Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected [Solved]


  • This topic is locked This topic is locked

#1
Soccer88

Soccer88

    New Member

  • Member
  • Pip
  • 3 posts

Hello, Last night I got a pop up from my Norton AntiVirus claiming that there was suspicious outgoing activity and I should do a Norton Power Eraser Scan. I did the scan, and the only things it suggested to remove were two games from Steam which I know are legitimate and would not be the source of a virus, plus I installed them well before this issue occurred. The power eraser did not detect anything malicious so I figured it was a false detection. Today I have noticed them sometimes when I click a link to a perfectly legitimate website I get pop-up windows that shouldn't be appearing because of these websites. I have done a full system scan fromnNorton AntiVirus and a MalwareByes Scan but neither have detected anything malicious. I'm pretty much 100% sure at this point that I have Malware but I have no way of getting rid of it.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-11-2015
Ran by *'s Laptop (administrator) on LAPTOP-PC (17-11-2015 12:39:09)
Running from C:\Users\*'s Laptop\Desktop
Loaded Profiles: *'s Laptop (Available Profiles: *'s Laptop)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\ns.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\ns.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Spotify Ltd) C:\Users\*'s Laptop\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Logitech G35] => C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\Run: [MusicManager] => C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\Run: [Google Update] => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\MountPoints2: {5db6c5f2-adb5-11e2-9e82-c485081e2df9} - E:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => No File
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] *.*.*.* *.*.*.*
Tcpip\..\Interfaces\{076190D0-21EA-4595-8D3B-27B40D2F81CD}: [DhcpNameServer] *.*.*.* *.*.*.*

Internet Explorer:
==================
HKU\S-1-5-21-3654940952-3468555327-322118728-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3654940952-3468555327-322118728-1001: @tools.google.com/Google Update;version=3 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3654940952-3468555327-322118728-1001: @tools.google.com/Google Update;version=9 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon [2015-11-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-11-03]
CHR Extension: (Google Search) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Norton Identity Safe) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Space Planet) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2015-01-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.VHWX7ZP5W7ZX4ISLQLYHFYD25Y - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-05-08] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-15] (Electronic Arts)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 Samsung UPD Service2; C:\windows\System32\SUPDSvc2.exe [165456 2011-12-02] (Samsung Electronics)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3385584 2013-05-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20151113.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151116.049\ENG64.SYS [138488 2015-10-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151116.049\EX64.SYS [2148080 2015-10-26] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X]
S3 SBIOSIO; \??\C:\Users\*'s~1\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 12:39 - 2015-11-17 12:39 - 00024423 _____ C:\Users\*'s Laptop\Desktop\FRST.txt
2015-11-17 12:32 - 2015-11-17 12:39 - 00000000 ____D C:\FRST
2015-11-17 12:29 - 2015-11-17 12:29 - 02008576 _____ (Farbar) C:\Users\*'s Laptop\Desktop\FRST64.exe
2015-11-17 08:15 - 2015-11-17 08:15 - 00273920 _____ C:\Users\*'s Laptop\Downloads\Week2.ppt
2015-11-17 03:34 - 2015-11-17 03:34 - 00000000 ____D C:\NPE
2015-11-17 03:15 - 2015-11-17 12:00 - 00000000 ____D C:\Users\*'s Laptop\AppData\Local\NPE
2015-11-17 01:57 - 2015-11-17 01:57 - 00229910 _____ C:\Users\*'s Laptop\Downloads\IBUS 302 Topic 4-The Bid-Ask Spread and Cross Exchange Rates.pptx
2015-11-12 15:27 - 2015-11-12 15:27 - 00050176 _____ C:\Users\*'s Laptop\Downloads\20.Options (1).ppt
2015-11-12 15:18 - 2015-11-17 12:31 - 00001894 _____ C:\Users\Public\Desktop\Samsung Update.lnk
2015-11-12 08:55 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 12:10 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-11 12:10 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-11 12:10 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 12:10 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-11 12:10 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-11 12:10 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 12:10 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-11 12:10 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-11 12:10 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-11 12:10 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 12:10 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-11 12:10 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-11 12:10 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-11 12:10 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-11 12:10 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-11 12:10 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-11 12:10 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 12:10 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 12:10 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-11 12:10 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-11 12:10 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-11 12:10 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-11 12:10 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 12:10 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 12:10 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-11 12:10 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-11 12:10 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 12:10 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-11 12:10 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-11 12:10 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-11 12:10 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-11 12:10 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-11 12:10 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-11 12:10 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 12:10 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-11 12:10 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-11 12:10 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-11 12:10 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 12:10 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-11 12:10 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-11 12:10 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-11 12:10 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 12:10 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 12:10 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-11 12:10 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-11 12:10 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-11 12:10 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 12:10 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 12:10 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-11 12:10 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-11 12:10 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-11 12:10 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 12:10 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-11 12:10 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 12:10 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-11 12:10 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 12:10 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 12:10 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-11 12:10 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-11 12:10 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 12:10 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 12:10 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 12:10 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 12:10 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-11 12:10 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 12:10 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-11 12:10 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 12:10 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-11 12:10 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 12:10 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 12:10 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 12:10 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-11 12:10 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 12:10 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 12:10 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:10 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-11 12:10 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-11 12:10 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-11 12:10 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-11 12:10 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-11 12:10 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-11 12:10 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-11 12:10 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-11 12:10 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-11 12:10 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-11 12:10 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-11 12:10 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-11 12:10 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-11 12:10 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-11 12:10 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-11 12:10 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-11 12:10 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-11 12:10 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-11 12:10 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:10 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-11 12:10 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:10 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-11 12:10 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-11 12:10 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 12:10 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 12:10 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 12:10 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:09 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-11 12:09 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-11 12:09 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-11 12:09 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-11 12:09 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-11 12:09 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-11 12:09 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-11 12:09 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 12:09 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 12:09 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-11 12:09 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-11 12:09 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-11 12:09 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-10-30 14:10 - 2015-10-30 14:10 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-30 14:10 - 2015-10-30 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-30 14:10 - 2015-10-30 14:10 - 00000000 ____D C:\Program Files\iTunes
2015-10-30 14:10 - 2015-10-30 14:10 - 00000000 ____D C:\Program Files\iPod
2015-10-30 14:10 - 2015-10-30 14:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-29 01:01 - 2015-10-29 01:01 - 00050176 _____ C:\Users\*'s Laptop\Downloads\20.Options.ppt
2015-10-26 17:51 - 2015-10-26 17:51 - 00000000 ____D C:\Users\*'s Laptop\AppData\Roaming\SHODN
2015-10-25 19:31 - 2015-10-25 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-21 18:52 - 2015-11-07 17:19 - 00010471 _____ C:\Users\*'s Laptop\Documents\Job Application Record.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 12:32 - 2013-03-30 18:22 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-17 12:32 - 2009-07-13 23:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-17 12:32 - 2009-07-13 23:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-17 12:23 - 2013-03-29 11:07 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-17 12:05 - 2014-07-01 18:36 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-17 12:02 - 2012-08-06 21:08 - 00000940 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001UA.job
2015-11-17 11:31 - 2012-05-13 22:21 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-11-17 10:17 - 2012-05-14 14:16 - 01841261 _____ C:\windows\WindowsUpdate.log
2015-11-17 08:04 - 2013-09-05 19:02 - 00000000 ____D C:\Users\*'s Laptop\AppData\Local\Spotify
2015-11-17 06:09 - 2013-09-05 19:01 - 00000000 ____D C:\Users\*'s Laptop\AppData\Roaming\Spotify
2015-11-17 03:38 - 2009-07-14 00:13 - 00782642 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-17 03:34 - 2013-03-29 11:07 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-17 03:34 - 2012-05-13 22:21 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-11-17 03:34 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-17 03:34 - 2009-07-13 23:51 - 00191708 _____ C:\windows\setupact.log
2015-11-17 03:33 - 2012-05-13 22:44 - 00000000 ____D C:\ProgramData\Norton
2015-11-16 21:02 - 2012-08-06 21:08 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001Core.job
2015-11-15 20:57 - 2012-08-26 13:38 - 00000000 ____D C:\Users\*'s Laptop\AppData\Roaming\Skype
2015-11-13 18:08 - 2012-11-16 16:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-13 15:35 - 2013-02-28 23:08 - 00000000 ____D C:\Users\*'s Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-13 13:25 - 2012-08-03 17:35 - 00000000 ____D C:\Users\*'s Laptop\AppData\Local\CrashDumps
2015-11-13 03:17 - 2009-07-13 23:45 - 00354592 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-13 03:16 - 2010-11-20 22:47 - 02943378 _____ C:\windows\PFRO.log
2015-11-12 15:18 - 2012-05-13 22:48 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-11-12 15:18 - 2012-05-13 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-11 20:17 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-11-11 18:30 - 2015-08-15 16:35 - 00000000 ____D C:\Users\*'s Laptop\Documents\College Senior 1
2015-11-11 17:03 - 2012-08-06 21:35 - 00002366 _____ C:\Users\*'s Laptop\Desktop\Google Chrome.lnk
2015-11-11 14:21 - 2013-08-18 21:52 - 00000000 ____D C:\windows\system32\MRT
2015-11-11 14:15 - 2012-09-16 13:17 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-11 14:14 - 2012-08-03 17:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 13:21 - 2013-01-19 14:13 - 00775256 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-11 12:29 - 2012-05-14 17:59 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 22:32 - 2013-03-30 18:22 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 22:32 - 2012-09-02 09:55 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 22:32 - 2012-09-02 09:55 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-07 16:11 - 2014-01-28 19:53 - 00000000 ____D C:\Users\*'s Laptop\Documents\Resumes
2015-10-30 15:45 - 2015-02-28 17:03 - 00000000 ____D C:\Users\*'s Laptop\Documents\Honors Project
2015-10-30 14:10 - 2012-08-03 18:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-27 18:19 - 2014-07-01 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-27 18:19 - 2014-07-01 18:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-27 18:19 - 2014-01-12 13:10 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-25 19:31 - 2014-03-06 00:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-25 19:31 - 2012-08-04 03:01 - 00000000 ____D C:\ProgramData\Skype
2015-10-23 23:33 - 2013-11-28 19:13 - 00000052 _____ C:\Users\*'s Laptop\jagex_cl_runescape_LIVE.dat
2015-10-21 18:51 - 2013-11-03 16:08 - 00000000 ____D C:\Users\*'s Laptop\Documents\Co-Op Information

