Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run Ace Player - This program is blocked by group policy err

Started by CornerSniper , Jan 18 2016 06:59 PM

  • This topic is locked This topic is locked

#1
CornerSniper
Posted 18 January 2016 - 06:59 PM

CornerSniper

    Member

  • Member
  • PipPip
  • 11 posts
This is the closest forum I could find that matches my problem.
 
For some reason, I can't use Ace Player (C:\Users\name_removed\AppData\Roaming\ACEStream\player\ace_player.exe) and I get the "This program is blocked by group policy. For more information, contact your system administrator".
 
This was working a couple days ago but just stopped working. 
 
ScDYcFp.png
 
Any ideas on how to solve this would be greatly appreciated.
  • 0

Advertisements

#2
BrianDrab
Posted 18 January 2016 - 07:16 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Let's take a look to see if this may be caused by malware. Please do the following.

 

Fresh Set of Logs Needed
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.


  • 0

#3
CornerSniper
Posted 21 January 2016 - 10:36 PM

CornerSniper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you, both files below.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by name_removed (administrator) on EPCATORW0175 (21-01-2016 23:34:21)
Running from C:\Users\name_removed\Desktop
Loaded Profiles: name_removed (Available Profiles: name_removed)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
() C:\Program Files\MariaDB 10.1\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Simon Tatham) C:\Users\name_removed\Tools\putty\pageant.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Program Files\MSOffice\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\MSOffice\Office15\lync.exe
(Microsoft Corporation) C:\Program Files\MSOffice\Office15\UcMapi.exe
() C:\Program Files\MSOffice\Office15\lynchtmlconv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\name_removed\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Microsoft Corporation) C:\Program Files\MSOffice\Office15\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Simon Tatham) C:\Users\name_removed\Tools\putty\putty.exe
() C:\Program Files\Gramblr\gramblr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Audition CC 2014\Adobe Audition CC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\dynamiclink\7.0\dynamiclinkmanager.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\dynamiclinkmediaserver.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\32\Adobe QT32 Server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\32\dynamiclinkmanager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\32\Adobe QT32 Server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [718168 2014-04-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-12-31] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-12-31] (Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-06-04] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-12-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731 Group Policy restriction on software: yammer.exe <====== ATTENTION
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Run: [Lync] => C:\Program Files\MSOffice\Office15\lync.exe [27879080 2015-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Run: [AceStream] => C:\Users\name_removed\AppData\Roaming\ACEStream\engine\ace_engine.exe [27000 2015-12-17] ()
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Run: [Google Update] => C:\Users\name_removed\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-20] (Google Inc.)
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Run: [MusicManager] => C:\Users\name_removed\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\RunOnce: [Adobe Speed Launcher] => 1453131578
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Policies\Explorer: [NoRecycleFiles] 1
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\MSOffice\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\MSOffice\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\MSOffice\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\Users\name_removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pageant.exe.lnk [2015-08-08]
ShortcutTarget: pageant.exe.lnk -> C:\Users\name_removed\Tools\putty\pageant.exe (Simon Tatham)
Startup: C:\Users\name_removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\MSOffice\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{21E70B07-1427-43BF-B8AB-F48C3D4A81FA}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{4F28D7D2-1BE7-418B-98C0-AE59DCE697E9}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{602BA4DB-2FA9-4838-900E-47BE2C2B3EB7}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{602BA4DB-2FA9-4838-900E-47BE2C2B3EB7}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{CE5A630A-05F7-45D0-BD89-2306CA15F15C}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{D3E1F9E0-BAF2-46CD-B601-04650431D5C4}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{FBE8AB00-2F28-496B-B4F7-419E7F4967B8}: [NameServer] 208.87.151.28,208.87.151.29
 
Internet Explorer:
==================
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://km.epam.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\MSOffice\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\MSOffice\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\MSOffice\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-04] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-09-12] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://access.cantire.com/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\MSOffice\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll [2015-11-04] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2015-11-04] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\name_removed\AppData\Roaming\Mozilla\Firefox\Profiles\jr2zyn95.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-30] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MSOffice\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-30] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @swanneye.com/npSwannEyeHD,version=2.2.5 -> C:\Program Files (x86)\SwannEye HD\npSwannEyeHD.dll [2013-09-16] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-12-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2676001572-3131771074-2776907194-16731: @acestream.net/acestreamplugin,version=3.1.2 -> C:\Users\name_removed\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2676001572-3131771074-2776907194-16731: @tools.google.com/Google Update;version=3 -> C:\Users\name_removed\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2676001572-3131771074-2776907194-16731: @tools.google.com/Google Update;version=9 -> C:\Users\name_removed\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2676001572-3131771074-2776907194-16731: SkypeForBusinessPlugin-15.8 -> C:\Users\name_removed\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi.dll [2015-04-20] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2676001572-3131771074-2776907194-16731: SkypeForBusinessPlugin64-15.8 -> C:\Users\name_removed\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi-x64.dll [2015-04-20] (Microsoft Corporation)
FF user.js: detected! => C:\Users\name_removed\AppData\Roaming\Mozilla\Firefox\Profiles\jr2zyn95.default\user.js [2015-12-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-10-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-10-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-10-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-10-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-10-05] (Apple Inc.)
FF Extension: Ace Stream Web Extension - C:\Users\name_removed\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
FF HKLM\...\Firefox\Extensions: [{3153FCBA-C35A-451F-b894-6D49370CF040}] - C:\Program Files\groover261220150605\Firefox\{3153FCBA-C35A-451F-b894-6D49370CF040}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{3153FCBA-C35A-451F-b894-6D49370CF040}] - C:\Program Files\groover261220150605\Firefox\{3153FCBA-C35A-451F-b894-6D49370CF040}.xpi => not found
FF HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Firefox\Extensions: [[email protected]] - C:\Users\name_removed\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-05-21]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-01-20]
CHR Extension: (Google Drive) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-13]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-11]
CHR Extension: (Google Search) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpaohcncbmkojcpcjaojcehdlnjfbjkl [2016-01-07]
CHR Extension: (AudioRecorder) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk [2016-01-03]
CHR Extension: (__MSG_2714752802779336020__) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-01-21]
CHR Extension: (Postman) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-01-21]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2015-12-23]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclkcflnjahgejhappicbhcpllkpakej [2016-01-20]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-20]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop [2016-01-16]
CHR Extension: (StackEdit) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiooodelglhkcpgbajoejffhijaclcdg [2015-05-21]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-11]
CHR Extension: (Evernote Web) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-05-21]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfiibbceomojcojoaidegomjakaglgke [2015-10-01]
CHR Extension: (Poppit!) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-05-21]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-10-17]
CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2015-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Entanglement Web App) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojohjpgmcfnholboljmkbcchbipcbci [2016-01-16]
CHR Extension: (Gmail) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-21]
CHR Extension: (Writer) - C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2015-05-21]
CHR HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-04-26] (Alps Electric Co., Ltd.)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1571000 2013-09-10] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [577720 2013-09-10] (Microsoft Corporation)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10389584 2015-12-29] () [File not signed]
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1385280 2013-12-10] (Microsoft Corp.)
R2 MySQL; C:\Program Files\MariaDB 10.1\bin\mysqld.exe [13434184 2015-11-20] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-12-31] (Realtek Semiconductor)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [276152 2013-09-10] (Microsoft Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35936 2013-04-09] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20160105.011\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-04-26] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-04-26] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20160120.011\IDSvia64.sys [767224 2015-12-11] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-12-31] (Realtek Semiconductor Corp.)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [20192 2013-10-15] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-07-22] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20160121.021\ENG64.SYS [138488 2015-12-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20160121.021\EX64.SYS [2148080 2015-12-15] (Symantec Corporation)
R1 NEOFLTR_740_38293; C:\WINDOWS\system32\Drivers\NEOFLTR_740_38293.SYS [108344 2015-09-07] (Juniper Networks)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-12-11] (O2Micro )
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [69896 2014-04-23] (STMicroelectronics)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-12-11] (STMicroelectronics)
S3 swg3knmea05; C:\Windows\system32\drivers\swg3knmea05.sys [272272 2014-04-26] (Sierra Wireless Incorporated)
S3 swg3kser05; C:\Windows\system32\drivers\swg3kser05.sys [272272 2014-04-26] (Sierra Wireless Incorporated)
S3 swibus05; C:\Windows\system32\drivers\swibus05.sys [88848 2014-04-26] (Sierra Wireless Inc.)
S3 swibusflt05; C:\Windows\system32\drivers\swibusflt05.sys [88848 2014-04-26] (Sierra Wireless Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2015-04-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-04-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-21 23:34 - 2016-01-21 23:34 - 00037406 _____ C:\Users\name_removed\Desktop\FRST.txt
2016-01-21 23:34 - 2016-01-21 23:34 - 00000000 ____D C:\FRST
2016-01-21 23:33 - 2016-01-21 23:33 - 02370560 _____ (Farbar) C:\Users\name_removed\Desktop\FRST64.exe
2016-01-21 10:00 - 2016-01-21 10:00 - 00045695 _____ C:\Users\name_removed\Desktop\Phase2Roadmap_Jan21 (002).pptx
2016-01-21 09:30 - 2016-01-21 09:30 - 00045875 _____ C:\Users\name_removed\Documents\Phase2Roadmap_Jan21.pptx
2016-01-20 23:21 - 2016-01-21 22:48 - 02283452 _____ C:\Users\name_removed\Desktop\TeamUpdate.pptx
2016-01-20 20:37 - 2016-01-20 23:06 - 36506212 _____ C:\Users\name_removed\Desktop\patreon.psd
2016-01-20 20:27 - 2016-01-20 20:27 - 00032796 _____ C:\Users\name_removed\Desktop\ZcXBN-bw (1).jpeg
2016-01-20 16:00 - 2016-01-20 16:00 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2016-01-20 15:56 - 2016-01-21 23:01 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2676001572-3131771074-2776907194-16731UA.job
2016-01-20 15:56 - 2016-01-21 17:09 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2676001572-3131771074-2776907194-16731Core.job
2016-01-20 15:56 - 2016-01-20 15:56 - 00927824 _____ (Google Inc.) C:\Users\name_removed\Downloads\musicmanagerinstaller.exe
2016-01-20 15:56 - 2016-01-20 15:56 - 00003926 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2676001572-3131771074-2776907194-16731UA
2016-01-20 15:56 - 2016-01-20 15:56 - 00003530 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2676001572-3131771074-2776907194-16731Core
2016-01-20 00:58 - 2016-01-20 00:58 - 00000000 ____D C:\TEMP
2016-01-20 00:56 - 2016-01-20 00:56 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-01-20 00:56 - 2016-01-20 00:56 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\IrfanView
2016-01-20 00:56 - 2016-01-20 00:56 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-01-20 00:55 - 2016-01-20 00:55 - 02122336 _____ (Irfan Skiljan) C:\Users\name_removed\Downloads\iview441_setup.exe
2016-01-20 00:55 - 2016-01-20 00:55 - 00000000 ____D C:\Users\name_removed\Downloads\kiev
2016-01-20 00:53 - 2016-01-20 00:53 - 106613136 _____ C:\Users\name_removed\Downloads\album-51453025-downloads.zip
2016-01-19 15:18 - 2016-01-19 15:18 - 00319995 _____ C:\Users\name_removed\Downloads\lame_v3.99.5 (2).zip
2016-01-19 10:00 - 2016-01-19 10:31 - 01338268 _____ C:\Users\name_removed\Desktop\CloudVsLocal.pptx
2016-01-19 09:59 - 2016-01-20 15:16 - 00000800 _____ C:\Users\name_removed\Desktop\mohamad backlog.txt
2016-01-18 22:09 - 2016-01-18 22:09 - 01171627 _____ C:\Users\name_removed\Downloads\Influence_-_The_Psychology_of_Persuasion_-_Robert_B._Cialdini.mobi
2016-01-18 19:58 - 2014-10-01 05:57 - 00117544 _____ (Innovative Digital Technologies) C:\Users\name_removed\Desktop\ace_player.exe
2016-01-18 19:51 - 2016-01-18 19:51 - 00002063 _____ C:\Users\name_removed\Desktop\Ace Stream Media Center.lnk
2016-01-18 19:51 - 2016-01-18 19:51 - 00001959 _____ C:\Users\name_removed\Desktop\Ace Player.lnk
2016-01-18 19:51 - 2016-01-18 19:51 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2016-01-18 19:49 - 2016-01-18 19:50 - 79522432 _____ C:\Users\name_removed\Downloads\Ace_Stream_Media_3.1.2.exe
2016-01-18 12:46 - 2016-01-18 12:46 - 00187457 _____ C:\Users\name_removed\Downloads\Leon.Chan-2016-01-18_12-40-25.split.zip
2016-01-18 12:46 - 2016-01-18 12:46 - 00000000 ____D C:\Users\name_removed\Downloads\Split
2016-01-18 12:41 - 2016-01-18 12:40 - 00198814 _____ C:\Users\name_removed\Desktop\Leon.Chan-2016-01-18_12-40-25.pdf
2016-01-18 12:33 - 2016-01-18 12:36 - 00290541 _____ C:\Users\name_removed\Downloads\Raptors Republic Inc T2 2014 (1).pdf
2016-01-18 11:42 - 2016-01-20 15:19 - 00014821 _____ C:\Users\name_removed\Desktop\Re-Estimate.xlsx
2016-01-18 11:11 - 2016-01-18 11:11 - 00048392 _____ C:\Users\name_removed\Downloads\JIRA (10).xls
2016-01-18 09:44 - 2016-01-18 09:44 - 00352043 _____ C:\Users\name_removed\Desktop\Re-Estimating.pdf
2016-01-17 13:02 - 2016-01-17 13:04 - 47806708 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-13h02m09s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 13:01 - 2016-01-17 13:02 - 14129516 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-13h01m20s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:57 - 2016-01-17 13:01 - 73383732 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h57m07s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:47 - 2016-01-17 12:57 - 170502840 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h47m25s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:44 - 2016-01-17 12:47 - 45176212 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h44m52s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:42 - 2016-01-17 12:44 - 45291644 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h42m19s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:40 - 2016-01-17 12:42 - 26641292 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h40m49s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:37 - 2016-01-17 12:40 - 53623240 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h37m36s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:35 - 2016-01-17 12:37 - 34077820 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h35m37s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:28 - 2016-01-17 12:35 - 119000428 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h28m49s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:25 - 2016-01-17 12:28 - 58405584 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h25m28s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:24 - 2016-01-17 12:25 - 16732752 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h24m30s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:23 - 2016-01-17 12:24 - 18087856 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h23m28s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:22 - 2016-01-17 12:23 - 17358228 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h22m28s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:19 - 2016-01-17 12:22 - 52799236 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h19m27s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:18 - 2016-01-17 12:19 - 13479412 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h18m39s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 12:07 - 2016-01-17 12:18 - 191331548 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-12h07m16s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:59 - 2016-01-17 12:07 - 127208132 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h59m43s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:57 - 2016-01-17 11:59 - 39842464 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h57m23s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:51 - 2016-01-17 11:57 - 96539128 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h51m48s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:49 - 2016-01-17 11:51 - 40218088 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h49m29s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:46 - 2016-01-17 11:49 - 56232304 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h46m14s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:45 - 2016-01-17 11:46 - 11685516 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h45m33s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:44 - 2016-01-17 11:45 - 26477920 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h44m01s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:43 - 2016-01-17 11:44 - 04580620 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h43m45s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:37 - 2016-01-17 11:43 - 103974716 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h37m52s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:36 - 2016-01-17 11:37 - 19740188 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h36m44s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:35 - 2016-01-17 11:36 - 15692548 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h35m50s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:28 - 2016-01-17 11:35 - 120804852 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h28m53s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:27 - 2016-01-17 11:28 - 18727620 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h27m50s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:26 - 2016-01-17 11:27 - 30317068 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h26m06s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:25 - 2016-01-17 11:26 - 07288008 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h25m40s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:23 - 2016-01-17 11:23 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\name_removed\Downloads\rkill64-6949.exe
2016-01-17 11:23 - 2016-01-17 11:23 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\name_removed\Downloads\rkill64.exe
2016-01-17 11:23 - 2016-01-17 11:23 - 00002580 _____ C:\Users\name_removed\Desktop\Rkill.txt
2016-01-17 11:23 - 2016-01-17 11:23 - 00000000 ____D C:\Users\name_removed\Desktop\rkill
2016-01-17 11:22 - 2016-01-17 11:22 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\name_removed\Downloads\rkill.exe
2016-01-17 11:20 - 2016-01-17 11:25 - 97559404 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h20m02s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:18 - 2016-01-17 11:20 - 34790904 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h18m02s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-17 11:17 - 2016-01-17 11:17 - 06372448 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-17-11h17m36s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-15 23:33 - 2016-01-15 23:55 - 00009984 _____ C:\Users\name_removed\Desktop\ScreenStatus.xlsx
2016-01-15 14:30 - 2016-01-15 14:30 - 00113343 _____ C:\Users\name_removed\Desktop\CYuoQfgUoAEFzIU.jpg-large
2016-01-15 14:12 - 2016-01-15 14:12 - 00089008 _____ C:\Users\name_removed\Downloads\JIRA (9).xls
2016-01-15 13:37 - 2016-01-15 13:37 - 00085671 _____ C:\Users\name_removed\Downloads\JIRA (8).xls
2016-01-15 13:29 - 2016-01-15 13:29 - 00106125 _____ C:\Users\name_removed\Downloads\APO work in PoC (JIRA).xls
2016-01-15 13:26 - 2016-01-15 13:26 - 00089770 _____ C:\Users\name_removed\Downloads\Product Inquiry work in PoC (JIRA).xls
2016-01-15 12:07 - 2016-01-15 12:07 - 00079934 _____ C:\Users\name_removed\Downloads\JIRA (7).xls
2016-01-15 12:04 - 2016-01-15 12:04 - 00087047 _____ C:\Users\name_removed\Downloads\JIRA (6).xls
2016-01-14 21:01 - 2016-01-14 21:01 - 00062489 _____ C:\Users\name_removed\Downloads\Epics (JIRA) (4).xls
2016-01-14 19:38 - 2016-01-14 19:38 - 08897680 _____ C:\Users\name_removed\Downloads\Rapcast.wav
2016-01-14 19:38 - 2016-01-14 19:38 - 00370716 _____ C:\Users\name_removed\Downloads\Rapcast.pkf
2016-01-14 16:03 - 2016-01-14 16:03 - 00074711 _____ C:\Users\name_removed\Downloads\JIRA (5).xls
2016-01-14 16:01 - 2016-01-14 16:01 - 00057984 _____ C:\Users\name_removed\Downloads\JIRA (4).xls
2016-01-14 15:59 - 2016-01-14 15:59 - 00054190 _____ C:\Users\name_removed\Downloads\JIRA (3).xls
2016-01-14 15:58 - 2016-01-14 15:58 - 00009930 _____ C:\Users\name_removed\Downloads\JIRA (2).xls
2016-01-14 15:58 - 2016-01-14 15:58 - 00000000 ____D C:\Users\name_removed\Downloads\JIRA (2)_files
2016-01-14 15:57 - 2016-01-14 15:57 - 00048641 _____ C:\Users\name_removed\Downloads\JIRA (1).xls
2016-01-14 15:54 - 2016-01-14 15:54 - 00042921 _____ C:\Users\name_removed\Downloads\JIRA.xls
2016-01-14 15:45 - 2016-01-14 21:02 - 00000000 ____D C:\Users\name_removed\Downloads\Sprint Data
2016-01-14 15:45 - 2016-01-14 15:45 - 00000000 ____D C:\Users\name_removed\Downloads\JIRA (19)_files
2016-01-14 10:54 - 2016-01-14 10:54 - 00061207 _____ C:\Users\name_removed\Downloads\Epics (JIRA) (3).xls
2016-01-14 10:47 - 2016-01-14 10:47 - 00061213 _____ C:\Users\name_removed\Downloads\Epics (JIRA) (2).xls
2016-01-14 10:41 - 2016-01-14 10:41 - 00000072 _____ C:\Users\name_removed\Desktop\save.txt
2016-01-14 09:41 - 2016-01-18 11:07 - 01504271 _____ C:\Users\name_removed\Desktop\Re-Estimating.pptx
2016-01-14 09:25 - 2016-01-14 09:25 - 00000000 ____D C:\Users\name_removed\Documents\OneNote Notebooks
2016-01-14 00:40 - 2016-01-14 00:40 - 00395802 _____ C:\Users\name_removed\Downloads\20160104GRNSTD001.pdf
2016-01-13 20:04 - 2016-01-13 20:50 - 300246709 _____ C:\Users\name_removed\Downloads\video-sd (2).mp4
2016-01-13 16:51 - 2016-01-13 16:52 - 21429744 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h51m08s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:50 - 2016-01-13 16:51 - 13576044 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h50m20s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:49 - 2016-01-13 16:50 - 13532616 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h49m31s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:47 - 2016-01-13 16:52 - 78037296 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h47m49s-ArenaVision_14_-.ts
2016-01-13 16:39 - 2016-01-13 16:49 - 162721708 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h39m48s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:38 - 2016-01-13 16:39 - 20808404 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h38m33s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:35 - 2016-01-13 16:38 - 45882716 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h35m45s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:34 - 2016-01-13 16:47 - 222868548 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h34m14s-ArenaVision_14_-.ts
2016-01-13 16:33 - 2016-01-13 16:35 - 41393464 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h33m20s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:31 - 2016-01-13 16:33 - 32018844 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h31m32s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:28 - 2016-01-13 16:31 - 56959488 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h28m06s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:23 - 2016-01-13 16:28 - 72413276 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h23m55s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:21 - 2016-01-13 16:23 - 49919076 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h21m04s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:17 - 2016-01-13 16:21 - 60042876 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h17m39s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:16 - 2016-01-13 16:17 - 12473236 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h16m57s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:15 - 2016-01-13 16:16 - 24546972 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h15m32s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:14 - 2016-01-13 16:15 - 18555976 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h14m26s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:12 - 2016-01-13 16:14 - 32572880 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h12m34s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:10 - 2016-01-13 16:12 - 28838636 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h10m54s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:10 - 2016-01-13 16:10 - 07788464 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h10m25s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:07 - 2016-01-13 16:10 - 46671564 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h07m45s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 16:05 - 2016-01-13 16:07 - 33195160 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-16h05m52s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:48 - 2016-01-13 16:05 - 284225732 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h48m47s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:47 - 2016-01-13 15:48 - 17065324 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h47m48s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:44 - 2016-01-13 15:47 - 60215084 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h44m17s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:43 - 2016-01-13 15:44 - 19507068 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h43m09s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:39 - 2016-01-13 15:43 - 57389632 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h39m51s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:35 - 2016-01-13 15:39 - 70292448 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h35m47s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:35 - 2016-01-13 15:35 - 10736680 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h35m09s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:34 - 2016-01-13 15:35 - 06272620 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h34m46s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:31 - 2016-01-13 15:34 - 51725568 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h31m50s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:30 - 2016-01-13 15:31 - 16976024 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h30m52s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:29 - 2016-01-13 15:30 - 27962744 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h29m16s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:27 - 2016-01-13 15:29 - 36583108 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h27m11s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:26 - 2016-01-13 15:27 - 15385168 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h26m02s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:22 - 2016-01-13 15:26 - 60552732 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h22m35s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:21 - 2016-01-13 15:22 - 17098976 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h21m31s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:20 - 2016-01-13 15:21 - 13792432 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h20m41s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:18 - 2016-01-13 15:20 - 44786676 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h18m08s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:15 - 2016-01-13 15:16 - 20131792 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h15m21s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:14 - 2016-01-13 15:15 - 05790024 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h14m58s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:12 - 2016-01-13 15:14 - 52540360 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h12m01s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:11 - 2016-01-13 15:12 - 14791088 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h11m04s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:09 - 2016-01-13 15:11 - 34150388 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h09m07s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:07 - 2016-01-13 15:09 - 23846672 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h07m45s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:06 - 2016-01-13 15:07 - 21869100 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h06m30s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:03 - 2016-01-13 15:05 - 11830088 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h03m41s-http___127.0.0.1_8902_tv.asf-.ts
2016-01-13 15:01 - 2016-01-13 15:06 - 51968464 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-13-15h01m24s-ArenaVision_14_-.ts
2016-01-12 23:36 - 2016-01-12 23:36 - 01338631 _____ C:\Users\name_removed\Desktop\Demo - Bug Template.pptx
2016-01-12 13:20 - 2016-01-12 14:30 - 00011891 _____ C:\Users\name_removed\Documents\bonuses.xlsx
2016-01-12 12:52 - 2016-01-12 12:52 - 00001265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-01-12 12:52 - 2016-01-12 12:52 - 00001253 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-01-11 19:27 - 2016-01-14 11:31 - 00048099 _____ C:\Users\name_removed\Desktop\Phase2Roadmap [Jan 11].pptx
2016-01-11 19:27 - 2016-01-11 19:27 - 00045784 _____ C:\Users\name_removed\Desktop\Phase2Roadmap.pptx
2016-01-11 16:41 - 2016-01-11 16:41 - 00290541 _____ C:\Users\name_removed\Downloads\Raptors Republic Inc T2 2014.pdf
2016-01-11 16:41 - 2016-01-11 16:41 - 00261489 _____ C:\Users\name_removed\Downloads\Raptors Republic Inc T2 2013.pdf
2016-01-11 14:01 - 2016-01-12 19:22 - 02470217 _____ C:\Users\name_removed\Downloads\Frontier Dealer Demo 13 - January 12, 2015.pptx
2016-01-11 14:00 - 2016-01-11 14:00 - 01818541 _____ C:\Users\name_removed\Downloads\Frontier Dealer Demo 13 - January 11, 2015.pptx
2016-01-11 11:18 - 2016-01-11 14:14 - 00000124 _____ C:\Users\name_removed\Desktop\f1.txt
2016-01-10 22:19 - 2016-01-10 22:19 - 00023206 _____ C:\Users\name_removed\Downloads\censor-beep-01.wav
2016-01-10 17:08 - 2016-01-10 17:08 - 28151404 _____ C:\Users\name_removed\Downloads\jan 10-.m4a
2016-01-10 14:37 - 2008-05-06 00:32 - 385989262 _____ C:\Users\name_removed\Desktop\STE-000.wav
2016-01-09 22:26 - 2016-01-09 22:50 - 994003958 _____ C:\Users\name_removed\Downloads\Match of The Day 09012916 FA Cup Round 3 720p.mp4
2016-01-09 11:52 - 2016-01-09 11:54 - 73635840 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h52m39s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:50 - 2016-01-09 11:52 - 98816936 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h50m14s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:50 - 2016-01-09 11:50 - 08754596 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h50m01s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:45 - 2016-01-09 11:50 - 171829368 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h45m34s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:38 - 2016-01-09 11:45 - 283849732 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h38m22s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:35 - 2016-01-09 11:38 - 124696076 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h35m11s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:31 - 2016-01-09 11:35 - 164195816 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h31m17s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:29 - 2016-01-09 11:31 - 77459948 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h29m37s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:26 - 2016-01-09 11:29 - 125776700 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h26m39s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:24 - 2016-01-09 11:26 - 85054396 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h24m53s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:22 - 2016-01-09 11:24 - 78423260 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h22m55s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:20 - 2016-01-09 11:22 - 117471612 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h20m10s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:18 - 2016-01-09 11:20 - 70656980 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h18m32s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:15 - 2016-01-09 11:18 - 111884628 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h15m56s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:14 - 2016-01-09 11:15 - 53086688 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h14m43s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:13 - 2016-01-09 11:14 - 30947244 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h13m53s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:13 - 2016-01-09 11:13 - 27211496 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h13m20s-НТВ+ Футбол 1 HD-.ts
2016-01-09 11:07 - 2016-01-09 11:13 - 238628776 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-11h07m09s-НТВ+ Футбол 1 HD-.ts
2016-01-09 10:47 - 2016-01-09 11:07 - 881246616 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h47m24s-НТВ+ Футбол 1 HD-.ts
2016-01-09 10:39 - 2016-01-09 10:47 - 303716068 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h39m41s-НТВ+ Футбол 1 HD-.ts
2016-01-09 10:33 - 2016-01-09 10:39 - 247725156 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h33m30s-НТВ+ Футбол 1 HD-.ts
2016-01-09 10:31 - 2016-01-09 10:33 - 88950884 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h31m29s-НТВ+ Футбол 1 HD-.ts
2016-01-09 10:31 - 2016-01-09 10:31 - 07785080 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h31m09s-НТВ+ Футбол 1 HD-.ts
2016-01-09 10:26 - 2016-01-09 10:29 - 47524708 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h26m19s-Setanta Sports + HD-.ts
2016-01-09 10:25 - 2016-01-09 10:26 - 43894804 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h25m30s-Setanta Sports + HD-.ts
2016-01-09 10:20 - 2016-01-09 10:23 - 41110336 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h20m11s-_arenaVISION14_-.ts
2016-01-09 10:11 - 2016-01-09 10:20 - 142968548 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h11m57s-_arenaVISION14_-.ts
2016-01-09 10:11 - 2016-01-09 10:11 - 14749352 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h11m06s-_arenaVISION14_-.ts
2016-01-09 10:10 - 2016-01-09 10:11 - 07937360 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h10m37s-_arenaVISION14_-.ts
2016-01-09 10:10 - 2016-01-09 10:10 - 03162348 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h10m26s-_arenaVISION14_-.ts
2016-01-09 10:09 - 2016-01-09 10:10 - 17010616 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h09m27s-_arenaVISION14_-.ts
2016-01-09 10:03 - 2016-01-09 10:09 - 99339576 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h03m46s-_arenaVISION14_-.ts
2016-01-09 10:02 - 2016-01-09 10:03 - 23352232 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-10h02m25s-_arenaVISION14_-.ts
2016-01-09 09:54 - 2016-01-09 10:02 - 133624948 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-09h54m25s-_arenaVISION14_-.ts
2016-01-09 09:53 - 2016-01-09 09:53 - 00260192 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-09-09h53m55s-_arenaVISION14_-.ts
2016-01-08 14:45 - 2016-01-08 14:46 - 00741326 _____ C:\Users\name_removed\Desktop\Frontier High Level Test Strategy [ZS].pptx
2016-01-08 13:47 - 2016-01-08 13:47 - 00001514 _____ C:\Users\name_removed\Downloads\blockpage (3).htm
2016-01-08 13:36 - 2016-01-15 14:37 - 00001014 _____ C:\Users\name_removed\Desktop\Bandicam.lnk
2016-01-08 10:58 - 2016-01-08 10:58 - 00001512 _____ C:\Users\name_removed\Downloads\blockpage (2).htm
2016-01-07 11:27 - 2016-01-07 11:27 - 00000370 _____ C:\Users\name_removed\Desktop\f.txt
2016-01-07 10:51 - 2016-01-07 10:51 - 01493480 _____ C:\Users\name_removed\Downloads\Beyond agile Reorganizing IT for faster software delivery.pdf
2016-01-07 10:51 - 2016-01-07 10:51 - 00303583 _____ C:\Users\name_removed\Downloads\Adhocracy for an agile age.pdf
2016-01-07 10:51 - 2016-01-07 10:51 - 00239481 _____ C:\Users\name_removed\Downloads\Agile operations for volatile times.pdf
2016-01-07 10:51 - 2016-01-07 10:51 - 00099195 _____ C:\Users\name_removed\Downloads\Avoiding_the_quicksand.pdf
2016-01-07 10:50 - 2016-01-07 10:50 - 00052428 _____ C:\Users\name_removed\Downloads\Want to become agile Learn from your IT team.pdf
2016-01-07 10:40 - 2016-01-07 10:45 - 00001015 _____ C:\Users\name_removed\Desktop\APO_B2B_End_SL_Detail.ddl
2016-01-07 10:36 - 2016-01-07 10:36 - 00231407 _____ C:\Users\name_removed\Desktop\20151230-equity_no_ri_1_0_10.ddl
2016-01-07 10:36 - 2016-01-07 10:36 - 00009074 _____ C:\Users\name_removed\Downloads\20151230-schema_tables_list.txt
2016-01-06 18:05 - 2016-01-06 18:05 - 00434883 _____ C:\Users\name_removed\Desktop\CTCO-ORKE Business Trip Plan.pdf
2016-01-06 15:29 - 2016-01-06 15:29 - 296532560 _____ C:\Users\name_removed\Desktop\168516471.avi
2016-01-06 14:07 - 2016-01-06 14:07 - 19337946 _____ C:\Users\name_removed\Desktop\168516471.mp4
2016-01-06 10:57 - 2016-01-06 10:57 - 00080896 _____ C:\Users\name_removed\Downloads\RE possible UI correspondence issues.msg
2016-01-05 20:32 - 2016-01-21 23:34 - 00000000 ____D C:\ProgramData\Gramblr
2016-01-05 20:32 - 2016-01-05 20:32 - 03261545 _____ C:\Users\name_removed\Downloads\gramblr2_win64.zip
2016-01-05 20:32 - 2016-01-05 20:32 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gramblr.lnk
2016-01-05 20:32 - 2016-01-05 20:32 - 00000000 ____D C:\Program Files\Gramblr
2016-01-05 19:38 - 2016-01-05 19:38 - 01102560 _____ C:\Users\name_removed\Downloads\The-Harbus-MBA-Essay-Guide-Summer-2015-no-bonus-essays-FINAL (2).pdf
2016-01-05 15:10 - 2016-01-05 15:10 - 00038400 _____ C:\Users\name_removed\Desktop\Travel.msg
2016-01-05 10:57 - 2016-01-05 10:57 - 00122368 _____ C:\Users\name_removed\Desktop\FONT Requirement's .msg
2016-01-05 09:55 - 2016-01-08 14:45 - 00745182 _____ C:\Users\name_removed\Desktop\Frontier High Level Test Strategy.pptx
2016-01-05 09:19 - 2016-01-05 09:19 - 00012480 _____ C:\Users\name_removed\Downloads\receipt_2016-01-05.pdf
2016-01-05 00:57 - 2016-01-05 00:57 - 00009040 _____ C:\Users\name_removed\Desktop\xCapture-2-240x240.jpg.pagespeed.ic.5SDdd5oy3Y.webp
2016-01-05 00:37 - 2016-01-05 00:37 - 00009584 _____ C:\Users\name_removed\Desktop\xandreabargnanith.jpg.pagespeed.ic.dIYTeNe3yU.webp
2016-01-04 23:59 - 2016-01-04 23:59 - 01102560 _____ C:\Users\name_removed\Downloads\The-Harbus-MBA-Essay-Guide-Summer-2015-no-bonus-essays-FINAL.pdf
2016-01-04 23:59 - 2016-01-04 23:59 - 01102560 _____ C:\Users\name_removed\Downloads\The-Harbus-MBA-Essay-Guide-Summer-2015-no-bonus-essays-FINAL (1).pdf
2016-01-04 16:10 - 2016-01-04 16:10 - 00076288 _____ C:\Users\name_removed\Desktop\FW EPAM - visa pilot project.msg
2016-01-04 14:27 - 2016-01-04 14:29 - 00000000 ____D C:\Users\name_removed\Downloads\Travel Letters
2016-01-04 14:27 - 2016-01-04 14:27 - 01880848 _____ C:\Users\name_removed\Downloads\Travel Letters.split.zip
2016-01-04 14:02 - 2016-01-04 14:13 - 01877848 _____ C:\Users\name_removed\Desktop\Travel Letters.pdf
2016-01-03 22:06 - 2016-01-03 22:06 - 00728732 _____ C:\Users\name_removed\Desktop\STE-001.pkf
2016-01-03 22:04 - 2008-04-21 23:55 - 1119251534 _____ C:\Users\name_removed\Desktop\STE-001.wav
2016-01-03 20:19 - 2016-01-03 20:19 - 00540716 _____ C:\Users\name_removed\Downloads\myRecording00.wav
2016-01-03 18:53 - 2016-01-03 18:53 - 00467521 _____ C:\Users\name_removed\Desktop\raptors_luckyrock.jpeg
2016-01-03 11:50 - 2016-01-03 11:50 - 00043555 _____ C:\Users\name_removed\Downloads\CTCO-ORKE_Resource_Plan(03-Jan-2016).xlsx
2016-01-02 23:46 - 2016-01-02 23:56 - 2750467014 _____ C:\Users\name_removed\Downloads\Sioux Falls Skyforce @ Raptors 905 2016-01-02.mp4
2016-01-02 18:58 - 2016-01-04 22:01 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-02 13:17 - 2016-01-02 13:17 - 75061892 _____ C:\Users\name_removed\Desktop\the wire - how my hair look, mike-_1.avi
2016-01-02 13:15 - 2016-01-02 13:15 - 75061892 _____ C:\Users\name_removed\Desktop\the wire - how my hair look, mike-.avi
2016-01-02 13:06 - 2016-01-02 13:06 - 07079383 _____ C:\Users\name_removed\Desktop\the wire - how my hair look, mike-.mp4
2016-01-02 13:04 - 2016-01-02 13:05 - 10010728 _____ C:\Users\name_removed\Desktop\videoplayback.mp4
2016-01-02 11:51 - 2016-01-02 11:53 - 19400472 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h51m53s-%%  %ArenaVision%8-.ts
2016-01-02 11:49 - 2016-01-02 11:51 - 38242772 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h49m42s-%%  %ArenaVision%8-.ts
2016-01-02 11:48 - 2016-01-02 11:49 - 28506440 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h48m01s-%%  %ArenaVision%8-.ts
2016-01-02 11:46 - 2016-01-02 11:48 - 32762196 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h46m07s-%%  %ArenaVision%8-.ts
2016-01-02 11:42 - 2016-01-02 11:46 - 57044088 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h42m50s-%%  %ArenaVision%8-.ts
2016-01-02 11:38 - 2016-01-02 11:42 - 76509420 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h38m28s-%%  %ArenaVision%8-.ts
2016-01-02 11:37 - 2016-01-02 11:38 - 16962864 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h37m31s-%%  %ArenaVision%8-.ts
2016-01-02 11:34 - 2016-01-02 11:37 - 47912740 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h34m44s-%%  %ArenaVision%8-.ts
2016-01-02 11:33 - 2016-01-02 11:34 - 14849180 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h33m52s-%%  %ArenaVision%8-.ts
2016-01-02 11:30 - 2016-01-02 11:33 - 56932792 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h30m39s-%%  %ArenaVision%8-.ts
2016-01-02 11:29 - 2016-01-02 11:30 - 14986044 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h29m44s-%%  %ArenaVision%8-.ts
2016-01-02 11:26 - 2016-01-02 11:29 - 54823620 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h26m39s-%%  %ArenaVision%8-.ts
2016-01-02 11:23 - 2016-01-02 11:26 - 59657100 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h23m13s-%%  %ArenaVision%8-.ts
2016-01-02 11:17 - 2016-01-02 11:23 - 105984248 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h17m09s-%%  %ArenaVision%8-.ts
2016-01-02 11:15 - 2016-01-16 21:54 - 00028325 _____ C:\Users\name_removed\Desktop\PBR GREEN CTCO-ORKE - Q4.xlsx
2016-01-02 11:15 - 2016-01-13 09:30 - 00027943 _____ C:\Users\name_removed\Documents\PBR GREEN CTCO-ORKE - ZS - Q4.xlsx
2016-01-02 11:12 - 2016-01-02 11:17 - 89214084 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h12m04s-%%  %ArenaVision%8-.ts
2016-01-02 11:07 - 2016-01-02 11:12 - 76992768 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h07m44s-%%  %ArenaVision%8-.ts
2016-01-02 11:06 - 2016-01-02 11:07 - 24363672 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h06m19s-%%  %ArenaVision%8-.ts
2016-01-02 11:05 - 2016-01-02 11:06 - 14225020 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h05m29s-%%  %ArenaVision%8-.ts
2016-01-02 11:04 - 2016-01-02 11:05 - 25126012 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-11h04m05s-%%  %ArenaVision%8-.ts
2016-01-02 10:46 - 2016-01-02 11:04 - 282478648 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h46m49s-%%  %ArenaVision%8-.ts
2016-01-02 10:44 - 2016-01-02 10:46 - 46198932 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h44m08s-%%  %ArenaVision%8-.ts
2016-01-02 10:42 - 2016-01-02 10:44 - 22955928 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h42m48s-%%  %ArenaVision%8-.ts
2016-01-02 10:39 - 2016-01-02 10:42 - 55285348 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h39m40s-%%  %ArenaVision%8-.ts
2016-01-02 10:38 - 2016-01-02 10:39 - 27142500 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h38m05s-%%  %ArenaVision%8-.ts
2016-01-02 10:32 - 2016-01-02 10:38 - 90431948 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h32m50s-%%  %ArenaVision%8-.ts
2016-01-02 10:32 - 2016-01-02 10:32 - 10468592 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h32m13s-%%  %ArenaVision%8-.ts
2016-01-02 10:26 - 2016-01-02 10:29 - 46997744 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h26m48s-%%  %ArenaVision%8-.ts
2016-01-02 10:17 - 2016-01-02 10:26 - 162266748 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h17m28s-%%  %ArenaVision%8-.ts
2016-01-02 10:16 - 2016-01-02 10:17 - 24910188 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h16m03s-%%  %ArenaVision%8-.ts
2016-01-02 10:13 - 2016-01-02 10:16 - 48361684 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h13m19s-%%  %ArenaVision%8-.ts
2016-01-02 10:12 - 2016-01-02 10:13 - 17844208 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h12m18s-%%  %ArenaVision%8-.ts
2016-01-02 10:09 - 2016-01-02 10:12 - 58190700 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h09m00s-%%  %ArenaVision%8-.ts
2016-01-02 10:06 - 2016-01-02 10:08 - 44534944 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h06m31s-%%  %ArenaVision%8-.ts
2016-01-02 10:03 - 2016-01-02 10:06 - 52686624 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h03m31s-%%  %ArenaVision%8-.ts
2016-01-02 10:02 - 2016-01-02 10:03 - 18689832 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h02m28s-%%  %ArenaVision%8-.ts
2016-01-02 10:01 - 2016-01-02 10:02 - 11826140 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h01m47s-%%  %ArenaVision%8-.ts
2016-01-02 10:01 - 2016-01-02 10:01 - 11507856 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-10h01m08s-%%  %ArenaVision%8-.ts
2016-01-02 09:51 - 2016-01-02 09:51 - 00465300 _____ C:\Users\name_removed\Documents\vlc-record-2016-01-02-09h51m27s-%%  %ArenaVision%8-.ts
2016-01-01 12:22 - 2016-01-01 12:22 - 00084088 _____ C:\Users\name_removed\Desktop\test.psd
2015-12-31 15:25 - 2015-12-31 15:25 - 00519041 _____ C:\Users\name_removed\Desktop\5hz2.mp4
2015-12-31 15:22 - 2015-12-31 15:22 - 06895136 _____ C:\Users\name_removed\Desktop\GenuineShortHummingbird.avi
2015-12-31 15:22 - 2015-12-31 15:22 - 00000000 ____D C:\Users\name_removed\Desktop\zoolander.aep Logs
2015-12-31 14:42 - 2015-12-31 15:41 - 00000000 ____D C:\Users\name_removed\Desktop\Adobe After Effects Auto-Save
2015-12-31 14:29 - 2015-12-31 14:29 - 00098572 _____ C:\Users\name_removed\Desktop\dd1.jpeg
2015-12-31 12:20 - 2015-12-31 12:20 - 00000888 _____ C:\WINDOWS\SysWOW64\jiradump.sql
2015-12-31 12:19 - 2015-12-31 12:20 - 00006273 _____ C:\Users\name_removed\Downloads\sprint30.csv
2015-12-29 01:55 - 2015-12-29 01:55 - 00336658 _____ C:\Users\name_removed\Downloads\Frontier Status Report - 2015-12-25.pdf
2015-12-29 01:43 - 2015-12-29 01:43 - 00395216 _____ C:\Users\name_removed\Downloads\20151229GRNSTD001.pdf
2015-12-28 20:44 - 2015-12-28 20:44 - 00056060 _____ C:\Users\name_removed\Desktop\1-dqzOIv.jpeg
2015-12-28 15:15 - 2015-12-28 15:16 - 74552849 _____ C:\Users\name_removed\Downloads\video-sd (1).mp4
2015-12-28 12:40 - 2015-12-28 12:40 - 00000000 ____D C:\Users\name_removed\AppData\Local\Intel_Corporation
2015-12-28 12:27 - 2015-12-28 12:39 - 230448548 _____ C:\Users\name_removed\Desktop\a.asf
2015-12-28 11:34 - 2015-12-28 11:35 - 00005938 _____ C:\Users\name_removed\Downloads\sprint29.csv
2015-12-28 11:34 - 2015-12-28 11:34 - 00000000 ____D C:\Users\name_removed\Downloads\JIRA (17)_files
2015-12-28 11:29 - 2015-12-28 11:29 - 00051968 _____ C:\Users\name_removed\Downloads\Epics (JIRA) (1).xls
2015-12-28 01:43 - 2015-12-31 22:23 - 00199682 _____ C:\Users\name_removed\Desktop\zoolander.aep
2015-12-28 01:25 - 2015-12-28 01:25 - 00343791 _____ C:\Users\name_removed\Downloads\GenuineShortHummingbird.mp4
2015-12-28 01:06 - 2015-12-28 01:06 - 00012302 _____ C:\Users\name_removed\Desktop\wQUAHfFz.jpeg
2015-12-28 00:17 - 2015-12-28 00:17 - 00351776 _____ C:\Users\name_removed\Desktop\GenuineShortHummingbird.webm
2015-12-28 00:15 - 2015-12-28 00:15 - 00830588 _____ C:\Users\name_removed\Downloads\BEAR.psd
2015-12-27 19:41 - 2015-12-27 19:41 - 00119331 _____ C:\Users\name_removed\Downloads\W-9.pdf
2015-12-27 19:41 - 2015-12-27 19:41 - 00119331 _____ C:\Users\name_removed\Desktop\W-9.pdf
2015-12-26 01:26 - 2015-12-26 01:26 - 00010266 _____ C:\Users\name_removed\Desktop\what.prproj
2015-12-26 01:00 - 2015-12-26 01:00 - 01261211 _____ C:\Users\name_removed\Desktop\Z9Y6yMkuibIhjvwb.mp4
2015-12-26 00:27 - 2015-12-26 00:27 - 00236599 _____ C:\Users\name_removed\Desktop\b.psd
2015-12-25 23:25 - 2015-12-25 23:25 - 00003444 _____ C:\WINDOWS\System32\Tasks\Luaiatja
2015-12-25 23:24 - 2015-12-25 23:24 - 00005164 _____ C:\WINDOWS\System32\Tasks\WebDnsio2
2015-12-25 23:24 - 2015-12-25 23:24 - 00004144 _____ C:\WINDOWS\System32\Tasks\WebDnsio2-daily
2015-12-25 23:24 - 2015-12-25 23:24 - 00001350 _____ C:\Users\name_removed\Desktop\Continue installation .lnk
2015-12-25 23:24 - 2015-12-25 23:24 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\pendis
2015-12-25 23:24 - 2015-12-25 23:24 - 00000000 ____D C:\Users\name_removed\AppData\LocalLow\Company
2015-12-25 23:24 - 2015-12-25 23:24 - 00000000 ____D C:\Users\name_removed\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-25 23:24 - 2015-12-25 23:24 - 00000000 ____D C:\uninst
2015-12-25 22:49 - 2015-12-25 22:49 - 00011078 _____ C:\Users\name_removed\Downloads\RR Invoice Dec 25.xlsx
2015-12-25 12:52 - 2015-12-25 12:52 - 00243026 _____ C:\Users\name_removed\Desktop\3qax.mp4
2015-12-23 00:37 - 2015-12-23 00:37 - 02005720 _____ C:\Users\name_removed\Desktop\COVER.psd
2015-12-22 23:41 - 2015-12-22 23:48 - 1155742270 _____ C:\Users\name_removed\Downloads\841HD.mp4
2015-12-22 18:08 - 2015-12-22 18:08 - 00283420 _____ C:\Users\name_removed\Downloads\dec22 casey shoot.pkf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-21 23:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-21 23:32 - 2015-05-30 11:53 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\vlc
2016-01-21 23:26 - 2015-05-24 22:23 - 00001456 _____ C:\Users\name_removed\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-01-21 23:26 - 2015-05-21 09:56 - 00000000 ____D C:\Users\name_removed
2016-01-21 22:51 - 2015-05-21 12:16 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-21 22:47 - 2015-04-30 07:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-21 20:08 - 2015-04-30 13:17 - 00000000 ____D C:\ProgramData\Symantec
2016-01-21 10:00 - 2015-05-22 12:17 - 00000600 _____ C:\Users\name_removed\AppData\Local\PUTTY.RND
2016-01-21 09:51 - 2015-05-21 12:16 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-21 03:24 - 2015-05-21 09:56 - 00000000 ____D C:\Users\name_removed\AppData\Local\Adobe
2016-01-20 20:58 - 2015-10-08 21:15 - 00000000 ____D C:\Users\name_removed\Documents\Bandicam
2016-01-20 16:49 - 2009-07-14 00:13 - 00785062 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-20 16:49 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\inf
2016-01-20 16:00 - 2015-05-21 12:16 - 00000000 ____D C:\Users\name_removed\AppData\Local\Google
2016-01-20 15:45 - 2015-12-09 10:16 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-01-20 15:22 - 2015-05-12 10:48 - 00001352 _____ C:\WINDOWS\system32\config\netlogon.ftl
2016-01-19 23:50 - 2015-11-13 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-18 21:38 - 2015-10-28 18:41 - 00117050 _____ C:\Users\name_removed\Documents\stats.xlsx
2016-01-18 19:51 - 2015-05-30 10:39 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\ACEStream
2016-01-17 22:26 - 2015-12-13 22:03 - 00251324 _____ C:\Users\name_removed\Desktop\STE-000.pkf
2016-01-17 11:26 - 2009-07-13 23:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-17 11:26 - 2009-07-13 23:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-17 11:24 - 2015-05-30 10:39 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\.ACEStream
2016-01-17 11:18 - 2015-05-21 09:56 - 00000000 ____D C:\Users\name_removed\AppData\Local\TSVNCache
2016-01-17 11:16 - 2015-05-12 10:51 - 00000600 _____ C:\WINDOWS\SMSCFG.INI
2016-01-17 11:12 - 2009-07-14 00:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-16 21:59 - 2015-11-03 12:14 - 00145806 _____ C:\Users\name_removed\Documents\Data Process.vsdx
2016-01-15 14:37 - 2015-10-08 21:15 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2016-01-15 14:37 - 2015-10-08 21:15 - 00000000 ____D C:\Program Files (x86)\Bandicam
2016-01-15 08:59 - 2015-05-12 11:02 - 00136044 __RSH C:\ProgramData\ntuser.pol
2016-01-14 10:55 - 2015-12-17 16:49 - 00006170 _____ C:\Users\name_removed\Downloads\epics.csv
2016-01-13 20:25 - 2015-12-17 15:31 - 00000363 _____ C:\Users\name_removed\Desktop\fa.txt
2016-01-13 16:51 - 2015-05-30 10:39 - 00000000 ___HD C:\_acestream_cache_
2016-01-12 14:56 - 2015-12-14 16:38 - 00000990 _____ C:\Users\name_removed\Desktop\join.me.lnk
2016-01-12 14:56 - 2015-05-26 11:05 - 00000998 _____ C:\Users\name_removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2016-01-12 14:56 - 2015-05-26 09:54 - 00000000 ____D C:\Users\name_removed\AppData\Local\join.me
2016-01-12 12:56 - 2015-05-21 09:56 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\Adobe
2016-01-12 12:52 - 2015-04-29 11:16 - 00000000 ____D C:\ProgramData\Adobe
2016-01-12 12:51 - 2015-04-29 11:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-12 12:48 - 2015-05-21 09:56 - 00000000 ____D C:\Users\name_removed\AppData\Local\Microsoft Help
2016-01-10 18:23 - 2015-08-02 11:46 - 00000000 ____D C:\Users\name_removed\AppData\Local\CrashDumps
2016-01-10 18:00 - 2015-05-21 09:56 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\Skype
2016-01-08 14:49 - 2015-12-17 13:33 - 00011420 _____ C:\Users\name_removed\Desktop\FrontierLibraries.xlsx
2016-01-06 00:28 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-04 22:01 - 2015-05-12 10:44 - 00328907 ____N C:\WINDOWS\Minidump\010416-27253-01.dmp
2016-01-04 19:31 - 2015-09-15 23:01 - 00147319 _____ C:\Users\name_removed\Downloads\Frontier Costs 2.xlsx
2016-01-04 09:49 - 2015-05-21 09:56 - 00008652 __RSH C:\Users\name_removed\ntuser.pol
2016-01-02 18:58 - 2015-05-12 10:44 - 00324677 ____N C:\WINDOWS\Minidump\010216-29140-01.dmp
2015-12-30 21:44 - 2015-11-07 20:40 - 00000000 ____D C:\Users\name_removed\Downloads\PopcornTime
2015-12-30 11:00 - 2015-04-30 09:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-30 11:00 - 2015-04-30 09:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-29 21:45 - 2015-05-21 11:42 - 00000000 ____D C:\Users\name_removed\AppData\Local\Greenshot
2015-12-28 10:50 - 2015-12-04 17:51 - 00000000 ____D C:\Users\name_removed\Downloads\Autodesk Autocad Civil 3D 2016 x64
2015-12-26 01:23 - 2015-05-21 22:38 - 00000000 ____D C:\Users\name_removed\Documents\Adobe
2015-12-24 13:15 - 2015-12-21 01:58 - 20232236 _____ C:\Users\name_removed\Desktop\rapcast.psd
2015-12-22 23:49 - 2015-04-30 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-22 20:28 - 2015-10-05 16:14 - 00000000 ____D C:\Users\name_removed\AppData\Roaming\HandBrake
2015-12-22 18:08 - 2015-11-13 18:04 - 00492060 _____ C:\Users\name_removed\Downloads\ZOOM0001.pkf
 
==================== Files in the root of some directories =======
 
2015-08-05 18:43 - 2015-08-05 22:55 - 0000033 _____ () C:\Users\name_removed\AppData\Roaming\AdobeWLCMCache.dat
2015-05-24 22:23 - 2016-01-21 23:26 - 0001456 _____ () C:\Users\name_removed\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-05-22 12:17 - 2016-01-21 10:00 - 0000600 _____ () C:\Users\name_removed\AppData\Local\PUTTY.RND
2015-05-22 08:11 - 2015-05-22 08:11 - 0010266 _____ () C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag
 
Some files in TEMP:
====================
C:\Users\name_removed\AppData\Local\Temp\AAMHelper.exe
C:\Users\name_removed\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\name_removed\AppData\Local\Temp\bdfilters.dll
C:\Users\name_removed\AppData\Local\Temp\jre-8u71-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-19 12:37
 
==================== End of FRST.txt ============================
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by name_removed (2016-01-21 23:35:17)
Running from C:\Users\name_removed\Desktop
Windows 7 Enterprise Service Pack 1 (X64) (2015-05-12 15:58:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2983435718-103066670-1593762060-500 - Administrator - Disabled)
Guest (S-1-5-21-2983435718-103066670-1593762060-501 - Limited - Disabled)
lcsa (S-1-5-21-2983435718-103066670-1593762060-1000 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 3.1.2 (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\AceStream) (Version: 3.1.2 - Ace Stream Media) <==== ATTENTION
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.3.189 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atom (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\atom) (Version: 1.1.0 - GitHub Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.1.840 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Camtasia Studio 8 (HKLM-x32\...\{474DFABF-E55B-4905-ABAA-40791A6AC77F}) (Version: 8.4.4.1859 - TechSmith Corporation)
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.104 - ALPS ELECTRIC CO., LTD.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
FutureTax T2 2015.1 (HKLM-x32\...\{CD0AE876-F48C-4678-9F19-7F4A7E749C8E}_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 6.4.10.2185 (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\GoToMeeting) (Version: 6.4.10.2185 - CitrixOnline)
Gramblr (HKLM\...\Gramblr) (Version: 2.4.2 - Gramblr Team)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
join.me (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\JoinMe) (Version: 2.11.0.1717 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Juniper Networks Host Checker (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Neoteris_Host_Checker) (Version: 7.4.0.38293 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.4.0.38293 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Juniper_Setup_Client) (Version: 7.4.13.59743 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Kodi (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\Kodi) (Version:  - XBMC-Foundation)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)
LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
MariaDB 10.1 (x64) (HKLM\...\MariaDB 10.1 (x64)) (Version: 10.1.9.0 - MariaDB Corporation Ab)
MariaDB 10.1 (x64) (Version: 10.1.9.0 - MariaDB Corporation Ab) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Office 2013 емлені тексеру құралдары - қазақ (HKLM\...\{90150000-001F-043F-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Nyelvi ellenőrző eszközök 2013 – magyar (HKLM\...\{90150000-001F-040E-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Music Manager (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\MusicManager) (Version:  - Google, Inc.)
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM\...\{90150000-001F-0415-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Network Secured DNS (HKLM-x32\...\Dnsio) (Version: 1.52.0.0 - Network Secured DNS)
Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
pendis (HKLM-x32\...\{d49066f5-52f4-407e-65a8-ab0a0e76532b}) (Version: 1.0.0 - cylandin) <==== ATTENTION
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4.1) (Version: 7.4.1 - Applian Technologies Inc.)
Screen Recorder Launcher (HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\ScreenRecorderLauncher) (Version: 1.7 - )
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype for Business Web App Plug-in (HKLM-x32\...\{5EEFC600-CE9E-4DCE-862A-E7D4A9C7B568}) (Version: 15.8.20020.369 - Microsoft Corporation)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
SwannEye HD version 2.3.0 (HKLM-x32\...\{ADB0285C-E31B-4fd7-B9D4-4F7E4DA3136E}_is1) (Version: 2.3.0 - )
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
TextPad 7 (HKLM\...\{D5CA0106-90CE-4842-8194-A6D4A46FAA0E}) (Version: 7.5.1 - Helios)
TortoiseSVN 1.8.2.24708 (64 bit) (HKLM\...\{D0DC3918-460D-4229-811E-41F22D0CD7E9}) (Version: 1.8.24708 - TortoiseSVN)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version:  - LeapFrog)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VirtualDJ 8 (HKLM-x32\...\{F7A68F9D-BBF0-48FF-B138-2EFB5165638C}) (Version: 8.0.2048.0 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Засоби перевірки правопису Microsoft Office 2013 – Українська версія (HKLM\...\{90150000-001F-0422-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Средства проверки правописания Microsoft Office 2013 — русский (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2676001572-3131771074-2776907194-16731_Classes\CLSID\{1542FC7D-8D51-43D5-B757-67C763F27BF4}\localserver32 -> C:\Users\name_removed\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\GatewayVersion-x64.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2676001572-3131771074-2776907194-16731_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\name_removed\AppData\Roaming\pendis\unments.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2676001572-3131771074-2776907194-16731_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-2676001572-3131771074-2776907194-16731_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\name_removed\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2676001572-3131771074-2776907194-16731_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2676001572-3131771074-2776907194-16731_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\name_removed\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {290EBCF3-2F48-46D4-B72C-249A39A45882} - System32\Tasks\Luaiatja => C:\Program
Task: {3000B218-7A9D-4CA0-A104-3F07DD340596} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2013-09-10] (Microsoft Corporation)
Task: {3B96E369-9183-4F00-974C-37E4E79863AF} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {3E779C0F-04CC-4436-84AA-696BE51BB742} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {53F999AD-20FC-4324-A23C-FC39B8150E04} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2676001572-3131771074-2776907194-16731Core => C:\Users\name_removed\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {66C922D9-DD58-4151-B430-6845FBEE0733} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {6FED5E66-BF98-4D03-9707-B3A7012ED2F7} - System32\Tasks\AdobeAAMUpdater-1.0-PRINCETON-name_removed => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {70C8AB54-E031-49AE-9CCE-04E64C8C8BEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-30] (Adobe Systems Incorporated)
Task: {717CAF7A-558D-4915-A686-ED5A95F78FDA} - \G2MUpdateTask-S-1-5-21-2983435718-103066670-1593762060-500 -> No File <==== ATTENTION
Task: {7A0BF400-BE0B-49DE-ACB6-92DC46EB10EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {8B8FECE0-9177-4C74-A6C2-9D7F2E2CEFA3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {8E4D2A1C-E031-433C-8D60-2B2AAFD9CE58} - System32\Tasks\WebDnsio2 => C:\Program Files (x86)\WebDnsio\WebDnsio.exe
Task: {A0AA7027-A482-4FE9-A541-A6184FC7261F} - System32\Tasks\WebDnsio2-daily => C:\Program Files (x86)\WebDnsio\WebDnsio.exe
Task: {CA167D5B-B63F-4851-9608-A4C67EB96120} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EF8038DB-8727-420E-94C2-B29FE6599C79} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-06-06] ()
Task: {F4112178-7DB2-490A-AC3C-994BC31AA996} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2676001572-3131771074-2776907194-16731UA => C:\Users\name_removed\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2283613519-1222683734-1047648266-500.job => C:\Program Files (x86)\Citrix\GoToMeeting\2185\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2676001572-3131771074-2776907194-16731Core.job => C:\Users\name_removed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2676001572-3131771074-2776907194-16731UA.job => C:\Users\name_removed\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-20 20:05 - 2015-11-20 20:05 - 13434184 _____ () C:\Program Files\MariaDB 10.1\bin\mysqld.exe
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\MSOffice\Office15\1033\GrooveIntlResource.dll
2013-08-27 15:00 - 2013-08-27 15:00 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-08-27 14:59 - 2013-08-27 14:59 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-12-15 21:03 - 2015-12-25 23:24 - 00161280 _____ () C:\Users\name_removed\AppData\Roaming\pendis\unments.dll
2015-05-22 08:12 - 2015-05-22 08:12 - 00115232 _____ () C:\Program Files\TextPad 7\System\ShellExt64.dll
2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-02-10 06:12 - 2015-02-10 06:12 - 02210480 _____ () C:\Program Files\MSOffice\Office15\tmpod.dll
2015-10-13 15:10 - 2015-10-13 15:10 - 01428648 _____ () C:\Program Files\MSOffice\Office15\ADDINS\UmOutlookAddin.dll
2013-08-05 01:15 - 2013-08-05 01:15 - 00070712 _____ () C:\WINDOWS\system32\bdmpega64.acm
2014-01-23 08:05 - 2014-01-23 08:05 - 00027304 _____ () C:\Program Files\MSOffice\Office15\lynchtmlconvpxy.dll
2015-07-14 11:59 - 2015-07-14 11:59 - 08720040 _____ () C:\Program Files\MSOffice\Office15\lynchtmlconv.exe
2015-06-06 14:52 - 2015-06-06 14:52 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-06-06 14:52 - 2015-06-06 14:52 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-03-18 06:08 - 2015-03-18 06:08 - 01286304 _____ () C:\Program Files\MSOffice\Office15\PPRESOURCES.DLL
2016-01-05 20:32 - 2015-12-29 16:47 - 10389584 _____ () C:\Program Files\Gramblr\gramblr.exe
2014-05-20 08:38 - 2014-05-20 08:38 - 29557960 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuUI.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 00102088 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuCore.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 05301448 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuDSP.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 01895112 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuAudioComponents.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 06319304 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuBackEnd.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 06868168 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuApplication.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 02041544 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuUIToolkit.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 02854600 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuScripting.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 03023048 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\AuAudioComponentsUI.dll
2014-05-20 08:38 - 2014-05-20 08:38 - 00371400 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\plug-ins\Session\SesxNative.ases
2014-05-20 08:38 - 2014-05-20 08:38 - 00205512 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\plug-ins\Amio\AmioWav.amio
2014-05-20 08:38 - 2014-05-20 08:38 - 00861896 _____ () C:\Program Files\Adobe\Adobe Audition CC 2014\plug-ins\Amio\AmioMp3.amio
2013-03-30 00:50 - 2013-03-30 00:50 - 03505600 _____ () C:\Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\DNxHDCodec.dll
2014-05-11 03:52 - 2014-07-17 04:56 - 00417496 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\BravoInitializer.dll
2014-05-10 21:14 - 2014-05-10 21:14 - 00302592 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\MOG_Framework_2.2.14_vc10.dll
2014-05-10 21:14 - 2014-05-10 21:14 - 00019968 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\MXF_SDK_Metadata_AS11_1.3.39_vs10.dll
2014-05-10 21:14 - 2014-05-10 21:14 - 00294912 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\MXF_SDK_MXFIO_AS11_1.3.39_vs10.dll
2014-05-10 21:14 - 2014-05-10 21:14 - 03567616 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\mog_xqilla22.dll
2014-05-10 21:14 - 2014-05-10 21:14 - 04038656 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Plug-ins\Common\Wraptor.prm
2014-05-10 21:14 - 2014-05-10 21:14 - 03499008 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\DNxHDCodec.dll
2014-05-10 21:15 - 2014-05-10 21:15 - 00048128 _____ () C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\pthreadVC.dll
2014-11-24 09:46 - 2014-11-24 09:46 - 00879104 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-27 14:05 - 2013-08-27 14:05 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-08-27 14:04 - 2013-08-27 14:04 - 00070896 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2015-12-03 04:37 - 2015-12-03 04:37 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-12-07 01:04 - 2015-12-07 01:04 - 00089264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2015-12-03 04:37 - 2015-12-03 04:37 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-12-15 21:03 - 2015-12-25 23:24 - 00134656 _____ () C:\Users\name_removed\AppData\Roaming\pendis\presgen.dll
2016-01-14 19:39 - 2016-01-12 11:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-14 19:39 - 2016-01-12 11:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2016-01-20 15:40 - 2016-01-20 15:40 - 00012800 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00009728 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00014848 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00094208 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\src\rgloader\rgloader193.mswin.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00009216 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00094208 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00126976 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00087552 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00016384 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00127316 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\bin\libffi-6.dll
2016-01-20 15:40 - 2016-01-20 15:40 - 00008704 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00013312 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00095744 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00026624 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr40CC.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00012800 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00009728 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00014848 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00094208 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\src\rgloader\rgloader193.mswin.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00094208 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00118784 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00069120 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00083968 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\bin\zlib1.dll
2016-01-20 15:40 - 2016-01-20 15:40 - 00026624 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00275968 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00015360 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00008192 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00009216 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00023552 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00008704 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00008704 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00008704 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00008704 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00036352 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00126976 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00087552 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00016384 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00127316 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\bin\libffi-6.dll
2016-01-20 15:40 - 2016-01-20 15:40 - 00013312 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00095744 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-01-20 15:40 - 2016-01-20 15:40 - 00026624 _____ () C:\Users\name_removed\AppData\Local\Temp\ocr42A0.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-06-06 14:52 - 2015-06-06 14:52 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-06-06 14:52 - 2015-06-06 14:52 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-11-17 12:44 - 2015-11-17 12:44 - 00117248 _____ () C:\Users\name_removed\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 12:45 - 2015-11-17 12:45 - 00234496 _____ () C:\Users\name_removed\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 12:45 - 2015-11-17 12:45 - 00253440 _____ () C:\Users\name_removed\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-11-17 12:44 - 2015-11-17 12:44 - 00344064 _____ () C:\Users\name_removed\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-20 00:50 - 2016-01-19 14:06 - 16792256 _____ () C:\Users\name_removed\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\sharepoint.com -> hxxps://epam.sharepoint.com
IE trusted site: HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\...\yammer.com -> hxxps://yammer.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-01-15 08:58 - 00001514 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2676001572-3131771074-2776907194-16731\Control Panel\Desktop\\Wallpaper -> C:\Users\name_removed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.87.151.28 - 208.87.151.29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AceUpdater => C:\Users\name_removed\AppData\Roaming\ACEStream\updater\ace_update.exe
MSCONFIG\startupreg: AmoltoRecorder => "C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe" /minimized
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_6D6CFEB907A3F2BB2A8C05004ADCF609 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: join.me.launcher => C:\Users\name_removed\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F2E48F57-536D-4143-8C5A-D5A7D7B0C271}] => (Allow) C:\Program Files\MSOffice\Office15\lync.exe
FirewallRules: [{2B0C3FAA-AD4F-4EE9-9896-05036C17E81F}] => (Allow) C:\Program Files\MSOffice\Office15\lync.exe
FirewallRules: [{3129479F-B3A0-4475-A87D-C3F4F24258DB}] => (Allow) C:\Program Files\MSOffice\Office15\UcMapi.exe
FirewallRules: [{F0C2904F-9362-46CB-A055-59E5F9FF6277}] => (Allow) C:\Program Files\MSOffice\Office15\UcMapi.exe
FirewallRules: [{EECAE2CD-F411-489C-93AA-3C7A3508FCB3}] => (Allow) C:\Program Files\MSOffice\Office15\outlook.exe
FirewallRules: [{D29FF6B6-D742-4059-B0D8-41488A0BA7EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{479F6A7B-FC6E-4BAC-80E9-4F5FDEE0DD61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35D2D9D3-7914-4EC6-B922-9A03F213864B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6331FAF2-399B-4433-AFF9-1716D47EAAEA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{9A0734B0-2A12-45CC-8CDC-F1132276BEE3}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{469D79D9-696F-430B-967D-121DA28366AF}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{8DB095CA-5E5A-49C1-9E6A-358E965EC37F}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{4265FF14-EA9A-46AF-ACB4-ACA03982FBF4}] => (Allow) C:\Program Files\MSOffice\Office15\lync.exe
FirewallRules: [{6C761BFC-F8C9-4096-B467-94E65C9B8150}] => (Allow) C:\Program Files\MSOffice\Office15\lync.exe
FirewallRules: [{FACB9351-9736-4AFE-BA46-B1085194CAD6}] => (Allow) C:\Program Files\MSOffice\Office15\UcMapi.exe
FirewallRules: [{992F4E49-2FBE-4BE6-9CDB-9965772B5E6D}] => (Allow) C:\Program Files\MSOffice\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B8C0A6B9-AA3C-41E7-971F-F36F68C3505C}E:\utorrentportable\app\utorrent\utorrent.exe] => (Allow) E:\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9C123852-2951-4023-B7A7-E16F93F88CA6}E:\utorrentportable\app\utorrent\utorrent.exe] => (Allow) E:\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [{451B048E-13F9-4AE6-9C1E-2FA6D08F3219}] => (Block) C:\Program Files\Adobe\Adobe Premiere Pro CC 2014
FirewallRules: [TCP Query User{43B218A1-8AFB-46F7-8FA5-8CC2F0B36149}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{9D77488B-8E89-4BF0-8FCB-B532B422A247}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{1E593063-A74F-4DE5-B0AE-E30D205864E4}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [TCP Query User{74AD1AA1-430A-4FE4-9BA7-76D03D15759D}C:\program files\msoffice\office15\lync.exe] => (Allow) C:\program files\msoffice\office15\lync.exe
FirewallRules: [UDP Query User{441BCEE6-8C66-456D-841E-738BE7466267}C:\program files\msoffice\office15\lync.exe] => (Allow) C:\program files\msoffice\office15\lync.exe
FirewallRules: [TCP Query User{4CFF887E-0D63-490C-8F39-3B82B3DB2081}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{CFA2207E-A870-4D1C-B1B0-B18752AF391E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{AA3DFDEB-C88F-4B5B-B647-5A54E8614D4D}C:\users\name_removed\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\name_removed\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{44D3C30A-5B66-4280-BEEB-229451D5B97D}C:\users\name_removed\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\name_removed\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{DDE9F960-C66A-44D2-9105-6E8030F297F4}C:\program files (x86)\swanneye hd\swanneye hd.exe] => (Allow) C:\program files (x86)\swanneye hd\swanneye hd.exe
FirewallRules: [UDP Query User{76817C28-E5F9-490F-85EE-ABA1DB45C5D1}C:\program files (x86)\swanneye hd\swanneye hd.exe] => (Allow) C:\program files (x86)\swanneye hd\swanneye hd.exe
FirewallRules: [TCP Query User{BE337DC9-3677-45A0-BE0F-625F83AD7B90}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{7E79E146-725F-4A0E-B605-C8EF2065B5F2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{68D610C4-3C18-499C-B62B-3180103FD1EF}] => (Allow) LPort=8317
FirewallRules: [{AB7404E1-32EE-4D9D-A0A6-C26CA0122392}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{E8F3CB16-DB08-4BF5-BC24-85D428ED929B}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe
FirewallRules: [{7525EEF1-3A0A-41F0-A207-54C2AC31F0AC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0BD7FDFC-CDC4-4EA1-A187-8D7EEFA0056A}] => (Allow) LPort=2869
FirewallRules: [{2413A0CA-5116-46F8-A717-42DB32DCB6DA}] => (Allow) LPort=1900
FirewallRules: [{8FDAC7B1-DD2F-4CB3-A732-FB91E345CDA2}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015\Support Files\AfterFX.exe
FirewallRules: [{4ECE2063-6A24-48A0-931B-A6E58FAFE71E}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [TCP Query User{29ACF0D7-98AC-45B5-8962-5741735E1F84}C:\users\name_removed\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\name_removed\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{C1AC893D-5488-4010-B62A-A8E873D676B7}C:\users\name_removed\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\name_removed\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{4D94DCDB-57F2-4EAD-B26B-B67A52658D2E}C:\users\name_removed\appdata\local\join.me\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{165DC704-1E72-450B-A333-39B6C639753B}C:\users\name_removed\appdata\local\join.me\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\join.me\join.me.exe
FirewallRules: [{E4AE03A1-CC13-408A-9640-DA439326A712}] => (Block) %SystemRoot%\Installer\{474DFABF-E55B-4905-ABAA-40791A6AC77F}\CamtasiaIcons.exe
FirewallRules: [TCP Query User{B304CEA9-AC04-4ADC-9C68-A8FECAEC68EF}C:\users\name_removed\appdata\local\temp\joi6462.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi6462.tmp\join.me.exe
FirewallRules: [UDP Query User{08FD37C3-1752-42C7-BDBB-CD6EBE22634E}C:\users\name_removed\appdata\local\temp\joi6462.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi6462.tmp\join.me.exe
FirewallRules: [{9FD4E063-B75D-48B5-9903-92BE72BB7022}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{7E4B60CF-6A1A-419F-83D9-4D6811F9C1A1}E:\software\utorrentportable\app\utorrent\utorrent.exe] => (Allow) E:\software\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{958EFC76-9E3B-4AC2-8547-C77DD59C9CBF}E:\software\utorrentportable\app\utorrent\utorrent.exe] => (Allow) E:\software\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [{83E49EE3-21D2-4DB1-A41F-27C3350D902B}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
FirewallRules: [TCP Query User{507136F5-709D-4A0A-8B47-042CD36BDE34}C:\users\name_removed\appdata\local\temp\joi82c3.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi82c3.tmp\join.me.exe
FirewallRules: [UDP Query User{792B305A-248F-4AE6-ACBB-441EA6074CE8}C:\users\name_removed\appdata\local\temp\joi82c3.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi82c3.tmp\join.me.exe
FirewallRules: [TCP Query User{0824145A-81A3-4638-9653-295E2084BDCE}C:\users\name_removed\appdata\local\temp\joi382f.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi382f.tmp\join.me.exe
FirewallRules: [UDP Query User{77A19AF1-1EA6-4B91-8159-CF87F489D431}C:\users\name_removed\appdata\local\temp\joi382f.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi382f.tmp\join.me.exe
FirewallRules: [TCP Query User{6BA06D22-2070-4DBA-B8CE-A8609D840EF5}C:\users\name_removed\appdata\local\temp\joi4541.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi4541.tmp\join.me.exe
FirewallRules: [UDP Query User{27E215CB-23D4-473A-A826-9EC7DCAE0C6E}C:\users\name_removed\appdata\local\temp\joi4541.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi4541.tmp\join.me.exe
FirewallRules: [{A7C6A192-BA5C-4AAA-BD20-40C53F8DF9F5}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{0DD620F7-3BA0-4997-AC81-6C044C7DD87B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21ED0F02-FA05-4E86-BBEA-357E923BFC18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{79E68CA3-89DD-4F2F-A75C-2359ED9E0605}C:\users\name_removed\appdata\local\temp\joi7fd6.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi7fd6.tmp\join.me.exe
FirewallRules: [UDP Query User{6578DD92-1468-4FDC-A43B-246E2BD90897}C:\users\name_removed\appdata\local\temp\joi7fd6.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi7fd6.tmp\join.me.exe
FirewallRules: [TCP Query User{787D011B-3968-406A-B819-5C009697249F}C:\users\name_removed\appdata\local\temp\joi91b9.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi91b9.tmp\join.me.exe
FirewallRules: [UDP Query User{3E7B3D5E-EDB2-443D-9A2C-3520E6E39926}C:\users\name_removed\appdata\local\temp\joi91b9.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi91b9.tmp\join.me.exe
FirewallRules: [TCP Query User{EB3D20E6-69F4-46C7-B26C-888B0AF19DF0}C:\users\name_removed\appdata\local\temp\joif423.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joif423.tmp\join.me.exe
FirewallRules: [UDP Query User{879206C6-8BD4-455F-A830-32473E3D46D4}C:\users\name_removed\appdata\local\temp\joif423.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joif423.tmp\join.me.exe
FirewallRules: [TCP Query User{83FEECFA-F32B-4702-874D-66EB973F150D}C:\users\name_removed\appdata\local\temp\joi30a2.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi30a2.tmp\join.me.exe
FirewallRules: [UDP Query User{ECB9A10F-4491-48BF-9462-6304949F6896}C:\users\name_removed\appdata\local\temp\joi30a2.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi30a2.tmp\join.me.exe
FirewallRules: [TCP Query User{60EEE300-5D93-4AA6-A40C-6422AA82ED05}C:\users\name_removed\appdata\local\temp\joi178b.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi178b.tmp\join.me.exe
FirewallRules: [UDP Query User{99B9DB53-964E-4A1E-A2B5-89FAEE2F42C1}C:\users\name_removed\appdata\local\temp\joi178b.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi178b.tmp\join.me.exe
FirewallRules: [TCP Query User{7D0A630C-6894-47F2-B2F2-09531D24189A}C:\users\name_removed\appdata\local\temp\joia794.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joia794.tmp\join.me.exe
FirewallRules: [UDP Query User{C18FA134-9675-42E9-BA79-AF9552C50077}C:\users\name_removed\appdata\local\temp\joia794.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joia794.tmp\join.me.exe
FirewallRules: [TCP Query User{3AADA913-B2BD-4421-B385-D81D1E8F76E1}C:\users\name_removed\appdata\local\temp\joi5df.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi5df.tmp\join.me.exe
FirewallRules: [UDP Query User{E0AB841E-56BE-493B-9478-ED9C06D27789}C:\users\name_removed\appdata\local\temp\joi5df.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi5df.tmp\join.me.exe
FirewallRules: [{7490D5CB-B481-43FF-B68F-7969A05FD0A2}] => (Allow) C:\Program Files\MariaDB 10.1\bin\mysqld.exe
FirewallRules: [{E0A65699-47B7-4B39-9D5D-6A200B66CBE3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2B4922D2-D549-40D8-B992-75F53DC1B329}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DB06414B-6E02-4C57-942F-4E65A5749BBD}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{EA348CEE-6D0A-4785-AA59-3EB645E1039D}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{F4BC1C33-178C-4D22-BD09-85B790B2CFD8}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{4F969974-0D4A-4910-B1F8-1637A88C2CF8}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [TCP Query User{9F2A29F2-1EDF-4706-96B6-5ED100A303D7}C:\users\name_removed\appdata\local\temp\joi1cf1.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi1cf1.tmp\join.me.exe
FirewallRules: [UDP Query User{CF1D5171-B16D-4565-9C4E-B54BF468E2F8}C:\users\name_removed\appdata\local\temp\joi1cf1.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi1cf1.tmp\join.me.exe
FirewallRules: [TCP Query User{376289B7-8032-4AA1-9208-063BD0B5FC36}C:0\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:0\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{A5FB5593-ADE2-4010-BD35-CCF1C2074329}C:0\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:0\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BB3A8123-70B6-4E0A-8663-BDB08F8A6EC3}C:\users\name_removed\appdata\local\temp\joiacd9.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joiacd9.tmp\join.me.exe
FirewallRules: [UDP Query User{015E9166-2E6A-495B-BE30-1CE5B2C04C10}C:\users\name_removed\appdata\local\temp\joiacd9.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joiacd9.tmp\join.me.exe
FirewallRules: [TCP Query User{68B77A48-90BF-4E92-BA15-4A0C00158DDF}C:\users\name_removed\appdata\local\temp\joie4d.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joie4d.tmp\join.me.exe
FirewallRules: [UDP Query User{16904CB3-F292-4787-AD21-562E8FD231C4}C:\users\name_removed\appdata\local\temp\joie4d.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joie4d.tmp\join.me.exe
FirewallRules: [TCP Query User{E76FE69D-EC2D-4D85-A452-259061DB1DCE}C:\users\name_removed\appdata\local\temp\joi1876.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi1876.tmp\join.me.exe
FirewallRules: [UDP Query User{89B843D6-416E-4DD8-BF27-3DE9BE47B884}C:\users\name_removed\appdata\local\temp\joi1876.tmp\join.me.exe] => (Allow) C:\users\name_removed\appdata\local\temp\joi1876.tmp\join.me.exe
FirewallRules: [{633386A1-45B6-453C-B32F-C8A994EAC619}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-01-2016 12:15:08 Scheduled Checkpoint
21-01-2016 14:24:38 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/20/2016 11:34:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gramblr.exe, version: 0.0.0.0, time stamp: 0x5682ff75
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000001884e
Faulting process id: 0x3da4
Faulting application start time: 0xgramblr.exe0
Faulting application path: gramblr.exe1
Faulting module path: gramblr.exe2
Report Id: gramblr.exe3
 
Error: (01/19/2016 11:04:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gramblr.exe, version: 0.0.0.0, time stamp: 0x5682ff75
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000001884e
Faulting process id: 0x244c
Faulting application start time: 0xgramblr.exe0
Faulting application path: gramblr.exe1
Faulting module path: gramblr.exe2
Report Id: gramblr.exe3
 
Error: (01/18/2016 07:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4771.1000, time stamp: 0x561cd06c
Faulting module name: EMSMDB32.DLL, version: 15.0.4771.1004, time stamp: 0x5646e144
Exception code: 0xc0000005
Fault offset: 0x00000000000beed6
Faulting process id: 0x2928
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
 
Error: (01/16/2016 09:30:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (01/16/2016 09:29:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/15/2016 05:31:39 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A6B1F5CC-4B6A-4EE9-A80C-87A831957664}: The user PRINCETON\name_removed dialed a connection named EPAM VPN2 which has failed. The error code returned on failure is 0.
 
Error: (01/15/2016 05:31:39 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A6B1F5CC-4B6A-4EE9-A80C-87A831957664}: The user PRINCETON\name_removed dialed a connection named EPAM VPN2 which has failed. The error code returned on failure is 800.
 
Error: (01/14/2016 12:09:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (01/14/2016 12:08:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/14/2016 09:19:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gramblr.exe, version: 0.0.0.0, time stamp: 0x5682ff75
Faulting module name: gramblr.exe, version: 0.0.0.0, time stamp: 0x5682ff75
Exception code: 0xc0000005
Fault offset: 0x000000000059561d
Faulting process id: 0x7f00
Faulting application start time: 0xgramblr.exe0
Faulting application path: gramblr.exe1
Faulting module path: gramblr.exe2
Report Id: gramblr.exe3
 
 
System errors:
=============
Error: (01/21/2016 11:34:26 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PRINCETON due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/21/2016 11:05:43 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: PRINCETON)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/21/2016 09:26:39 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: PRINCETON)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/21/2016 07:28:34 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: PRINCETON)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/21/2016 07:28:34 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (01/21/2016 07:28:34 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PRINCETON due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/21/2016 05:09:47 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: PRINCETON)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/21/2016 03:08:54 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: PRINCETON)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/21/2016 03:01:10 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PRINCETON due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/21/2016 01:12:49 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: PRINCETON)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4310M CPU @ 2.70GHz
Percentage of memory in use: 51%
Total physical RAM: 16289.4 MB
Available physical RAM: 7878.36 MB
Total Virtual: 32577.01 MB
Available Virtual: 22056.12 MB
 
==================== Drives ================================
 
Drive c: (EPCATORW0175) (Fixed) (Total:465.76 GB) (Free:176.86 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (H4N_SD) (Removable) (Total:1.83 GB) (Free:1.47 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 861B457B)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
  • 0

#4
BrianDrab
Posted 23 January 2016 - 04:54 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

This machine appears to be a business machine which we typically do not support. There are exceptions.

 

There is also evidence in your logs of illegal Adobe software and possibly others.
 
I need to abide by the Terms of Use that we all agreed to when creating an account here. Specifically, the following bullet.
 
 


The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

 
I did however review your logs and can tell you that I'm fairly certain you don't have a malware infection. I believe your company has Group Policies set up to disallow running this program. It's likely prevening any program from running in that path but you will need to check with them.
 
Thank you for your understanding.

 


  • 0

#5
BrianDrab
Posted 27 January 2016 - 07:36 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP