 11:04 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (20).exe 2016-01-06 10:56 - 2016-01-06 10:56 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (6).exe 2016-01-05 07:51 - 2016-01-05 08:00 - 00000000 ____D C:\Users\Wally\AppData\LocalLow\WebEx 2016-01-05 07:51 - 2016-01-05 07:52 - 00000000 ____D C:\ProgramData\WebEx 2016-01-05 07:51 - 2016-01-05 07:51 - 00318383 _____ C:\Users\Wally\AppData\LocalLow\Pre96EC.tmp 2016-01-05 07:51 - 2016-01-05 07:51 - 00300792 _____ (Cisco WebEx LLC) C:\Users\Wally\Downloads\X19fbWVldGluZ3NfMzkzODMyNjE2Ml9YOE9QWUJZSzhZQ0JQSDVWRjRUMVZQWE5WNl9XQlgxMV9l_webex.exe 2016-01-05 07:51 - 2016-01-05 07:51 - 00297645 _____ C:\Users\Wally\AppData\LocalLow\Pre9351.tmp 2016-01-05 07:51 - 2016-01-05 07:51 - 00142137 _____ C:\Users\Wally\AppData\LocalLow\Pre90BF.tmp 2016-01-04 16:56 - 2016-01-04 16:56 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (19).exe 2016-01-04 16:55 - 2016-01-04 16:55 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (18).exe 2016-01-04 16:50 - 2016-01-04 16:50 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (17).exe 2016-01-04 16:48 - 2016-01-04 16:48 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (16).exe 2016-01-04 16:46 - 2016-01-04 16:47 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (15).exe 2016-01-04 16:26 - 2016-01-04 16:26 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (14).exe 2016-01-04 16:26 - 2016-01-04 16:26 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (13).exe 2016-01-04 15:03 - 2016-01-04 15:03 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (5).exe 2016-01-04 14:21 - 2016-01-04 14:21 - 00003254 _____ C:\WINDOWS\System32\Tasks\{34D3AB12-8046-4169-BCED-3C2AD50881F1} 2016-01-04 12:21 - 2016-01-04 12:21 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (12).exe 2016-01-04 12:13 - 2016-01-04 12:13 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFiles (3).exe 2016-01-04 12:10 - 2016-01-04 12:10 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (11).exe 2016-01-04 11:50 - 2016-01-04 11:50 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (4).exe 2016-01-04 10:32 - 2016-01-04 10:32 - 03148994 _____ C:\Users\Wally\Downloads\QCheckExpireFix (1).exe 2016-01-04 08:18 - 2016-01-04 08:18 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (10).exe 2016-01-03 11:18 - 2016-01-03 11:18 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (3).exe 2016-01-03 11:17 - 2016-01-03 11:17 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (2).exe 2016-01-03 11:03 - 2016-01-03 11:03 - 14100240 _____ (LogMeIn, Inc.) C:\Users\Wally\Downloads\join.me (1).exe 2016-01-03 10:24 - 2016-01-03 10:24 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFiles (2).exe 2016-01-03 10:18 - 2016-01-03 10:18 - 00025178 _____ C:\Users\Wally\Documents\list.xlsx 2016-01-03 10:16 - 2016-01-03 10:16 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFiles (1).exe 2016-01-03 10:07 - 2016-01-03 10:07 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFiles.exe 2016-01-03 09:12 - 2016-01-03 09:12 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (9).exe 2016-01-03 08:49 - 2016-01-03 08:49 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (8).exe 2016-01-03 08:47 - 2016-01-03 08:47 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (7).exe 2016-01-02 16:35 - 2016-01-02 16:35 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (6).exe 2016-01-02 16:31 - 2016-01-02 16:31 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (5).exe 2016-01-02 15:06 - 2016-01-02 15:06 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (4).exe 2016-01-02 14:59 - 2016-01-02 15:00 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (3).exe 2016-01-02 14:58 - 2016-01-02 14:58 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (2).exe 2016-01-02 14:55 - 2016-01-02 14:55 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck2015Update (1).exe 2016-01-02 14:46 - 2016-01-02 14:46 - 03148994 _____ C:\Users\Wally\Downloads\QCheckExpireFix.exe 2016-01-02 11:02 - 2016-01-02 11:02 - 00000000 ____D C:\Users\Wally\AppData\Roaming\join.me 2016-01-02 10:58 - 2016-01-02 11:01 - 21883392 _____ C:\Users\Wally\Downloads\join.me.msi 2016-01-02 10:04 - 2016-01-02 10:05 - 04165073 _____ C:\Users\Wally\Downloads\QCheckUpdateEBSSoftware (1).exe 2016-01-02 10:04 - 2016-01-02 10:04 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck (1).exe 2016-01-02 10:02 - 2016-01-02 10:02 - 04165073 _____ C:\Users\Wally\Downloads\QCheckUpdateEBSSoftware.exe 2016-01-02 10:00 - 2016-01-02 10:01 - 04165060 _____ C:\Users\Wally\Downloads\QCheckUpdateFilesQCheck.exe 2016-01-02 09:54 - 2016-01-02 09:54 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck2015Update.exe 2016-01-02 09:27 - 2016-01-02 09:27 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck_Repair (2).exe 2016-01-02 09:07 - 2016-01-02 09:07 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck_Repair (4).exe 2016-01-02 09:06 - 2016-01-02 09:06 - 07229045 _____ (Q~Check ) C:\Users\Wally\Downloads\QCheck_Repair (3).exe 2015-12-31 12:26 - 2016-01-13 15:55 - 00001665 _____ C:\Users\Public\Desktop\Q~Check.lnk 2015-12-30 11:37 - 2015-12-30 11:37 - 00029650 _____ C:\Users\Wally\Downloads\Single-or-Recurring-Invoice-Charge-Authorization.docx 2015-12-30 10:35 - 2015-12-30 10:35 - 03760672 _____ (Screenleap, Inc.) C:\Users\Wally\Downloads\ScreenleapInst.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-29 14:06 - 2015-12-01 09:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360 2016-01-29 13:58 - 2012-08-30 16:02 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-29 13:57 - 2015-12-02 12:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-29 13:57 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-01-29 13:47 - 2012-08-31 00:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-01-29 13:33 - 2012-08-31 11:17 - 00000000 ____D C:\@Q~Check Verify Client Load 2016-01-29 12:46 - 2012-08-30 16:02 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-29 12:21 - 2015-06-15 11:17 - 00000000 ____D C:\ProgramData\IDrive 2016-01-29 11:55 - 2014-01-09 09:37 - 00002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-01-29 11:09 - 2015-02-18 12:32 - 00000000 ____D C:\ZZZ 2016-01-29 10:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-01-29 08:38 - 2015-12-02 12:13 - 00000000 ____D C:\Users\Wally 2016-01-29 08:25 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-01-29 08:23 - 2015-08-29 10:13 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{96EF3B55-7427-446B-BB87-4588D105ADA6} 2016-01-28 16:31 - 2015-12-02 12:12 - 01009756 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-01-28 16:31 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF 2016-01-28 15:28 - 2012-09-02 14:16 - 00000000 ____D C:\EFTPC 2016-01-28 15:17 - 2015-06-25 09:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-01-28 14:23 - 2015-08-29 09:11 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-01-28 14:22 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-01-28 14:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-01-28 13:44 - 2015-01-23 11:43 - 00000000 ____D C:\Q~Check 2016-01-28 10:20 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-01-28 08:22 - 2014-12-24 08:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-01-28 08:17 - 2015-12-23 11:50 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL 2016-01-28 08:14 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-01-28 08:07 - 2012-09-05 12:09 - 00000000 ____D C:\Users\Wally\AppData\Roaming\IrfanView 2016-01-28 08:07 - 2012-08-30 17:22 - 00000000 ____D C:\ProgramData\Norton 2016-01-28 08:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration 2016-01-27 17:21 - 2012-09-04 10:41 - 00000000 ____D C:\Users\Wally\AppData\Roaming\PrimoPDF 2016-01-27 12:43 - 2015-12-02 14:01 - 00000000 ____D C:\Users\Wally\AppData\Local\Deployment 2016-01-25 11:04 - 2012-11-11 08:15 - 00000000 ____D C:\Users\Wally\Documents\MailStore Home 2016-01-25 11:04 - 2012-11-11 08:15 - 00000000 ____D C:\ProgramData\firebird 2016-01-22 14:18 - 2015-09-23 15:21 - 00000000 ____D C:\Stocks 2016-01-22 13:49 - 2012-08-31 11:51 - 00000000 ____D C:\@Backups 2016-01-22 12:27 - 2012-08-31 12:00 - 00000000 ____D C:\QInvoice 2016-01-20 11:10 - 2015-06-15 11:17 - 00000000 ____D C:\Program Files (x86)\IDriveWindows 2016-01-18 08:20 - 2012-09-01 08:53 - 00000000 ____D C:\@Webs Q~Check 2016-01-17 09:37 - 2012-09-01 07:29 - 00000000 ____D C:\Users\Wally\AppData\Roaming\FileZilla 2016-01-17 09:36 - 2012-09-01 07:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2016-01-17 09:36 - 2012-09-01 07:29 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2016-01-15 12:49 - 2012-09-01 08:41 - 00000000 ____D C:\@Q~Check Platinum 2016-01-15 10:06 - 2014-01-19 10:34 - 00000000 ____D C:\Users\Wally\AppData\Local\Spotify 2016-01-15 10:05 - 2014-01-19 10:33 - 00000000 ____D C:\Users\Wally\AppData\Roaming\Spotify 2016-01-15 07:53 - 2015-03-01 09:04 - 00000000 ____D C:\Users\Wally\AppData\Local\Packages 2016-01-15 07:46 - 2014-02-11 13:22 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-01-15 07:46 - 2009-07-13 21:34 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak 2016-01-14 15:11 - 2013-06-18 13:49 - 00000000 ____D C:\Program Files (x86)\FollowUpExpert_NEW 2016-01-13 09:33 - 2013-07-20 02:02 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-01-13 09:22 - 2012-09-01 07:27 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-01-10 10:05 - 2014-11-10 10:11 - 00000000 ____D C:\Home Files 2016-01-07 12:28 - 2012-12-05 08:49 - 00001095 _____ C:\Users\Wally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk 2016-01-07 12:28 - 2012-12-05 08:49 - 00001087 _____ C:\Users\Wally\Desktop\join.me.lnk 2016-01-07 12:28 - 2012-12-05 08:49 - 00000000 ____D C:\Users\Wally\AppData\Local\join.me 2016-01-07 08:38 - 2014-05-09 14:34 - 00000000 ____D C:\@Q~Check Update 2016-01-05 13:52 - 2013-06-20 09:51 - 00000000 ____D C:\Downloads Save 2016-01-05 08:00 - 2015-01-17 11:58 - 00000000 ____D C:\Users\Wally\AppData\Roaming\webex 2016-01-04 11:08 - 2012-08-30 14:55 - 00051848 _____ C:\Users\Wally\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-01 10:11 - 2015-12-02 12:04 - 00292768 _____ C:\WINDOWS\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2014-10-16 16:24 - 2014-10-16 16:24 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe 2013-04-05 07:42 - 2014-09-15 10:06 - 0000096 _____ () C:\Users\Wally\AppData\Roaming\Camdata.ini 2013-04-05 07:42 - 2014-09-15 10:06 - 0000408 _____ () C:\Users\Wally\AppData\Roaming\CamLayout.ini 2013-04-05 07:42 - 2014-09-15 10:06 - 0000408 _____ () C:\Users\Wally\AppData\Roaming\CamShapes.ini 2013-04-05 07:22 - 2014-09-15 10:06 - 0004509 _____ () C:\Users\Wally\AppData\Roaming\CamStudio.cfg 2013-04-05 07:28 - 2013-08-20 09:40 - 0000000 _____ () C:\Users\Wally\AppData\Roaming\CamStudio.Producer.Data.ini 2013-04-05 07:28 - 2013-08-20 09:40 - 0001206 _____ () C:\Users\Wally\AppData\Roaming\CamStudio.Producer.ini 2012-09-05 16:11 - 2014-04-21 17:44 - 1101110 _____ () C:\Users\Wally\AppData\Roaming\wallyb.zip 2014-02-11 11:35 - 2014-03-01 18:31 - 0106780 _____ () C:\Users\Wally\AppData\Local\ars.cache 2014-02-11 11:35 - 2014-03-01 18:31 - 0316962 _____ () C:\Users\Wally\AppData\Local\census.cache 2014-02-11 08:54 - 2014-02-11 08:54 - 0000036 _____ () C:\Users\Wally\AppData\Local\housecall.guid.cache 2014-02-11 08:59 - 2014-03-01 16:22 - 0000010 _____ () C:\Users\Wally\AppData\Local\sponge.last.runtime.cache 2015-04-06 14:07 - 2015-04-06 14:07 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-28 13:13 ==================== End of FRST.txt ============================