==================== Files in the root of some directories =======

2012-05-13 22:55 - 2012-05-13 22:55 - 0000032 _____ () C:\Program Files\kiessetup.log
2012-05-13 22:21 - 2012-05-13 22:22 - 0002184 _____ () C:\Program Files\RHDSetup.log
2012-05-13 22:21 - 2012-05-13 23:13 - 0000163 _____ () C:\Program Files\setup.log
2013-01-19 14:14 - 2013-01-19 14:15 - 0028278 _____ () C:\Users\*'s Laptop\AppData\Local\WiDiSetupLog.20130119.141441.txt
2012-08-26 14:38 - 2012-08-26 14:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-05-13 22:39 - 2012-05-13 22:40 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-13 22:31 - 2012-05-13 22:32 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-13 22:36 - 2012-05-13 22:37 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-13 22:32 - 2012-05-13 22:36 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-13 22:37 - 2012-05-13 22:39 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 09:37

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by *'s Laptop (2015-11-17 12:39:44)
Running from C:\Users\*'s Laptop\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-04 08:01:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3654940952-3468555327-322118728-500 - Administrator - Disabled)
Guest (S-1-5-21-3654940952-3468555327-322118728-501 - Limited - Disabled)
*'s Laptop (S-1-5-21-3654940952-3468555327-322118728-1001 - Administrator - Enabled) => C:\Users\*'s Laptop

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version:  - Arcen Games, LLC)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands Granting Tool (HKLM-x32\...\Steam App 301070) (Version:  - )
Breath of Death VII  (HKLM-x32\...\Steam App 107300) (Version:  - )
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version:  - AMPLITUDE Studios)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii uslugi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Home (HKLM-x32\...\Steam App 215670) (Version:  - Benjamin Rivers)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{ae509f68-6982-4506-befc-f2218d72cd5e}) (Version: 15.8.0 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Kero Blaster (HKLM-x32\...\Steam App 292500) (Version:  - Studio Pixel)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LISA (HKLM-x32\...\Steam App 335670) (Version:  - Dingaling)
Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Multimedia POP (HKLM-x32\...\{119B7882-19D7-4BE7-A417-29BB479D3ABE}) (Version: 1.0 - )
Music Manager (HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\MusicManager) (Version:  - Google, Inc.)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.4.24 - Symantec Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta uslugi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
S Agent (Version: 1.1.54 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.01.00:36 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{A9D16B9C-AA6D-4154-80CA-17099A2C308F}) (Version: 2.2.16 - Samsung Electronics CO., LTD.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.10.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Splice (HKLM-x32\...\Steam App 209790) (Version:  - Cipher Prime Studios)
Spotify (HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super House of Dead Ninjas (HKLM-x32\...\Steam App 224820) (Version:  - Megadev)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
TeamSpeak 3 Client (HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 2.0 - Samsung Electronics CO., LTD.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{F6693C3E-DD16-412F-AAE4-293792946087}) (Version: 2.13.0501 - Samsung Electronics Co., Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - Terry Cavanagh)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live ??? (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Goo Demo (HKLM-x32\...\Steam App 22010) (Version:  - 2D BOY )
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zeno Clash (HKLM-x32\...\Steam App 22200) (Version:  - ACE Team)
Zeno Clash 2 (HKLM-x32\...\Steam App 215690) (Version:  - ACE Team)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???????? ?????????? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
????? Windows Live (x32 Version: 15.4.3502.0922 - ?????????? ??????????) Hidden
?????????? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
??????????? ?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
?????? ??????? ?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? ??? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

17-11-2015 04:48:22 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C1DEBD-730F-44CD-A098-A0AEA1C874A6} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {084C82E7-8754-4552-94A4-74D7C94F2E39} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {13257376-676F-473A-996F-6DD7E326E919} - System32\Tasks\{3BF92377-2DF2-4B19-85A3-F7564DAFD8D7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {13372C9C-B8C6-4EB3-9436-9F4593160D07} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-12-06] (Samsung Electronics CO., LTD.)
Task: {19E33E60-70E0-4BA5-BD90-52F4FB360763} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
Task: {2CC6D9CD-59EE-4124-818A-B7F3596A1EED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001UA => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {492BB922-3B65-44E2-8E0E-F68542C40E13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-08-05] (Samsung Electronics CO., LTD.)
Task: {4AE05436-8CC1-438C-B838-B17F56C8897E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {4AF23AE6-371A-4ABA-AA02-C4751EE71554} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
Task: {4F27D96F-E785-42FA-9F41-306660B3EE76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001Core => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4FC21A54-2C6B-4364-83A4-45BDE1FA708C} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {52155240-D003-44C4-92E5-944D8422A742} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {54AE702C-B18B-422B-88DA-E17CF4EEEE7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5A87541C-9D52-4554-A4C0-4F0B38AD088B} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {5ABE524E-89D6-474A-8BDE-9B7248D2A4E4} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {5F3AC622-815E-4F05-89D6-7CF345ECF636} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {604C3630-EA89-4ABD-A477-D4E0CA6DDB5B} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {6999BC29-A4E4-4C78-B703-B47E6388C4B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6DE236F3-4551-4764-962D-FEC2E6ED72F0} - System32\Tasks\{DDEF174F-624D-42F6-BD12-AD225EDDEBB3} => pcalua.exe -a "C:\Users\*'s Laptop\Downloads\convopackinstaller.exe" -d "C:\Users\*'s Laptop\Downloads"
Task: {8DB4F67F-5279-40BA-B08F-474B9790FB6E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {8EFBEC24-6B70-4D86-8720-BC55F47EB7E7} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {95BAE0F7-B441-4214-91BA-E9AA4FB90681} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {9FC16B94-6E61-475F-9136-5A13A3F86251} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {A41F8B2C-397C-44B5-BA24-9C335B6ED56E} - System32\Tasks\KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-12] (Samsung)
Task: {AFDE49BF-0B42-4B63-A7AA-73703F5C4DC9} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {BFCDC244-505E-4BA7-8F59-0F66EF628C5E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {C1C8E8ED-CBE1-4089-9C1F-30D69E7C2FA4} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
Task: {D046DE0A-20E7-4A6F-B9A4-0CF00704B87F} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {DACF2B94-E8E1-49C9-AE07-649E565AF145} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {E2A0BE80-57CD-4A7E-AB76-6866A1F02843} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {E70DF0BB-1402-424A-82A0-C7364814BE94} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001Core.job => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001UA.job => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (Whitelisted) ==============

2011-04-11 14:26 - 2011-04-11 14:26 - 00034304 _____ () C:\windows\System32\spd__l.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-13 22:21 - 2012-02-07 21:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-01-19 13:01 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-02-05 23:42 - 2012-01-05 03:24 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-05-13 22:36 - 2009-12-01 02:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-01-27 15:28 - 2011-01-27 15:28 - 00706048 _____ () C:\windows\system32\SnMinDrv.dll
2013-01-19 13:01 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2015-08-13 15:33 - 2015-08-13 15:33 - 00117248 _____ () C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-08-13 15:34 - 2015-08-13 15:34 - 00234496 _____ () C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-08-13 15:34 - 2015-08-13 15:34 - 00253440 _____ () C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-08-13 15:33 - 2015-08-13 15:33 - 00344064 _____ () C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-01-19 13:01 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2009-11-02 00:20 - 2009-11-02 00:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 00:23 - 2009-11-02 00:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-01-19 12:25 - 2011-09-08 19:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2012-05-13 22:20 - 2012-02-07 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-11-11 17:03 - 2015-11-06 23:36 - 01532744 _____ () C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 17:03 - 2015-11-06 23:36 - 00081224 _____ () C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\46.0.2490.86\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D24294C1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3654940952-3468555327-322118728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*'s Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: *.*.*.* - *.*.*.*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*'s Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4FAFA517-2CC2-4485-BE64-60D4EC3539E3}] => (Allow) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe
FirewallRules: [{0728A84D-6934-4681-BDFD-2F79877515F4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{76FBD555-90DF-4719-8D95-5B654F162BAE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4B66109A-F8EF-479C-BDFF-07CF4F30A0F8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D5DC7283-4458-4E8C-B057-47A5A03896F0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{37196664-88CA-455D-AEA0-EBA3EEC2E387}] => (Allow) LPort=2869
FirewallRules: [{13C56EE9-43A3-475B-9F1B-62C69D6D3AB9}] => (Allow) LPort=1900
FirewallRules: [{3C9B4967-E3E1-44BE-82C1-7E93AA6DF235}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7DE28B1B-114F-45DC-A739-7F9F5AB04B9A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A345D5E4-E543-4745-B239-816655809E21}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{156847E7-9171-4401-AE69-71FE7C987398}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA1F1409-B129-4CE5-956A-C11CFB7BEA9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7D993AC-F1CA-4983-8319-EAF805AA0AD3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E20F8A83-B664-443A-9819-74B487F2537B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC4E441A-2938-4265-BE07-5F2629BDE3E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A723547-C117-4BBC-A983-EC8F7D49C7F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89E5ADC3-1AB7-4F08-A9A3-3F5FA608CB72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V - Demo\Launcher.exe
FirewallRules: [{1A2DC51A-C4C5-425B-9E37-867E8266D16E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V - Demo\Launcher.exe
FirewallRules: [{7B518503-170A-4679-96E5-DC76F28A5C21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V - Demo\CivilizationV.exe
FirewallRules: [{8736AE4F-C521-4E00-824C-24F06CE14820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V - Demo\CivilizationV.exe
FirewallRules: [TCP Query User{A86DDB4C-B9A5-4EF7-AE49-FFBD9B92F45A}C:\program files (x86)\steam\steamapps\flavin30\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\flavin30\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{4B927E2E-2330-470A-B6C7-F93B98F9AEA0}C:\program files (x86)\steam\steamapps\flavin30\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\flavin30\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{2B9D8C9C-D589-4A96-B71C-AD4CADE57C65}C:\users\*'s laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*'s laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8E039EED-052D-4CC4-85AC-16DA32B0C279}C:\users\*'s laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*'s laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [{627E80D7-2EC1-463B-A390-A8BF340B4A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{681AFDAC-072C-419D-B111-4B4FDE11F153}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1E28ADE1-A926-4529-B71F-840C9B29DEAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{2B86585A-B72B-4402-8A63-F999D99A165E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{B1024D42-C014-44D9-8E49-8E5EC86FFF16}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FirewallRules: [{A7512C1F-40BB-48BE-AC43-32BE7C02C181}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
FirewallRules: [{1FB6B111-91D8-4289-898F-598BC6B48F4B}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
FirewallRules: [{68EEAE58-2ECC-4134-839B-5092D3689D13}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{241D06B6-01ED-42D6-BE5C-8F9692E9C39E}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{AD7F959F-4D73-4ADE-8F5B-52086C186353}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{51119130-FE30-41DF-ACFD-88CE0DD70DC3}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{E2AF4549-8034-48BB-803F-79B7628A44ED}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{5155D9B7-EF82-44C0-934A-C2FC1C7F3B14}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{7C465B2F-0801-455F-9171-34C367D96EE3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{0E23CDAE-F89B-4FEE-B856-91277F18471E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{562E7822-2919-47EB-9D87-AAB88A9D8F34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{5A04B0F2-1C45-45EE-9554-6E0FF864A674}] => (Allow) C:\Users\*'s Laptop\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{18C26452-B02B-4E44-9CB8-5EDE3138D0D2}] => (Allow) C:\Users\*'s Laptop\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{D95C6212-2690-4E53-97C7-12D10494E9B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{DB164948-56CB-4047-BFCE-6E33A546D503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{73C788CD-AE8C-4BAA-A73B-D3980E7B9964}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DBF95A3D-2CA6-408E-ADFC-DFE7076BFDC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{13A6914B-CBAB-4306-B1E7-2FCAE2F202B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{AF2E3246-9619-4A46-9681-762B93CD3896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{EFB936EB-5A7A-4CE2-88F2-0FCF199B00CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Breath of Death VII\BoDVIIPC.exe
FirewallRules: [{D7A98351-34B6-4974-B767-CB57B83CA13D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Breath of Death VII\BoDVIIPC.exe
FirewallRules: [{097579B5-F08B-446E-ABC3-9BDA04FCF83C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{3FDE010F-0609-4EED-B425-7FF7FE59D958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{97F8CFDC-87D4-442A-A4DA-B513D24373DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{CC6E35D1-B4CD-44CD-ABB7-072F59DD0C96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{C5B6E01D-6F6B-49F9-B468-2F2B1A7013E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{99B1D768-FF86-4C28-92EE-93572DA54B44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{9CACC015-2DB6-4749-80F3-F131712DD2DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{12C9026D-0E8B-4118-8BE9-D9D5CEAED0B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{2E9FCCC7-3928-434B-BB9F-F74DEEACC046}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{6321D8F2-3D6C-4E8A-A3C7-83221B38C1B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{5B581580-FB26-4572-871C-C63F8F981A00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{A24CBC7F-6630-49A3-ABD3-1ED33708E229}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{ED2A022E-4416-455B-8E9E-4040929CA2A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{5DBB3246-0AB1-475C-A0D9-4248F3483576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{BFC863D2-D494-4E53-945E-EDE4DEC50360}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{864263A9-7896-4F30-BE84-5323A2197700}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E15E3DD-1E79-47F5-A746-63F19F7DF7FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{760AC3AA-6CB3-45EC-A4E3-00300721B9C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{25F555AA-5B91-48C3-8430-8A49D30D26D5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{D845FFBE-1121-4974-8111-497583A0C543}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{852BB8A6-7621-45E4-8DFB-0CB47806D52D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0F96277D-DED8-4242-AC8D-42E88F55F9E1}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5C5C8711-16C3-445F-84E9-9C912C2C2075}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{7702FB61-BFE4-4FEE-A590-8FA48E7C8771}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D9D93B47-1B5D-4F8E-B29A-2314A2CE0135}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{33D5BCCF-8B98-4EC2-A515-1F66C251AB0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{65002CA2-07F8-4A8F-8C95-41820839E593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{3A75E9CA-CA22-4634-9776-19FE605BF809}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{612EA71B-F1ED-43A8-A035-F1A3F0C605D1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{09023AE8-8F28-4A61-B968-31607CB383D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DF96D710-23DF-4F8D-BD82-DBE66FAF4573}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0F7C3FDB-048D-4E58-BC4A-CCF630D511A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{64BFC4BE-FA47-42BF-AA87-00CAF6944D49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9F56F9FA-82E9-4719-B35F-1A577C8EC174}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3E2E7298-2CDC-4568-8E01-FFF24D143F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{A43382C8-7C56-437F-8EC9-D2491266C936}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{E4C363D8-854A-4F37-A6FE-41B4D06B6892}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8B660F5-D584-4E48-8C6B-AEB649BD9B8C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{08139D3B-725D-4AB3-9B80-060E79F6B81C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe
FirewallRules: [{72C61C97-1B0B-41A7-ACA3-57AAE557EE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe
FirewallRules: [{0C564B60-2669-4D2E-B7C8-07BC4AB4FC84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{30F6B9A0-18B5-4BE2-B736-4E43AD251777}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{D6966979-8272-4CB9-8218-5974E6315A56}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A0D98D33-66A9-4ECA-8BCA-FE595282F810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{14E9CC24-367C-4506-81DC-DD74671B4BF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{CA8E0530-CE5B-4F68-B386-A6A9CBF05AAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{2125F09D-45D9-41A6-B1BC-D021282C5E60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{5A6FE9A3-93A8-4EAD-B92C-7D155BBE1F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{9C674FFD-4CFE-46F6-A1FE-2BEE892247CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{2A6BE8D7-DE5E-4A5A-AA95-065D9A615FB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splice\Splice.exe
FirewallRules: [{E28F65E8-2F7F-4F17-A195-7E6D6A100ACD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splice\Splice.exe
FirewallRules: [{B3877C3B-DA71-4376-B8B7-D51D9501EE5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{43F808A3-F9E2-4A66-9B81-D7ACD81703C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{6F2138FE-4433-4528-B6E0-0C3CCC840A55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo Demo\WorldOfGoo.exe
FirewallRules: [{82746E97-0AF2-473A-B570-A160B9F749A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo Demo\WorldOfGoo.exe
FirewallRules: [{A7A292DE-4B56-4753-B12B-DAAE5E56F12C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Home\home-win-eng.exe
FirewallRules: [{989F1C2A-ED9B-4032-B96D-A28BDAF62A22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Home\home-win-eng.exe
FirewallRules: [{59B0CE4D-0655-45D2-995F-A8100F7079C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{F458D124-E45C-4C2A-96B2-ECA807158E1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{080495A3-A7C1-4838-A126-DE69F203FD5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BGT\DjinniSecure.exe
FirewallRules: [{8C02501E-E065-4C26-976D-1662A8CFD222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BGT\DjinniSecure.exe
FirewallRules: [{3C58EA59-2E4B-4F1C-BFD5-3BCD40E82339}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{A48AABF4-782A-45B8-A996-66D6B80E9093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{A5D9FEFB-6397-412B-82AF-0C907145F3B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EYE\EYE.exe
FirewallRules: [{AB8589E0-CF96-4901-AF9D-859110D84FD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EYE\EYE.exe
FirewallRules: [{AC7A5679-37F4-4DEB-9762-B1973397EBB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
FirewallRules: [{055C1692-09FE-4F7B-A886-0318C2A1E7E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
FirewallRules: [{74D1E71B-C4AF-4AE6-B490-E89F42151C5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{EFECC745-58A8-499B-A453-4C58FE968C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{D6DE9ED6-64F6-481D-BD8D-A3E7B340CD03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{7EE7DDB7-D699-4CBA-BF88-3000D3A7B042}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{852D6EE5-418F-409A-AC95-137B662CFCB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AI War Fleet Command\AIWar.exe
FirewallRules: [{34ED12E4-C977-4E9B-9BA6-59215A806492}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AI War Fleet Command\AIWar.exe
FirewallRules: [{A984ADA1-6004-494B-89A5-4D0D9F3C2BF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{35CF43B1-C5C1-476D-9B72-A798065F7814}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{8093A12F-5C72-460A-967F-AED2A78F97D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe
FirewallRules: [{5BC3B6B7-2DB0-442D-9AF6-35CFCE756FB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe
FirewallRules: [{ACF27C62-631F-426B-BD50-AFDB6BAFEBE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{D2C0FB92-0082-4F52-BA0E-24B9CE060860}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{0DA7EEF7-AC55-470A-BF57-909AEFD0FC9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{408987EB-80AC-4325-8060-864FA56B8568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{694877DD-0629-4634-9071-92E208C9A9B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{BA2FC837-0D0F-4410-A8B3-E488C347167E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{3F55392D-AD08-4190-B4FF-7B4CBBE22A31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{78914D94-D8E4-432E-8DE5-7BD7236DF484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{09C2BF8F-5E1A-43C0-A16A-4BB4D3964DE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF3C442F-E63B-4A97-97DC-70384C4B1DB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA62F03D-5750-443A-B0A2-6009571E8B95}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDA424A2-7C19-4498-BD41-80626F21E5DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{648B7508-D389-4130-B2ED-60373806FC4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\super house of dead ninjas\SHODN.exe
FirewallRules: [{006671D1-6BDA-44EB-A04C-107D83D6364C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\super house of dead ninjas\SHODN.exe
FirewallRules: [{C7D01A24-32C4-4003-8CF3-C075E30CAFD4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2B027DB6-39B0-4B59-BD69-299A203A5A05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kero Blaster\KeroBlaster.exe
FirewallRules: [{4218096E-FB3E-484B-843C-10644BC86E96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kero Blaster\KeroBlaster.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2015 03:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2015 11:05:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (11/16/2015 11:05:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (11/16/2015 11:05:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2015 01:25:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x3e4
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (11/13/2015 03:17:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2015 03:20:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sManager.exe, version: 2.2.2.4, time stamp: 0x56045e0d
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000374
Fault offset: 0x000ced0b
Faulting process id: 0x2094
Faulting application start time: 0xsManager.exe0
Faulting application path: sManager.exe1
Faulting module path: sManager.exe2
Report Id: sManager.exe3

Error: (11/12/2015 01:58:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FlashCtrlWnd.exe version 1.0.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2d34

Start Time: 01d11d7bdb7f4ece

Termination Time: 0

Application Path: C:\Program Files (x86)\Samsung\Easy Settings\FlashCtrlWnd.exe

Report Id: 574596f5-896f-11e5-92ed-c485081e2df9

Error: (11/11/2015 02:30:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x1c4c
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (11/11/2015 02:24:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/17/2015 00:00:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/17/2015 08:22:59 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/17/2015 03:33:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/17/2015 03:16:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/17/2015 00:11:02 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/16/2015 11:05:40 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (11/16/2015 11:05:40 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (11/16/2015 11:05:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (11/16/2015 11:05:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (11/16/2015 11:05:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.


CodeIntegrity:
===================================
  Date: 2015-06-22 22:38:01.857
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 22:38:01.809
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 22:35:59.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 22:35:59.908
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 19:08:48.124
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 19:08:48.053
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 18:54:34.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 18:54:34.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 18:42:16.645
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 18:42:16.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3615QM CPU @ 2.30GHz
Percentage of memory in use: 54%
Total physical RAM: 5925.54 MB
Available physical RAM: 2702.29 MB
Total Virtual: 11849.28 MB
Available Virtual: 8788.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:675.16 GB) (Free:461.62 GB) NTFS
Drive f: () (Removable) (Total:29.71 GB) (Free:29.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: E1F1321C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.4 GB) - (Type=27)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)

========================================================
Disk: 2 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi , :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Option and put a tick mark on everything;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
    • Copy and Paste the contents of this log in your reply.
 

Post a fresh FRST scan log too.

 
  • Required Log(s):
    • AdwCleaner Log
    • FRST Scan Log
Regards,
Valinorum
  • 0

#3
Soccer88

Soccer88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi Valinorum, Thanks for your help. Last night before I had received a reply from you, I used ADW Cleaner which removed several things that look like trojans based on the file names from my computer. After I did that, I cleared all cookies/plug data and cached images and files from my browser history in chrome. The symptoms I was previously experiencing were random advertisement pop ups on perfectly legitimate websites that I'd never gotten pop ups on before,  certain text words on legit websites would be hyperlinks to ads and it was clear that it wasn't the website putting these ads on the text, it was my computer, and also I'd go to legitimate websites and I'd get a message from my Norton Antivirus letting me know it had blocked attacks, and it was obvious this was derived from some sort of adware/malware on my computer as opposed to being part of the websites themselves. From my perspective it looks like the problem is now solved because since I did these two things I am not experiencing any of the issues described above anymore. Below is the 2 logs requested:


# AdwCleaner v5.021 - Logfile created 17/11/2015 at 21:52:46
# Updated 14/11/2015 by Xplode
# Database : 2015-11-17.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : *'s Laptop - LAPTOP-PC
# Running from : C:\Users\*'s Laptop\Desktop\adwcleaner_5.021.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1145 bytes] ##########



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by *'s Laptop (administrator) on LAPTOP-PC (18-11-2015 15:45:57)
Running from C:\Users\*'s Laptop\Desktop
Loaded Profiles: *'s Laptop (Available Profiles: *'s Laptop)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\ns.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\ns.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Spotify Ltd) C:\Users\*'s Laptop\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Logitech G35] => C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\Run: [MusicManager] => C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\Run: [Google Update] => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\MountPoints2: {5db6c5f2-adb5-11e2-9e82-c485081e2df9} - E:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => No File
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] *.*.*.* *.*.*.*
Tcpip\..\Interfaces\{076190D0-21EA-4595-8D3B-27B40D2F81CD}: [DhcpNameServer] *.*.*.* *.*.*.*

Internet Explorer:
==================
HKU\S-1-5-21-3654940952-3468555327-322118728-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3654940952-3468555327-322118728-1001: @tools.google.com/Google Update;version=3 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3654940952-3468555327-322118728-1001: @tools.google.com/Google Update;version=9 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon [2015-11-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFAddon [2015-11-03] [not signed]

Chrome:
=======
CHR Profile: C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-11-03]
CHR Extension: (Google Search) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Norton Identity Safe) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Space Planet) - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2015-01-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.VHWX7ZP5W7ZX4ISLQLYHFYD25Y - C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-05-08] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-15] (Electronic Arts)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 Samsung UPD Service2; C:\windows\System32\SUPDSvc2.exe [165456 2011-12-02] (Samsung Electronics)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3385584 2013-05-08] (Intel® Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20151113.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151117.003\ENG64.SYS [138488 2015-10-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20151117.003\EX64.SYS [2148080 2015-10-26] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X]
S3 SBIOSIO; \??\C:\Users\*'s~1\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
S1 ZAM; \??\C:\windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-18 15:45 - 2015-11-18 15:46 - 00025171 _____ C:\Users\*'s Laptop\Desktop\FRST.txt
2015-11-18 15:44 - 2015-11-18 15:45 - 00000000 ____D C:\FRST
2015-11-18 15:44 - 2015-11-18 15:44 - 02008576 _____ (Farbar) C:\Users\*'s Laptop\Desktop\FRST64.exe
2015-11-18 15:27 - 2015-11-18 15:27 - 00001228 _____ C:\Users\*'s Laptop\Desktop\AdwCleaner[C1].txt
2015-11-17 21:45 - 2015-11-17 21:56 - 00000000 ____D C:\AdwCleaner
2015-11-17 20:23 - 2015-11-17 22:42 - 00561781 _____ C:\windows\ZAM.krnl.trace
2015-11-17 20:23 - 2015-11-17 22:42 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-11-17 20:23 - 2015-11-17 22:00 - 00000407 _____ C:\windows\ZAM_Guard.krnl.trace
2015-11-17 20:23 - 2015-11-17 20:23 - 00000000 ____D C:\Users\*'s Laptop\AppData\Local\Zemana
2015-11-17 20:00 - 2015-11-17 20:16 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-17 03:34 - 2015-11-17 03:34 - 00000000 ____D C:\NPE
2015-11-17 03:15 - 2015-11-17 12:00 - 00000000 ____D C:\Users\*'s Laptop\AppData\Local\NPE
2015-11-17 01:57 - 2015-11-17 01:57 - 00229910 _____ C:\Users\*'s Laptop\Downloads\IBUS 302 Topic 4-The Bid-Ask Spread and Cross Exchange Rates.pptx
2015-11-12 15:18 - 2015-11-18 15:29 - 00001894 _____ C:\Users\Public\Desktop\Samsung Update.lnk
2015-11-12 08:55 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 12:10 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-11 12:10 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-11 12:10 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 12:10 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-11 12:10 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-11 12:10 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 12:10 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-11 12:10 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-11 12:10 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-11 12:10 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 12:10 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-11 12:10 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-11 12:10 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-11 12:10 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-11 12:10 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-11 12:10 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-11 12:10 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 12:10 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 12:10 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-11 12:10 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-11 12:10 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-11 12:10 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-11 12:10 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 12:10 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 12:10 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-11 12:10 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-11 12:10 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 12:10 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-11 12:10 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-11 12:10 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-11 12:10 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-11 12:10 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-11 12:10 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-11 12:10 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 12:10 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-11 12:10 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-11 12:10 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-11 12:10 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 12:10 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-11 12:10 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-11 12:10 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-11 12:10 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 12:10 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 12:10 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-11 12:10 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-11 12:10 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-11 12:10 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 12:10 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 12:10 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-11 12:10 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-11 12:10 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-11 12:10 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 12:10 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-11 12:10 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 12:10 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-11 12:10 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 12:10 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 12:10 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-11 12:10 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-11 12:10 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 12:10 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 12:10 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 12:10 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 12:10 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-11 12:10 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-11 12:10 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 12:10 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-11 12:10 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 12:10 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-11 12:10 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 12:10 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 12:10 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 12:10 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-11 12:10 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 12:10 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 12:10 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:10 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-11 12:10 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-11 12:10 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-11 12:10 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-11 12:10 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-11 12:10 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-11 12:10 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-11 12:10 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-11 12:10 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-11 12:10 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-11 12:10 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-11 12:10 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-11 12:10 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-11 12:10 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-11 12:10 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-11 12:10 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-11 12:10 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-11 12:10 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-11 12:10 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-11 12:10 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-11 12:10 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-11 12:10 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:10 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-11 12:10 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:10 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-11 12:10 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-11 12:10 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 12:10 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 12:10 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 12:10 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 12:10 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:09 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-11 12:09 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-11 12:09 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-11 12:09 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-11 12:09 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-11 12:09 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-11 12:09 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-11 12:09 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 12:09 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 12:09 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-11 12:09 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-11 12:09 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-11 12:09 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-10-30 14:10 - 2015-10-30 14:10 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-30 14:10 - 2015-10-30 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-30 14:10 - 2015-10-30 14:10 - 00000000 ____D C:\Program Files\iTunes
2015-10-30 14:10 - 2015-10-30 14:10 - 00000000 ____D C:\Program Files\iPod
2015-10-30 14:10 - 2015-10-30 14:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-26 17:51 - 2015-10-26 17:51 - 00000000 ____D C:\Users\*'s Laptop\AppData\Roaming\SHODN
2015-10-25 19:31 - 2015-10-25 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-21 18:52 - 2015-11-07 17:19 - 00010471 _____ C:\Users\*'s Laptop\Documents\Job Application Record.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-18 15:43 - 2009-07-13 23:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-18 15:43 - 2009-07-13 23:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-18 15:34 - 2012-05-14 14:16 - 01881196 _____ C:\windows\WindowsUpdate.log
2015-11-18 15:33 - 2009-07-14 00:13 - 00782642 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-18 15:32 - 2013-03-30 18:22 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-18 15:31 - 2013-09-05 19:01 - 00000000 ____D C:\Users\*'s Laptop\AppData\Roaming\Spotify
2015-11-18 15:29 - 2013-09-05 19:02 - 00000000 ____D C:\Users\*'s Laptop\AppData\Local\Spotify
2015-11-18 15:28 - 2013-03-29 11:07 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-18 15:28 - 2012-05-13 22:21 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-11-18 15:28 - 2010-11-20 22:47 - 02945196 _____ C:\windows\PFRO.log
2015-11-18 15:28 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-18 15:28 - 2009-07-13 23:51 - 00192268 _____ C:\windows\setupact.log
2015-11-18 15:23 - 2013-03-29 11:07 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-18 15:02 - 2012-08-06 21:08 - 00000940 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001UA.job
2015-11-18 11:45 - 2012-05-13 22:21 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-11-17 21:41 - 2015-01-28 00:22 - 00000000 ____D C:\Users\*'s Laptop\Downloads\Super Crate Box
2015-11-17 21:02 - 2012-08-06 21:08 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001Core.job
2015-11-17 19:29 - 2014-07-01 18:36 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-17 03:33 - 2012-05-13 22:44 - 00000000 ____D C:\ProgramData\Norton
2015-11-15 20:57 - 2012-08-26 13:38 - 00000000 ____D C:\Users\*'s Laptop\AppData\Roaming\Skype
2015-11-13 18:08 - 2012-11-16 16:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-13 15:35 - 2013-02-28 23:08 - 00000000 ____D C:\Users\*'s Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-13 13:25 - 2012-08-03 17:35 - 00000000 ____D C:\Users\*'s Laptop\AppData\Local\CrashDumps
2015-11-13 03:17 - 2009-07-13 23:45 - 00354592 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-12 15:18 - 2012-05-13 22:48 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-11-12 15:18 - 2012-05-13 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-11 20:17 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-11-11 18:30 - 2015-08-15 16:35 - 00000000 ____D C:\Users\*'s Laptop\Documents\College Senior 1
2015-11-11 17:03 - 2012-08-06 21:35 - 00002366 _____ C:\Users\*'s Laptop\Desktop\Google Chrome.lnk
2015-11-11 14:21 - 2013-08-18 21:52 - 00000000 ____D C:\windows\system32\MRT
2015-11-11 14:15 - 2012-09-16 13:17 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-11 14:14 - 2012-08-03 17:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 13:21 - 2013-01-19 14:13 - 00775256 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-11 12:29 - 2012-05-14 17:59 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 22:32 - 2013-03-30 18:22 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 22:32 - 2012-09-02 09:55 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 22:32 - 2012-09-02 09:55 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-07 16:11 - 2014-01-28 19:53 - 00000000 ____D C:\Users\*'s Laptop\Documents\Resumes
2015-10-30 15:45 - 2015-02-28 17:03 - 00000000 ____D C:\Users\*'s Laptop\Documents\Honors Project
2015-10-30 14:10 - 2012-08-03 18:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-27 18:19 - 2014-07-01 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-27 18:19 - 2014-07-01 18:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-27 18:19 - 2014-01-12 13:10 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-25 19:31 - 2014-03-06 00:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-25 19:31 - 2012-08-04 03:01 - 00000000 ____D C:\ProgramData\Skype
2015-10-23 23:33 - 2013-11-28 19:13 - 00000052 _____ C:\Users\*'s Laptop\jagex_cl_runescape_LIVE.dat
2015-10-21 18:51 - 2013-11-03 16:08 - 00000000 ____D C:\Users\*'s Laptop\Documents\Co-Op Information

==================== Files in the root of some directories =======

2012-05-13 22:55 - 2012-05-13 22:55 - 0000032 _____ () C:\Program Files\kiessetup.log
2012-05-13 22:21 - 2012-05-13 22:22 - 0002184 _____ () C:\Program Files\RHDSetup.log
2012-05-13 22:21 - 2012-05-13 23:13 - 0000163 _____ () C:\Program Files\setup.log
2013-01-19 14:14 - 2013-01-19 14:15 - 0028278 _____ () C:\Users\*'s Laptop\AppData\Local\WiDiSetupLog.20130119.141441.txt
2012-08-26 14:38 - 2012-08-26 14:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-05-13 22:39 - 2012-05-13 22:40 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-13 22:31 - 2012-05-13 22:32 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-13 22:36 - 2012-05-13 22:37 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-13 22:32 - 2012-05-13 22:36 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-13 22:37 - 2012-05-13 22:39 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 09:37

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by *'s Laptop (2015-11-18 15:46:28)
Running from C:\Users\*'s Laptop\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-04 08:01:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3654940952-3468555327-322118728-500 - Administrator - Disabled)
Guest (S-1-5-21-3654940952-3468555327-322118728-501 - Limited - Disabled)
*'s Laptop (S-1-5-21-3654940952-3468555327-322118728-1001 - Administrator - Enabled) => C:\Users\*'s Laptop

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version:  - Arcen Games, LLC)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands Granting Tool (HKLM-x32\...\Steam App 301070) (Version:  - )
Breath of Death VII  (HKLM-x32\...\Steam App 107300) (Version:  - )
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version:  - AMPLITUDE Studios)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii uslugi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Home (HKLM-x32\...\Steam App 215670) (Version:  - Benjamin Rivers)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{ae509f68-6982-4506-befc-f2218d72cd5e}) (Version: 15.8.0 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Kero Blaster (HKLM-x32\...\Steam App 292500) (Version:  - Studio Pixel)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LISA (HKLM-x32\...\Steam App 335670) (Version:  - Dingaling)
Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Multimedia POP (HKLM-x32\...\{119B7882-19D7-4BE7-A417-29BB479D3ABE}) (Version: 1.0 - )
Music Manager (HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\MusicManager) (Version:  - Google, Inc.)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.4.24 - Symantec Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta uslugi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
S Agent (Version: 1.1.54 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.01.00:36 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{A9D16B9C-AA6D-4154-80CA-17099A2C308F}) (Version: 2.2.16 - Samsung Electronics CO., LTD.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.10.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Splice (HKLM-x32\...\Steam App 209790) (Version:  - Cipher Prime Studios)
Spotify (HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super House of Dead Ninjas (HKLM-x32\...\Steam App 224820) (Version:  - Megadev)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
TeamSpeak 3 Client (HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 2.0 - Samsung Electronics CO., LTD.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{F6693C3E-DD16-412F-AAE4-293792946087}) (Version: 2.13.0501 - Samsung Electronics Co., Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - Terry Cavanagh)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live ??? (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Goo Demo (HKLM-x32\...\Steam App 22010) (Version:  - 2D BOY )
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zeno Clash (HKLM-x32\...\Steam App 22200) (Version:  - ACE Team)
Zeno Clash 2 (HKLM-x32\...\Steam App 215690) (Version:  - ACE Team)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???????? ?????????? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
????? Windows Live (x32 Version: 15.4.3502.0922 - ?????????? ??????????) Hidden
?????????? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
??????????? ?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
?????? ??????? ?? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? ??? Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3654940952-3468555327-322118728-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*'s Laptop\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

17-11-2015 20:27:27 Zemana AntiMalware 11/17/2015 8:27:27 PM
17-11-2015 21:41:25 Zemana AntiMalware 11/17/2015 9:41:25 PM
17-11-2015 21:59:45 JRT Pre-Junkware Removal
18-11-2015 12:00:05 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C1DEBD-730F-44CD-A098-A0AEA1C874A6} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {084C82E7-8754-4552-94A4-74D7C94F2E39} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {13257376-676F-473A-996F-6DD7E326E919} - System32\Tasks\{3BF92377-2DF2-4B19-85A3-F7564DAFD8D7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {13372C9C-B8C6-4EB3-9436-9F4593160D07} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-12-06] (Samsung Electronics CO., LTD.)
Task: {19E33E60-70E0-4BA5-BD90-52F4FB360763} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
Task: {2CC6D9CD-59EE-4124-818A-B7F3596A1EED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001UA => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {492BB922-3B65-44E2-8E0E-F68542C40E13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-08-05] (Samsung Electronics CO., LTD.)
Task: {4AE05436-8CC1-438C-B838-B17F56C8897E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {4AF23AE6-371A-4ABA-AA02-C4751EE71554} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
Task: {4F27D96F-E785-42FA-9F41-306660B3EE76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001Core => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4FC21A54-2C6B-4364-83A4-45BDE1FA708C} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {52155240-D003-44C4-92E5-944D8422A742} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {54AE702C-B18B-422B-88DA-E17CF4EEEE7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5A87541C-9D52-4554-A4C0-4F0B38AD088B} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {5ABE524E-89D6-474A-8BDE-9B7248D2A4E4} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {5F3AC622-815E-4F05-89D6-7CF345ECF636} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {604C3630-EA89-4ABD-A477-D4E0CA6DDB5B} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {6999BC29-A4E4-4C78-B703-B47E6388C4B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6DE236F3-4551-4764-962D-FEC2E6ED72F0} - \{DDEF174F-624D-42F6-BD12-AD225EDDEBB3} -> No File <==== ATTENTION
Task: {8EFBEC24-6B70-4D86-8720-BC55F47EB7E7} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {95BAE0F7-B441-4214-91BA-E9AA4FB90681} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {9FC16B94-6E61-475F-9136-5A13A3F86251} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {A41F8B2C-397C-44B5-BA24-9C335B6ED56E} - System32\Tasks\KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-12] (Samsung)
Task: {AFDE49BF-0B42-4B63-A7AA-73703F5C4DC9} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {BFCDC244-505E-4BA7-8F59-0F66EF628C5E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {C1C8E8ED-CBE1-4089-9C1F-30D69E7C2FA4} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
Task: {D046DE0A-20E7-4A6F-B9A4-0CF00704B87F} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {DACF2B94-E8E1-49C9-AE07-649E565AF145} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {E2A0BE80-57CD-4A7E-AB76-6866A1F02843} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {E70DF0BB-1402-424A-82A0-C7364814BE94} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001Core.job => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654940952-3468555327-322118728-1001UA.job => C:\Users\*'s Laptop\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (Whitelisted) ==============

2011-04-11 14:26 - 2011-04-11 14:26 - 00034304 _____ () C:\windows\System32\spd__l.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-13 22:21 - 2012-02-07 21:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-01-19 13:01 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2015-11-17 20:23 - 2015-11-17 20:23 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2012-02-05 23:42 - 2012-01-05 03:24 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-05-13 22:36 - 2009-12-01 02:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-01-27 15:28 - 2011-01-27 15:28 - 00706048 _____ () C:\windows\system32\SnMinDrv.dll
2013-01-19 13:01 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2015-08-13 15:33 - 2015-08-13 15:33 - 00117248 _____ () C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-08-13 15:34 - 2015-08-13 15:34 - 00234496 _____ () C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-08-13 15:34 - 2015-08-13 15:34 - 00253440 _____ () C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-08-13 15:33 - 2015-08-13 15:33 - 00344064 _____ () C:\Users\*'s Laptop\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2015-11-11 17:03 - 2015-11-06 23:36 - 01532744 _____ () C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 17:03 - 2015-11-06 23:36 - 00081224 _____ () C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\46.0.2490.86\libegl.dll
2013-01-19 13:01 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2009-11-02 00:20 - 2009-11-02 00:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 00:23 - 2009-11-02 00:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-01-19 12:25 - 2011-09-08 19:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-05-13 22:20 - 2012-02-07 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-11-11 17:03 - 2015-11-06 23:36 - 16496456 _____ () C:\Users\*'s Laptop\AppData\Local\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D24294C1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3654940952-3468555327-322118728-1001\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3654940952-3468555327-322118728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*'s Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: *.*.*.* - *.*.*.*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*'s Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4FAFA517-2CC2-4485-BE64-60D4EC3539E3}] => (Allow) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe
FirewallRules: [{0728A84D-6934-4681-BDFD-2F79877515F4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{76FBD555-90DF-4719-8D95-5B654F162BAE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4B66109A-F8EF-479C-BDFF-07CF4F30A0F8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D5DC7283-4458-4E8C-B057-47A5A03896F0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{37196664-88CA-455D-AEA0-EBA3EEC2E387}] => (Allow) LPort=2869
FirewallRules: [{13C56EE9-43A3-475B-9F1B-62C69D6D3AB9}] => (Allow) LPort=1900
FirewallRules: [{3C9B4967-E3E1-44BE-82C1-7E93AA6DF235}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7DE28B1B-114F-45DC-A739-7F9F5AB04B9A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A345D5E4-E543-4745-B239-816655809E21}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{156847E7-9171-4401-AE69-71FE7C987398}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA1F1409-B129-4CE5-956A-C11CFB7BEA9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7D993AC-F1CA-4983-8319-EAF805AA0AD3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E20F8A83-B664-443A-9819-74B487F2537B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC4E441A-2938-4265-BE07-5F2629BDE3E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A723547-C117-4BBC-A983-EC8F7D49C7F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89E5ADC3-1AB7-4F08-A9A3-3F5FA608CB72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V - Demo\Launcher.exe
FirewallRules: [{1A2DC51A-C4C5-425B-9E37-867E8266D16E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V - Demo\Launcher.exe
FirewallRules: [{7B518503-170A-4679-96E5-DC76F28A5C21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V - Demo\CivilizationV.exe
FirewallRules: [{8736AE4F-C521-4E00-824C-24F06CE14820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V - Demo\CivilizationV.exe
FirewallRules: [TCP Query User{A86DDB4C-B9A5-4EF7-AE49-FFBD9B92F45A}C:\program files (x86)\steam\steamapps\flavin30\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\flavin30\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{4B927E2E-2330-470A-B6C7-F93B98F9AEA0}C:\program files (x86)\steam\steamapps\flavin30\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\flavin30\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{2B9D8C9C-D589-4A96-B71C-AD4CADE57C65}C:\users\*'s laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*'s laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8E039EED-052D-4CC4-85AC-16DA32B0C279}C:\users\*'s laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*'s laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [{627E80D7-2EC1-463B-A390-A8BF340B4A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{681AFDAC-072C-419D-B111-4B4FDE11F153}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1E28ADE1-A926-4529-B71F-840C9B29DEAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{2B86585A-B72B-4402-8A63-F999D99A165E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{B1024D42-C014-44D9-8E49-8E5EC86FFF16}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FirewallRules: [{A7512C1F-40BB-48BE-AC43-32BE7C02C181}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
FirewallRules: [{1FB6B111-91D8-4289-898F-598BC6B48F4B}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
FirewallRules: [{68EEAE58-2ECC-4134-839B-5092D3689D13}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{241D06B6-01ED-42D6-BE5C-8F9692E9C39E}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{AD7F959F-4D73-4ADE-8F5B-52086C186353}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{51119130-FE30-41DF-ACFD-88CE0DD70DC3}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{E2AF4549-8034-48BB-803F-79B7628A44ED}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{5155D9B7-EF82-44C0-934A-C2FC1C7F3B14}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{7C465B2F-0801-455F-9171-34C367D96EE3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{0E23CDAE-F89B-4FEE-B856-91277F18471E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{562E7822-2919-47EB-9D87-AAB88A9D8F34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{5A04B0F2-1C45-45EE-9554-6E0FF864A674}] => (Allow) C:\Users\*'s Laptop\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{18C26452-B02B-4E44-9CB8-5EDE3138D0D2}] => (Allow) C:\Users\*'s Laptop\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{D95C6212-2690-4E53-97C7-12D10494E9B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{DB164948-56CB-4047-BFCE-6E33A546D503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{73C788CD-AE8C-4BAA-A73B-D3980E7B9964}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DBF95A3D-2CA6-408E-ADFC-DFE7076BFDC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{13A6914B-CBAB-4306-B1E7-2FCAE2F202B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{AF2E3246-9619-4A46-9681-762B93CD3896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{EFB936EB-5A7A-4CE2-88F2-0FCF199B00CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Breath of Death VII\BoDVIIPC.exe
FirewallRules: [{D7A98351-34B6-4974-B767-CB57B83CA13D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Breath of Death VII\BoDVIIPC.exe
FirewallRules: [{097579B5-F08B-446E-ABC3-9BDA04FCF83C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{3FDE010F-0609-4EED-B425-7FF7FE59D958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{97F8CFDC-87D4-442A-A4DA-B513D24373DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{CC6E35D1-B4CD-44CD-ABB7-072F59DD0C96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{C5B6E01D-6F6B-49F9-B468-2F2B1A7013E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{99B1D768-FF86-4C28-92EE-93572DA54B44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{9CACC015-2DB6-4749-80F3-F131712DD2DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{12C9026D-0E8B-4118-8BE9-D9D5CEAED0B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{2E9FCCC7-3928-434B-BB9F-F74DEEACC046}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{6321D8F2-3D6C-4E8A-A3C7-83221B38C1B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{5B581580-FB26-4572-871C-C63F8F981A00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{A24CBC7F-6630-49A3-ABD3-1ED33708E229}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{ED2A022E-4416-455B-8E9E-4040929CA2A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{5DBB3246-0AB1-475C-A0D9-4248F3483576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{BFC863D2-D494-4E53-945E-EDE4DEC50360}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{864263A9-7896-4F30-BE84-5323A2197700}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E15E3DD-1E79-47F5-A746-63F19F7DF7FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{760AC3AA-6CB3-45EC-A4E3-00300721B9C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{25F555AA-5B91-48C3-8430-8A49D30D26D5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{D845FFBE-1121-4974-8111-497583A0C543}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{852BB8A6-7621-45E4-8DFB-0CB47806D52D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0F96277D-DED8-4242-AC8D-42E88F55F9E1}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5C5C8711-16C3-445F-84E9-9C912C2C2075}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{7702FB61-BFE4-4FEE-A590-8FA48E7C8771}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D9D93B47-1B5D-4F8E-B29A-2314A2CE0135}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{33D5BCCF-8B98-4EC2-A515-1F66C251AB0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{65002CA2-07F8-4A8F-8C95-41820839E593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{3A75E9CA-CA22-4634-9776-19FE605BF809}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{612EA71B-F1ED-43A8-A035-F1A3F0C605D1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{09023AE8-8F28-4A61-B968-31607CB383D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DF96D710-23DF-4F8D-BD82-DBE66FAF4573}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0F7C3FDB-048D-4E58-BC4A-CCF630D511A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{64BFC4BE-FA47-42BF-AA87-00CAF6944D49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9F56F9FA-82E9-4719-B35F-1A577C8EC174}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3E2E7298-2CDC-4568-8E01-FFF24D143F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{A43382C8-7C56-437F-8EC9-D2491266C936}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{E4C363D8-854A-4F37-A6FE-41B4D06B6892}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8B660F5-D584-4E48-8C6B-AEB649BD9B8C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{08139D3B-725D-4AB3-9B80-060E79F6B81C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe
FirewallRules: [{72C61C97-1B0B-41A7-ACA3-57AAE557EE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe
FirewallRules: [{0C564B60-2669-4D2E-B7C8-07BC4AB4FC84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{30F6B9A0-18B5-4BE2-B736-4E43AD251777}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{D6966979-8272-4CB9-8218-5974E6315A56}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A0D98D33-66A9-4ECA-8BCA-FE595282F810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{14E9CC24-367C-4506-81DC-DD74671B4BF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{CA8E0530-CE5B-4F68-B386-A6A9CBF05AAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{2125F09D-45D9-41A6-B1BC-D021282C5E60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{5A6FE9A3-93A8-4EAD-B92C-7D155BBE1F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{9C674FFD-4CFE-46F6-A1FE-2BEE892247CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{2A6BE8D7-DE5E-4A5A-AA95-065D9A615FB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splice\Splice.exe
FirewallRules: [{E28F65E8-2F7F-4F17-A195-7E6D6A100ACD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splice\Splice.exe
FirewallRules: [{B3877C3B-DA71-4376-B8B7-D51D9501EE5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{43F808A3-F9E2-4A66-9B81-D7ACD81703C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{6F2138FE-4433-4528-B6E0-0C3CCC840A55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo Demo\WorldOfGoo.exe
FirewallRules: [{82746E97-0AF2-473A-B570-A160B9F749A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo Demo\WorldOfGoo.exe
FirewallRules: [{A7A292DE-4B56-4753-B12B-DAAE5E56F12C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Home\home-win-eng.exe
FirewallRules: [{989F1C2A-ED9B-4032-B96D-A28BDAF62A22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Home\home-win-eng.exe
FirewallRules: [{59B0CE4D-0655-45D2-995F-A8100F7079C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{F458D124-E45C-4C2A-96B2-ECA807158E1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{080495A3-A7C1-4838-A126-DE69F203FD5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BGT\DjinniSecure.exe
FirewallRules: [{8C02501E-E065-4C26-976D-1662A8CFD222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BGT\DjinniSecure.exe
FirewallRules: [{3C58EA59-2E4B-4F1C-BFD5-3BCD40E82339}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{A48AABF4-782A-45B8-A996-66D6B80E9093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{A5D9FEFB-6397-412B-82AF-0C907145F3B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EYE\EYE.exe
FirewallRules: [{AB8589E0-CF96-4901-AF9D-859110D84FD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EYE\EYE.exe
FirewallRules: [{AC7A5679-37F4-4DEB-9762-B1973397EBB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
FirewallRules: [{055C1692-09FE-4F7B-A886-0318C2A1E7E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
FirewallRules: [{74D1E71B-C4AF-4AE6-B490-E89F42151C5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{EFECC745-58A8-499B-A453-4C58FE968C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{D6DE9ED6-64F6-481D-BD8D-A3E7B340CD03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{7EE7DDB7-D699-4CBA-BF88-3000D3A7B042}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{852D6EE5-418F-409A-AC95-137B662CFCB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AI War Fleet Command\AIWar.exe
FirewallRules: [{34ED12E4-C977-4E9B-9BA6-59215A806492}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AI War Fleet Command\AIWar.exe
FirewallRules: [{A984ADA1-6004-494B-89A5-4D0D9F3C2BF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{35CF43B1-C5C1-476D-9B72-A798065F7814}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{8093A12F-5C72-460A-967F-AED2A78F97D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe
FirewallRules: [{5BC3B6B7-2DB0-442D-9AF6-35CFCE756FB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe
FirewallRules: [{ACF27C62-631F-426B-BD50-AFDB6BAFEBE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{D2C0FB92-0082-4F52-BA0E-24B9CE060860}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{0DA7EEF7-AC55-470A-BF57-909AEFD0FC9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{408987EB-80AC-4325-8060-864FA56B8568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{694877DD-0629-4634-9071-92E208C9A9B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{BA2FC837-0D0F-4410-A8B3-E488C347167E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{3F55392D-AD08-4190-B4FF-7B4CBBE22A31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{78914D94-D8E4-432E-8DE5-7BD7236DF484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{09C2BF8F-5E1A-43C0-A16A-4BB4D3964DE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF3C442F-E63B-4A97-97DC-70384C4B1DB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA62F03D-5750-443A-B0A2-6009571E8B95}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDA424A2-7C19-4498-BD41-80626F21E5DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{648B7508-D389-4130-B2ED-60373806FC4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\super house of dead ninjas\SHODN.exe
FirewallRules: [{006671D1-6BDA-44EB-A04C-107D83D6364C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\super house of dead ninjas\SHODN.exe
FirewallRules: [{C7D01A24-32C4-4003-8CF3-C075E30CAFD4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2B027DB6-39B0-4B59-BD69-299A203A5A05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kero Blaster\KeroBlaster.exe
FirewallRules: [{4218096E-FB3E-484B-843C-10644BC86E96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kero Blaster\KeroBlaster.exe

==================== Faulty Device Manager Devices =============

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2015 03:28:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2015 09:54:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2015 03:34:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2015 11:05:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (11/16/2015 11:05:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (11/16/2015 11:05:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2015 01:25:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x3e4
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (11/13/2015 03:17:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2015 03:20:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sManager.exe, version: 2.2.2.4, time stamp: 0x56045e0d
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000374
Fault offset: 0x000ced0b
Faulting process id: 0x2094
Faulting application start time: 0xsManager.exe0
Faulting application path: sManager.exe1
Faulting module path: sManager.exe2
Report Id: sManager.exe3

Error: (11/12/2015 01:58:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FlashCtrlWnd.exe version 1.0.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2d34

Start Time: 01d11d7bdb7f4ece

Termination Time: 0

Application Path: C:\Program Files (x86)\Samsung\Easy Settings\FlashCtrlWnd.exe

Report Id: 574596f5-896f-11e5-92ed-c485081e2df9


System errors:
=============
Error: (11/18/2015 11:45:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/17/2015 10:00:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/17/2015 09:53:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
%%109

Error: (11/17/2015 09:53:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (11/17/2015 09:53:40 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/17/2015 09:53:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (11/17/2015 09:53:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (11/17/2015 09:53:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (11/17/2015 09:53:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (11/17/2015 09:52:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-11-17 20:55:26.885
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-17 20:55:26.862
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-17 20:55:26.609
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-17 20:55:26.584
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-17 20:55:24.314
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-17 20:55:24.299
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-17 20:55:24.103
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-17 20:55:24.089
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-06-22 22:38:01.857
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-22 22:38:01.809
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ladfDHP2amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3615QM CPU @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 5925.54 MB
Available physical RAM: 2984.27 MB
Total Virtual: 11849.28 MB
Available Virtual: 8262.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:675.16 GB) (Free:454.61 GB) NTFS
Drive f: () (Removable) (Total:29.71 GB) (Free:29.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: E1F1321C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.4 GB) - (Type=27)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)

========================================================
Disk: 2 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 


  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
AdwCleaner had done the job. Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.

Regards,
Valinorum
  • 0

#5
Soccer88

Soccer88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
# DelFix v1.011 - Logfile created 18/11/2015 at 23:32:07
# Updated 18/08/2015 by Xplode
# Username : *'s Laptop - LAPTOP-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.1.0.6_17.11.2015_19.23.58_log.txt
Deleted : C:\Users\*'s Laptop\Desktop\Addition.txt
Deleted : C:\Users\*'s Laptop\Desktop\AdwCleaner[C1].txt
Deleted : C:\Users\*'s Laptop\Desktop\FRST.txt
Deleted : C:\Users\*'s Laptop\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #469 [Zemana AntiMalware 11/17/2015 8:27:27 PM | 11/18/2015 01:27:27]
Deleted : RP #470 [Zemana AntiMalware 11/17/2015 9:41:25 PM | 11/18/2015 02:41:25]
Deleted : RP #471 [JRT Pre-Junkware Removal | 11/18/2015 02:59:45]
Deleted : RP #472 [Windows Backup | 11/18/2015 17:00:05]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Surf safely. :)
  • 0

#7
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP