Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome and Internet Explorer hijacked

hijack browser

  • Please log in to reply

#1
cgnolte

cgnolte

    Member

  • Member
  • PipPip
  • 23 posts

Internet Explorer would not open at all. The Google Chrome icon had the Windows security shield icon on the lower right corner; when we tried to open it we got prompted for an administrator to modify the system settings and install "Google Drive". We were suspicious that this was not really Google Drive that was being installed.  Tried to restore the system, but the earliest point (about two weeks ago) had the same problem.  Could not uninstall Google Chrome or other updates via the Uninstall Programs utility in the control panel.

Please help! Here is the output from our FRST scan.

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [213416 2012-11-21] (SecureW2 B.V.)
HKLM-x32\...\Run: [CCBCertificate] => C:\Program Files (x86)\CCBComponents\DMWZ\CCBCertificate.exe
HKLM-x32\...\Run: [USBKeyTools.exe] => C:\Program Files (x86)\CCBComponents\HDZB\USBKeyTools.exe
HKLM-x32\...\Run: [wdcertm_ccb] => C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe [72224 2014-07-30] ( Beijing WatchData System Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Epson Stylus NX420(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Google Update] => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2014-05-19] (Apache Software Foundation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [FreeScreenSharing] => C:\Users\Sue\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe [4046328 2014-06-05] ()
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [BingSvc] => C:\Users\Sue\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-14] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\MountPoints2: {dfa986c6-e12e-11e1-8400-806e6f6e6963} - Q:\LenovoQDrive.exe
AppInit_DLLs-x32: c:/progra~3/{3f7ad~1/192~1.1/neme.dll => c:\ProgramData\{3F7AD7B9-6FF8-063F-DE7E-76BD0EFCA533}\1.9.2.1\neme.dll [1009664 2015-03-03] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-11-07]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{2EC2979D-7E49-476E-9BA1-92EE5BD758B6}: [DhcpNameServer] 202.99.96.68 202.99.104.68
Tcpip\..\Interfaces\{E4C916A7-9A0C-48F5-B7AF-F15C76502EA8}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_10&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0CtB0EyEtA0Bzz0DyCzytN0D0Tzu0StCtCyDyBtN1L2XzutAtFzztFtAtFtCtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0Dzy0Bzz0C0BtGtDtA0D0CtGyCtC0A0BtGtAtDtC0CtGyB0DyC0C0F0FzytCyC0E0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Dzz0DyB0DyE0AtGtC0C0B0DtGyEtBzzyEtG0ByCtBtAtGyDzytByC0EtA0E0AtDtCzzzz2QtN1B2Z1V1T1S1NzuyDyCtD&cr=1376475856&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_10&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0CtB0EyEtA0Bzz0DyCzytN0D0Tzu0StCtCyDyBtN1L2XzutAtFzztFtAtFtCtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0Dzy0Bzz0C0BtGtDtA0D0CtGyCtC0A0BtGtAtDtC0CtGyB0DyC0C0F0FzytCyC0E0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Dzz0DyB0DyE0AtGtC0C0B0DtGyEtBzzyEtG0ByCtBtAtGyDzytByC0EtA0E0AtDtCzzzz2QtN1B2Z1V1T1S1NzuyDyCtD&cr=1376475856&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7CKMB_enUS497
SearchScopes: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_10&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0CtB0EyEtA0Bzz0DyCzytN0D0Tzu0StCtCyDyBtN1L2XzutAtFzztFtAtFtCtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0Dzy0Bzz0C0BtGtDtA0D0CtGyCtC0A0BtGtAtDtC0CtGyB0DyC0C0F0FzytCyC0E0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Dzz0DyB0DyE0AtGtC0C0B0DtGyEtBzzyEtG0ByCtBtAtGyDzytByC0EtA0E0AtDtCzzzz2QtN1B2Z1V1T1S1NzuyDyCtD&cr=1376475856&ir=
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\buhx8ial.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin-x32: @ccb.com.cn/CCBEnckey,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBEnckey.dll [No File]
FF Plugin-x32: @ccb.com.cn/CCBInfoScan,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBInfoScan.dll [No File]
FF Plugin-x32: @ccb.com.cn/CCBNetSignCom,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBNetSignCom.dll [No File]
FF Plugin-x32: @ccb.com.cn/dmwz-ccbdevidctrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npdmccbplugin.dll [No File]
FF Plugin-x32: @ccb.com.cn/dmwz-WriteCert,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npdmwritecert.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZB2gCertCtrl,version=2.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZB2gCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZB2gSNCtrl,version=2.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZB2gSNCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZBCertCtrl,version=1.0.0.8 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZBCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZBSNCtrl,version=1.0.0.8 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZBSNCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/npTDRImportCertCtrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npTDRImportCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/npTDRSNctrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npTDRSNctrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/WDImportCertCtrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npWDImportCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/wdkctrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npwdkctrl.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @freescreensharing/detector -> C:\Users\Sue\AppData\Local\FreeScreenSharing\npfreesee.dll [2014-06-05] (Free Screen Sharing)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Sue\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sue\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @talk.google.com/O1DPlugin -> C:\Users\Sue\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sue\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sue\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2016-02-05] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-05]
CHR Extension: (Google Docs) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05]
CHR Extension: (Google Drive) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-28]
CHR Extension: (Skype) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-28]
CHR Extension: (Google Hangouts) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sue\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 00977a63; c:\Program Files (x86)\LighterInit\LighterInit.dll [1581056 2015-03-23] () [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-07] (Adobe Systems) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
S2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S2 HZ_CommSrv; C:\Windows\SysWOW64\HZ_CommSrv.exe [18792 2013-05-14] (????????????)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS2; c:\Program Files (x86)\Microsoft SQL Server\mytest\MSSQL10.SQLEXPRESS2\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS2; c:\Program Files (x86)\Microsoft SQL Server\mytest\MSSQL10.SQLEXPRESS2\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S3 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [103936 2014-05-19] (Apache Software Foundation) [File not signed]
S2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S2 WDMonitorCCB; C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe [137608 2014-07-30] ( Beijing WatchData System Co., Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40552 2013-06-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 00:05 - 2016-02-06 00:05 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-06 00:04 - 2016-02-06 00:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-05 22:35 - 2016-02-05 22:36 - 00061555 _____ C:\Users\Sue\Desktop\Addition.txt
2016-02-05 22:33 - 2016-02-05 22:45 - 00028033 _____ C:\Users\Sue\Desktop\FRST.txt
2016-02-05 22:31 - 2016-02-05 22:45 - 00000000 ____D C:\FRST
2016-02-05 22:31 - 2016-02-05 22:32 - 00028092 _____ C:\Users\Sue\Downloads\FRST.txt
2016-02-05 22:30 - 2016-02-05 22:30 - 02370560 _____ (Farbar) C:\Users\Sue\Desktop\FRST64.exe
2016-02-05 22:25 - 2016-02-05 22:25 - 00000000 ____D C:\Users\Sue\AppData\Local\Macromedia
2016-02-05 22:23 - 2016-02-05 22:30 - 00000000 ____D C:\Users\Sue\AppData\Local\Mozilla
2016-02-05 22:23 - 2016-02-05 22:23 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-05 22:23 - 2016-02-05 22:23 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-05 22:23 - 2016-02-05 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-05 22:23 - 2016-02-05 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-05 22:22 - 2016-02-05 22:19 - 43051376 _____ C:\Users\Sue\Downloads\Firefox-Setup-44-0_EN.exe
2016-02-05 22:02 - 2016-02-05 22:02 - 00000000 ____D C:\Users\Sue\AppData\Local\ElevatedDiagnostics
2016-02-05 21:43 - 2016-02-05 21:43 - 00000258 _____ C:\Users\Sue\Desktop\myreg.reg
2016-02-05 21:19 - 2016-02-05 21:19 - 00000000 ____D C:\Windows\pss
2016-02-02 10:40 - 2016-02-02 10:40 - 00000000 ____D C:\Users\catzrule\AppData\Local\Apple Computer
2016-01-15 20:43 - 2016-01-15 20:43 - 01539452 _____ C:\Users\Sue\Downloads\hw_13.pdf
2016-01-13 09:33 - 2015-11-16 20:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 09:33 - 2015-11-16 20:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 09:32 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 09:32 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 09:32 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 09:32 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 09:32 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 09:32 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 09:32 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 09:32 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 09:32 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 09:32 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 09:32 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 09:32 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 09:32 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 09:32 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 09:32 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 09:32 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 09:32 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 09:32 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 09:32 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 09:32 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 09:32 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 09:32 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 09:32 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 09:32 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 09:32 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 09:32 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 09:32 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 09:32 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 09:32 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 09:32 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 09:32 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 09:32 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 09:32 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 09:32 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 09:32 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 09:32 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 09:32 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 09:32 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 09:32 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 09:32 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 09:32 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 09:32 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 09:32 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 09:32 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 09:32 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 09:32 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 09:32 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 09:32 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 09:32 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 09:32 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 09:32 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 09:32 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 09:32 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 09:32 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 09:32 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 09:32 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 09:32 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 09:32 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 09:32 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 09:32 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 09:32 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 09:32 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 09:32 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 09:32 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 09:32 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 09:32 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 09:32 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 09:32 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 09:32 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 09:32 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 09:32 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 09:32 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 09:32 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 09:32 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 09:32 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 09:32 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 09:32 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 09:32 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 09:32 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 09:32 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 09:32 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 09:32 - 2015-11-16 20:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 09:32 - 2015-11-16 20:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 09:32 - 2015-11-16 20:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 09:32 - 2015-11-16 20:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 09:32 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 09:32 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 09:32 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 09:32 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 09:32 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 09:32 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 09:32 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 09:31 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 09:31 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 09:31 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 09:31 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 09:31 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 09:31 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 09:31 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 09:31 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 09:31 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 09:31 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 09:31 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 09:31 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 09:31 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 09:31 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 09:31 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 09:31 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 09:31 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 09:31 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 09:31 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 09:31 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 09:31 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 09:31 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 09:31 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 09:31 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 09:31 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 09:31 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 09:31 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 09:31 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 09:31 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 09:31 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 09:31 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 09:31 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 09:31 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 09:31 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 09:31 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 09:31 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 09:31 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 09:31 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 09:31 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 09:31 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-05 23:55 - 2012-10-23 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-05 23:54 - 2015-08-15 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-05 23:54 - 2015-06-12 13:44 - 00000000 ____D C:\Users\Classic .NET AppPool
2016-02-05 23:54 - 2014-11-22 14:27 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Dropbox
2016-02-05 23:54 - 2014-03-24 07:05 - 00000000 ____D C:\Users\Colleen
2016-02-05 23:54 - 2014-03-23 10:09 - 00000000 ____D C:\Users\catzrule\AppData\Local\Lenovo
2016-02-05 23:54 - 2014-03-23 10:07 - 00000000 ____D C:\Users\catzrule
2016-02-05 23:54 - 2013-06-11 22:14 - 00000000 ____D C:\Users\Sue\Downloads\support
2016-02-05 23:54 - 2013-06-11 22:11 - 00000000 ____D C:\Users\Sue\Downloads\sources
2016-02-05 23:54 - 2012-08-29 21:28 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-05 23:54 - 2012-08-15 18:45 - 00000000 ____D C:\Users\Sue\AppData\Local\Google
2016-02-05 23:54 - 2012-08-15 18:12 - 00000000 ____D C:\Users\Sue
2016-02-05 23:54 - 2012-08-08 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-02-05 23:54 - 2012-08-08 03:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-02-05 23:54 - 2011-12-08 15:42 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-05 23:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-05 23:53 - 2015-06-23 18:03 - 00000000 ____D C:\Users\Sue\AppData\Local\Dropbox
2016-02-05 23:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-02-05 23:51 - 2015-06-15 18:14 - 00000000 ____D C:\Users\Sue\Downloads\Citrix
2016-02-05 23:51 - 2014-07-08 22:58 - 00000000 ____D C:\Users\Sue\Downloads\apache-tomcat-7.0.54
2016-02-05 23:51 - 2014-07-08 21:24 - 00000000 ____D C:\Users\Sue\Downloads\apache-ant-1.9.4
2016-02-05 23:51 - 2014-06-20 18:38 - 00000000 ____D C:\Users\Sue\Downloads\Microsoft JDBC Driver 4.0 for SQL Server
2016-02-05 23:51 - 2014-06-19 22:49 - 00000000 ____D C:\Users\Sue\Downloads\glassfish4
2016-02-05 23:51 - 2014-06-01 11:14 - 00000000 ____D C:\Users\Sue\Downloads\Demo_and_Source_BinarySearchTree
2016-02-05 23:51 - 2013-06-11 22:11 - 00000000 ____D C:\Users\Sue\Downloads\efi
2016-02-05 23:51 - 2012-12-20 10:48 - 00000000 ____D C:\Users\Sue\Downloads\gist_voiceToText
2016-02-05 23:48 - 2014-09-22 19:32 - 00000000 __RHD C:\MSOCache
2016-02-05 23:48 - 2013-01-31 19:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-05 22:43 - 2012-11-21 16:35 - 00000000 ____D C:\Users\Sue\AppData\Local\CrashDumps
2016-02-05 22:23 - 2015-12-21 22:24 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Mozilla
2016-02-05 21:19 - 2009-07-13 23:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-05 21:19 - 2009-07-13 23:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-05 21:18 - 2012-08-08 03:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-05 21:14 - 2013-07-04 23:09 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job
2016-02-05 21:10 - 2014-05-13 13:59 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2016-02-05 21:10 - 2012-08-29 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-05 21:10 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-05 20:21 - 2012-08-15 18:22 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Nitro PDF
2016-02-05 18:26 - 2012-08-29 21:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-05 18:26 - 2012-08-29 21:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-05 18:26 - 2012-08-29 21:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-05 18:11 - 2012-08-08 03:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-05 18:09 - 2009-07-14 00:38 - 00067584 ____S C:\Windows\bootstat(23).dat
2016-02-05 17:58 - 2014-11-22 14:28 - 00000000 ___RD C:\Users\Sue\Dropbox
2016-02-05 17:55 - 2013-06-29 10:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job
2016-02-05 17:49 - 2013-06-29 10:11 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA
2016-02-05 17:49 - 2013-06-29 10:11 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core
2016-02-05 17:49 - 2013-06-29 10:11 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job
2016-02-05 17:49 - 2012-08-08 03:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-05 17:49 - 2012-08-08 03:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 11:18 - 2014-03-23 10:11 - 00000000 ____D C:\Users\catzrule\AppData\Roaming\Nitro PDF
2016-01-25 11:20 - 2012-08-15 19:06 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-16 01:01 - 2015-10-24 12:01 - 00000336 _____ C:\Windows\Tasks\Superclean.job
2016-01-16 00:14 - 2013-07-04 23:09 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job
2016-01-15 20:56 - 2015-10-24 12:03 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-15 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-15 10:17 - 2009-07-13 23:45 - 00462424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-15 10:16 - 2015-08-15 02:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 10:16 - 2015-08-15 02:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 10:14 - 2014-12-12 03:18 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-15 10:14 - 2014-05-08 08:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 17:56 - 2015-07-05 22:27 - 00000000 ____D C:\Users\catzrule\Documents\Math

==================== Files in the root of some directories =======

2015-06-11 07:21 - 2015-06-11 07:21 - 0000020 _____ () C:\Users\Sue\AppData\Roaming\appdataFr3.bin
2013-01-20 14:21 - 2013-01-20 14:21 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Files to move or delete:
====================
C:\Users\catzrule\gluegen-rt.dll
C:\Users\catzrule\joal.dll
C:\Users\catzrule\jocl.dll
C:\Users\catzrule\jogl_cg.dll
C:\Users\catzrule\jogl_desktop.dll
C:\Users\catzrule\jogl_mobile.dll
C:\Users\catzrule\nativewindow_awt.dll
C:\Users\catzrule\nativewindow_win32.dll
C:\Users\catzrule\newt.dll
C:\Users\catzrule\soft_oal.dll
C:\Users\catzrule\uninstall.dat
C:\Users\catzrule\uninstall.exe
C:\Users\catzrule\wpbdv14j77.exe


Some files in TEMP:
====================
C:\Users\catzrule\AppData\Local\Temp\Network Wizard.exe
C:\Users\Sue\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2bdjeq.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-03 09:52

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Sue (2016-02-05 22:45:43)
Running from
Windows 7 Professional Service Pack 1 (X64) (2012-08-16 12:11:27)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3253851711-2362259233-3746204868-500 - Administrator - Disabled)
catzrule (S-1-5-21-3253851711-2362259233-3746204868-1008 - Limited - Enabled) => C:\Users\catzrule
Colleen (S-1-5-21-3253851711-2362259233-3746204868-1009 - Limited - Enabled) => C:\Users\Colleen
Guest (S-1-5-21-3253851711-2362259233-3746204868-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3253851711-2362259233-3746204868-1002 - Limited - Enabled)
Sue (S-1-5-21-3253851711-2362259233-3746204868-1000 - Administrator - Enabled) => C:\Users\Sue

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assessments on Client (x32 Version: 8.100.9431 - Microsoft) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCB "E Safety" Internet Banking security components  1.0.8.7 (HKLM-x32\...\CCB "E Safety" Internet Banking security components Setup) (Version: 1.0.8.7 - China Construction Bank)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.6.0 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0 - FileZilla Project)
FreeScreenSharing (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\FreeScreenSharing) (Version: 0.58.75.0 - Free Conferencing Corporation)
GitHub (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\5f7eb300e2ea4ebf) (Version: 2.13.2.4 - GitHub, Inc.)
GlassFish Server Open Source Edition 4.0 (HKLM\...\nbi-glassfish-mod-4.0.0.89.0) (Version:  - )
Google Chrome (HKLM-x32\...\{A29ED7D5-3D50-35AC-A6B7-1C5F735D926D}) (Version: 47.0.2526.111 - Google, Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kits Configuration Installer (x32 Version: 8.100.9431 - Microsoft) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
LighterInit (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{977a63}) (Version:  - Software Publisher) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM-x32\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Web - ENU (HKLM-x32\...\{4bd1cdab-bf82-42c1-af37-e4918141913f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Web Publish - Visual Web Developer Express 2010 (HKLM-x32\...\{A6A4CD8C-B9E2-443E-82F2-1313AD3C9A16}) (Version: 1.0.30810.0 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Screen Recorder Launcher (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\ScreenRecorderLauncher) (Version: 1.7 - )
SecureW2 Enterprise Client 3.5.9 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
Toolkit Documentation (x32 Version: 8.100.9431 - Microsoft) Hidden
UnzipLite 0.2 (HKLM-x32\...\UnzipLite) (Version: 0.2 - Amnis Technology Ltd)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU (HKLM-x32\...\{D25C502E-FF51-424C-8C38-8596FE47D0CD}) (Version: 4.0.8482.1 - Microsoft Corporation)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Assessment and Deployment Kit for Windows 8.1 Preview (HKLM-x32\...\{e83a4859-7373-4aab-8dbe-dafccac24fe0}) (Version: 8.100.9431 - Microsoft Corporation)
Windows Azure Authoring Tools - June 2012 Release (HKLM\...\{646A1C52-6194-4992-8D21-8D9E42AE820A}) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Emulator - June 2012 Release (HKLM\...\Windows Azure Emulator - June 2012 Release) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Libraries for .NET 1.7 – June 2012 (HKLM\...\{AED07B87-975F-4F60-B7C9-38B8596C6531}) (Version: 1.7 - Microsoft Corporation)
Windows Azure PowerShell - August 2012 (HKLM-x32\...\{4D5B43AD-5AF4-4AF4-B90E-C90AC951A486}) (Version: 0.6.2 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2010 - June 2012 SP1 (HKLM-x32\...\{3dcba276-d593-49cc-9141-08b8a339c984}) (Version: 1.7.50716.1601 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2012 - June 2012 SP1 (HKLM-x32\...\{540cc2f4-4f11-47be-8ebb-e665ed4e9d01}) (Version: 1.7.50716.1601 - Microsoft Corporation)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WorldWideCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - WorldWideCoupon) <==== ATTENTION
WPT Redistributables (x32 Version: 8.100.9431 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.9431 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E1D4B0-BF66-48DF-B2B7-C36F3784A240} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {1DB31F7A-D1EA-4158-9383-E994AAAAF762} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {1E32D6BA-1999-42DF-8E74-60D04D671799} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2012-11-21] (SecureW2 B.V.)
Task: {2511E3B7-BFB1-4AEE-82AA-3B0BC02C4D61} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {343471F6-E885-4CF3-8FDF-5190021EECDB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {3BAE8D6C-3273-417E-BFBD-48B71D55148C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {3BECEF5D-DB84-4230-AF53-735DE9693F8F} - System32\Tasks\{8E6E35B5-87FE-4FBF-8FFC-0BA96431A60C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.156.375/en/go/help.faq.installer?LastError=1603
Task: {4271329B-BDF7-41E7-9B4E-63C92330E926} - System32\Tasks\Superclean => c:\programdata\{1ce4ed23-c532-1f4d-1ce4-4ed23c53b48f}\hqghumeaylnlf.exe [2014-10-24] (Super PC Tools Ltd) <==== ATTENTION
Task: {461EF6B0-130A-4F5F-802A-A97EC32A6BB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4B6509D1-45D6-44C5-A7AB-A1369455294C} - System32\Tasks\{91A02A83-63A3-42F6-8901-38AA6208A58D} => pcalua.exe -a C:\glassfish4\uninstall.exe -d C:\glassfish4 -c "c:\java\jdk1.8.0_05"
Task: {527D1848-D309-46AF-923F-6B7D44D7C00F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {547DAF72-079E-4E5B-906A-2A001D396435} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {56ED5604-CAAD-4704-AB60-A16530CAC576} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5D42E488-17F1-4159-A2F8-60EEAEEB8FFF} - System32\Tasks\{8A0C90F4-78DF-48C8-8731-FD70DCC9227B} => pcalua.exe -a C:\Users\Sue\Downloads\ogs-3.1.2.2-windows.exe -d C:\Users\Sue\Downloads
Task: {6C0DFE9D-C308-4FF3-A146-C91BC94E29E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6C6C79AE-CB00-4A46-A39D-F1B45A024B92} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {6D2D5BA6-45E9-425B-B887-C2C880F5D610} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {76B62AFF-2A50-41FD-8958-E240360C6D6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {78D2E44C-0342-4898-99A8-83FB31508A72} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {7C693D95-BE5E-4DE3-B93E-2348AA206608} - System32\Tasks\{220D48E6-8D41-4273-831B-6D1D1F425703} => pcalua.exe -a "c:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" -c /X86
Task: {8EEA55BA-1578-42C0-876A-32C04D78F597} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {92D1C0A3-5708-4FD9-BCB5-53F5103BF577} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {96D94120-15B8-4115-8D86-AFABC2A409E2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {A406C534-2B02-4441-A6FF-9325BA9365C3} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Boots.Sue => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {A701A4CA-64F1-4D9C-B931-A2B3EB88D1D3} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Boots.catzrule => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {B4F5273E-F368-448A-B26F-D96B2F06E669} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {BF8FADF9-5D5E-45A9-840D-7350E933C3E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C0A40505-AA46-481F-99CB-850AB51A95B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-04] (Facebook Inc.)
Task: {CF2F80BD-4316-473E-9C80-BA8FCB7B810A} - System32\Tasks\{175F3DF0-F1A2-45DE-AF6C-7D6518E134F2} => pcalua.exe -a C:\Users\Sue\Downloads\java_ee_sdk-7-windows.exe -d C:\Users\Sue\Downloads -c -j c:\Program Files\java\jre7\bin
Task: {D27583F5-32D9-415C-BE6D-D6E4B5F0EB9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-05] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E2A78890-941D-4BCE-B171-2E318B2BD8D0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {E5BE355A-0AE4-4CBC-BFAB-B384378162D7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-04] (Facebook Inc.)
Task: {E84DBFC8-B20C-420E-8189-26645DD4933C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {F498DF6C-D156-43F7-A481-51BC42E3065A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{1ce4ed23-c532-1f4d-1ce4-4ed23c53b48f}\hqghumeaylnlf.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-28 10:07 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-05-24 01:04 - 2012-05-24 01:04 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2015-10-28 10:07 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\customercouncil.net -> customercouncil.net
IE restricted site: HKU\.DEFAULT\...\pycic.com -> pycic.com
IE trusted site: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\ccb.cn -> hxxps://b2b.ccb.cn
IE trusted site: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\ccb.com -> hxxps://*.ccb.com
IE trusted site: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\ccb.com.cn -> hxxps://*.ccb.com.cn

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-11-15 11:42 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Sue\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{35BEF5D6-05D4-49DA-94F7-8C1C9C4DA2B4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DC05AE51-40B3-4E14-8E91-EEDA4D2269EA}] => (Allow) LPort=2869
FirewallRules: [{5FB12950-EF25-4663-B202-0C642C9041B4}] => (Allow) LPort=1900
FirewallRules: [{523CE888-5B5D-4744-A7D1-9D511E122591}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CF66590A-0194-49BB-A2F4-9AD68F879C4C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{ACF3293F-F80F-473B-BE39-EEF313EA8766}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7051FC77-ADD2-466C-921A-E15534AEDF4D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{022727FF-DED2-4210-809A-246DDEF34872}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{888FA3B4-E4BA-4559-ADCD-CDF84A315D8B}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{C9CD562B-15CC-47E2-A658-CF3D18C06A81}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{9FCBBFF0-13B1-4BFA-85C5-9F7DAFA5B49D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{DA22C75F-A92B-4FDE-B6FD-25A8616FBEC6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{EA3109C3-822D-4586-BECA-5FDEED42DFCF}] => (Allow) C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgent.exe
FirewallRules: [TCP Query User{457E6A94-57F3-4CDF-B5B5-B93FC778318D}C:\users\sue\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sue\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1521C271-D839-486F-8136-0204EA612ADE}C:\users\sue\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sue\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4B381672-F399-4702-BE8D-B8BCF15697B1}C:\users\sue\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sue\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4F709366-E6C2-4DBA-9AC4-AA346E8A2C3A}C:\users\sue\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sue\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B450B17-AD8D-4C93-9CA7-BEDEBEA9BB60}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{78ECDB9E-9D69-435F-ABD6-A26C1FA7DEFB}C:\users\sue\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sue\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FC5E8C34-F698-460A-AB71-E54ACDD5B1A7}C:\users\sue\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sue\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4239EF37-8208-4EB9-821F-D9A2A0DF4003}C:\users\sue\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\sue\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{97DEF525-526D-46F2-9268-D6DF62025170}C:\users\sue\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\sue\appdata\local\akamai\netsession_win.exe
FirewallRules: [{34A69B2F-AF76-40A2-A9F8-EBF62A543E9F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{FB0C2985-4F2B-4744-9758-6C068B24695B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [TCP Query User{DEFCED8F-7ECA-4F05-AD8D-850C5C1F9CC5}C:\java\jdk1.8.0_05\jre\bin\javaw.exe] => (Allow) C:\java\jdk1.8.0_05\jre\bin\javaw.exe
FirewallRules: [UDP Query User{66E30672-206D-41D4-A4A4-E75D4AC768C8}C:\java\jdk1.8.0_05\jre\bin\javaw.exe] => (Allow) C:\java\jdk1.8.0_05\jre\bin\javaw.exe
FirewallRules: [TCP Query User{D7945155-C2BA-4119-A01D-0DEFA0198FB2}C:\java\jdk1.8.0_05\bin\java.exe] => (Allow) C:\java\jdk1.8.0_05\bin\java.exe
FirewallRules: [UDP Query User{D8DEC1DF-BABC-4D4E-9882-F467354E4213}C:\java\jdk1.8.0_05\bin\java.exe] => (Allow) C:\java\jdk1.8.0_05\bin\java.exe
FirewallRules: [TCP Query User{69820824-985D-4EE1-B353-7A4F8724708D}C:\java\jdk1.8.0_05\bin\javaw.exe] => (Allow) C:\java\jdk1.8.0_05\bin\javaw.exe
FirewallRules: [UDP Query User{31BEF3BD-9D9A-422C-B202-7AF2DE21BAFC}C:\java\jdk1.8.0_05\bin\javaw.exe] => (Allow) C:\java\jdk1.8.0_05\bin\javaw.exe
FirewallRules: [TCP Query User{8483E638-5BFF-484D-88A8-59295AB2ECAA}C:\users\sue\appdata\local\freescreensharing\freescreensharing.exe] => (Allow) C:\users\sue\appdata\local\freescreensharing\freescreensharing.exe
FirewallRules: [UDP Query User{E1729DBF-5C02-4D6E-A267-C15DD939A93E}C:\users\sue\appdata\local\freescreensharing\freescreensharing.exe] => (Allow) C:\users\sue\appdata\local\freescreensharing\freescreensharing.exe
FirewallRules: [{F01F980F-2248-49D8-9822-13A140E39F46}] => (Allow) C:\Users\Sue\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{F432BAAD-BEB3-411C-9812-3C2FCAB7F4B6}] => (Allow) C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{852662E6-AF69-40AA-A3EA-486F439BD878}] => (Allow) C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A3CAAEB7-342E-43A6-B6F1-988DA7A570A2}C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0F4B50D6-965E-4DAA-B554-D86784BB1E3A}C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{38AA8D4B-8F72-4ABA-9C0B-1A215A49CF8F}C:\users\catzrule\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\catzrule\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{4CEA47F9-5316-46DB-8C0F-32F569327D2D}C:\users\catzrule\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\catzrule\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{95CD2D42-7CAD-4E40-BBF3-30F16D1651E6}C:\users\catzrule\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\catzrule\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8C9E526D-0538-4DA8-9C11-943D016A4A38}C:\users\catzrule\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\catzrule\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{011BD9A9-B85D-4DE3-A237-EF67EB350724}C:\program files (x86)\windows live\photo gallery\wlxphotogallery.exe] => (Allow) C:\program files (x86)\windows live\photo gallery\wlxphotogallery.exe
FirewallRules: [UDP Query User{EA66BC49-65BD-48EE-AE45-8B434C75DFC3}C:\program files (x86)\windows live\photo gallery\wlxphotogallery.exe] => (Allow) C:\program files (x86)\windows live\photo gallery\wlxphotogallery.exe
FirewallRules: [{2E0A1AC4-E4B7-4EC1-A145-CF526CF6F3CD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9BD7A3D5-231D-4372-8D4D-8E681D5F1E06}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6F104BFE-866C-485A-A677-1421B983C190}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BB8A6C75-1053-4A96-B9FF-1AA3FA456B6D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E8662F47-1633-4BDF-81C7-35B0967B3886}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{DD64E619-BCB3-4783-8CAE-F8F8042D7B57}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{28FC0172-8A3A-411E-AD04-E740FDC900C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{93C12842-6900-4A3A-80FF-5029D02228C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0322D7CA-4700-4462-B8FF-45AFD9434792}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

26-01-2016 09:14:50 Windows Update
27-01-2016 10:48:50 Windows Update
28-01-2016 09:48:47 Windows Update
29-01-2016 10:26:35 Windows Update
30-01-2016 16:37:09 Windows Update
01-02-2016 09:02:01 Windows Update
01-02-2016 16:42:41 Windows Update
02-02-2016 10:50:22 Windows Update
02-02-2016 11:13:21 Windows Update
03-02-2016 09:52:42 Windows Update
03-02-2016 20:01:17 Removed Google Chrome
03-02-2016 20:18:09 Chrome Cleanup Tool
05-02-2016 16:11:15 Windows Update
05-02-2016 17:25:41 Restore Operation
05-02-2016 17:50:21 Windows Update
05-02-2016 18:27:52 Windows Update
05-02-2016 20:25:18 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2016 10:43:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 47.0.2526.106, time stamp: 0x566a3406
Faulting module name: chrome.dll, version: 47.0.2526.106, time stamp: 0x566a2f57
Exception code: 0x80000003
Fault offset: 0x000164e6
Faulting process id: 0x880
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (02/05/2016 10:21:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 47.0.2526.106, time stamp: 0x566a3406
Faulting module name: chrome.dll, version: 47.0.2526.106, time stamp: 0x566a2f57
Exception code: 0x80000003
Fault offset: 0x000164e6
Faulting process id: 0x5e0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (02/05/2016 10:16:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 47.0.2526.106, time stamp: 0x566a3406
Faulting module name: chrome.dll, version: 47.0.2526.106, time stamp: 0x566a2f57
Exception code: 0x80000003
Fault offset: 0x000164e6
Faulting process id: 0x614
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (02/05/2016 10:16:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 47.0.2526.106, time stamp: 0x566a3406
Faulting module name: chrome.dll, version: 47.0.2526.106, time stamp: 0x566a2f57
Exception code: 0x80000003
Fault offset: 0x000164e6
Faulting process id: 0x724
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (02/05/2016 10:15:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 47.0.2526.106, time stamp: 0x566a3406
Faulting module name: chrome.dll, version: 47.0.2526.106, time stamp: 0x566a2f57
Exception code: 0x80000003
Fault offset: 0x000164e6
Faulting process id: 0x684
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (02/05/2016 10:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 47.0.2526.106, time stamp: 0x566a3406
Faulting module name: chrome.dll, version: 47.0.2526.106, time stamp: 0x566a2f57
Exception code: 0x80000003
Fault offset: 0x000164e6
Faulting process id: 0x71c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (02/05/2016 10:14:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2016 10:13:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 47.0.2526.106, time stamp: 0x566a3406
Faulting module name: chrome.dll, version: 47.0.2526.106, time stamp: 0x566a2f57
Exception code: 0x80000003
Fault offset: 0x000164e6
Faulting process id: 0x738
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (02/05/2016 09:22:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2016 09:11:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/05/2016 10:43:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:43:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:43:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:43:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:43:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:43:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:43:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:43:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:43:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/05/2016 10:42:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
  Date: 2015-12-24 11:45:45.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 11:45:32.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 11:45:28.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 11:45:28.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 11:45:25.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:33.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:15.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:13.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:12.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:11.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 29%
Total physical RAM: 3819.11 MB
Available physical RAM: 2699.38 MB
Total Virtual: 7636.42 MB
Available Virtual: 6626.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:282.95 GB) (Free:114.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9BC55669)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Download the attached fixlist.txt file to the same location where you have FRST:

 

[attachment=80287:fixlist.txt]

 

Run FRST (Right click and Run As Admin) then hit the Fix button.  The PC may reboot during this process.   A fixlog will be generated. Please Copy and paste into a Reply.

 

Run FRST again, check the Addition.txt box and hit SCAN.  Copy and paste both logs.

 

Does IE work any better now?  How About Chrome?

 

 

 

 


  • 0

#3
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Sue (2016-02-12 20:59:51) Run:1
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue (Available Profiles: Sue & catzrule & Colleen & MSSQL$SQLEXPRESS)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [FreeScreenSharing] => C:\Users\Sue\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe [4046328 2014-06-05] ()
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [BingSvc] => C:\Users\Sue\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-14] (© 2015 Microsoft Corporation)
AppInit_DLLs-x32: c:/progra~3/{3f7ad~1/192~1.1/neme.dll => c:\ProgramData\{3F7AD7B9-6FF8-063F-DE7E-76BD0EFCA533}\1.9.2.1\neme.dll [1009664 2015-03-03] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_10&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0CtB0EyEtA0Bzz0DyCzytN0D0Tzu0StCtCyDyBtN1L2XzutAtFzztFtAtFtCtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0Dzy0Bzz0C0BtGtDtA0D0CtGyCtC0A0BtGtAtDtC0CtGyB0DyC0C0F0FzytCyC0E0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Dzz0DyB0DyE0AtGtC0C0B0DtGyEtBzzyEtG0ByCtBtAtGyDzytByC0EtA0E0AtDtCzzzz2QtN1B2Z1V1T1S1NzuyDyCtD&cr=1376475856&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_10&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0CtB0EyEtA0Bzz0DyCzytN0D0Tzu0StCtCyDyBtN1L2XzutAtFzztFtAtFtCtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0Dzy0Bzz0C0BtGtDtA0D0CtGyCtC0A0BtGtAtDtC0CtGyB0DyC0C0F0FzytCyC0E0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Dzz0DyB0DyE0AtGtC0C0B0DtGyEtBzzyEtG0ByCtBtAtGyDzytByC0EtA0E0AtDtCzzzz2QtN1B2Z1V1T1S1NzuyDyCtD&cr=1376475856&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_10&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0CtB0EyEtA0Bzz0DyCzytN0D0Tzu0StCtCyDyBtN1L2XzutAtFzztFtAtFtCtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0Dzy0Bzz0C0BtGtDtA0D0CtGyCtC0A0BtGtAtDtC0CtGyB0DyC0C0F0FzytCyC0E0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Dzz0DyB0DyE0AtGtC0C0B0DtGyEtBzzyEtG0ByCtBtAtGyDzytByC0EtA0E0AtDtCzzzz2QtN1B2Z1V1T1S1NzuyDyCtD&cr=1376475856&ir=
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sue\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - hxxps://clients2.google.com/service/update2/crx
S2 00977a63; c:\Program Files (x86)\LighterInit\LighterInit.dll [1581056 2015-03-23] () [File not signed]
C:\Users\catzrule\gluegen-rt.dll
C:\Users\catzrule\joal.dll
C:\Users\catzrule\jocl.dll
C:\Users\catzrule\jogl_cg.dll
C:\Users\catzrule\jogl_desktop.dll
C:\Users\catzrule\jogl_mobile.dll
C:\Users\catzrule\nativewindow_awt.dll
C:\Users\catzrule\nativewindow_win32.dll
C:\Users\catzrule\newt.dll
C:\Users\catzrule\soft_oal.dll
C:\Users\catzrule\uninstall.dat
C:\Users\catzrule\uninstall.exe
C:\Users\catzrule\wpbdv14j77.exe
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {04E1D4B0-BF66-48DF-B2B7-C36F3784A240} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {3BECEF5D-DB84-4230-AF53-735DE9693F8F} - System32\Tasks\{8E6E35B5-87FE-4FBF-8FFC-0BA96431A60C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.156.375/en/go/help.faq.installer?LastError=1603
Task: {4271329B-BDF7-41E7-9B4E-63C92330E926} - System32\Tasks\Superclean => c:\programdata\{1ce4ed23-c532-1f4d-1ce4-4ed23c53b48f}\hqghumeaylnlf.exe [2014-10-24] (Super PC Tools Ltd) <==== ATTENTION
Task: {5D42E488-17F1-4159-A2F8-60EEAEEB8FFF} - System32\Tasks\{8A0C90F4-78DF-48C8-8731-FD70DCC9227B} => pcalua.exe -a C:\Users\Sue\Downloads\ogs-3.1.2.2-windows.exe -d C:\Users\Sue\Downloads
Task: {BF8FADF9-5D5E-45A9-840D-7350E933C3E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C0A40505-AA46-481F-99CB-850AB51A95B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-04] (Facebook Inc.)
Task: {CF2F80BD-4316-473E-9C80-BA8FCB7B810A} - System32\Tasks\{175F3DF0-F1A2-45DE-AF6C-7D6518E134F2} => pcalua.exe -a C:\Users\Sue\Downloads\java_ee_sdk-7-windows.exe -d C:\Users\Sue\Downloads -c -j c:\Program Files\java\jre7\bin
Task: {E5BE355A-0AE4-4CBC-BFAB-B384378162D7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-04] (Facebook Inc.)
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{1ce4ed23-c532-1f4d-1ce4-4ed23c53b48f}\hqghumeaylnlf.exe <==== ATTENTION
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FreeScreenSharing => value removed successfully
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
"c:/progra~3/{3f7ad~1/192~1.1/neme.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => key removed successfully
00977a63 => service removed successfully
C:\Users\catzrule\gluegen-rt.dll => moved successfully
C:\Users\catzrule\joal.dll => moved successfully
C:\Users\catzrule\jocl.dll => moved successfully
C:\Users\catzrule\jogl_cg.dll => moved successfully
C:\Users\catzrule\jogl_desktop.dll => moved successfully
C:\Users\catzrule\jogl_mobile.dll => moved successfully
C:\Users\catzrule\nativewindow_awt.dll => moved successfully
C:\Users\catzrule\nativewindow_win32.dll => moved successfully
C:\Users\catzrule\newt.dll => moved successfully
C:\Users\catzrule\soft_oal.dll => moved successfully
C:\Users\catzrule\uninstall.dat => moved successfully
C:\Users\catzrule\uninstall.exe => moved successfully
C:\Users\catzrule\wpbdv14j77.exe => moved successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04E1D4B0-BF66-48DF-B2B7-C36F3784A240}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E1D4B0-BF66-48DF-B2B7-C36F3784A240}" => key removed successfully
C:\Windows\System32\Tasks\Remediation\AntimalwareMigrationTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BECEF5D-DB84-4230-AF53-735DE9693F8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BECEF5D-DB84-4230-AF53-735DE9693F8F}" => key removed successfully
C:\Windows\System32\Tasks\{8E6E35B5-87FE-4FBF-8FFC-0BA96431A60C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E6E35B5-87FE-4FBF-8FFC-0BA96431A60C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4271329B-BDF7-41E7-9B4E-63C92330E926}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4271329B-BDF7-41E7-9B4E-63C92330E926}" => key removed successfully
C:\Windows\System32\Tasks\Superclean => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D42E488-17F1-4159-A2F8-60EEAEEB8FFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D42E488-17F1-4159-A2F8-60EEAEEB8FFF}" => key removed successfully
C:\Windows\System32\Tasks\{8A0C90F4-78DF-48C8-8731-FD70DCC9227B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A0C90F4-78DF-48C8-8731-FD70DCC9227B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF8FADF9-5D5E-45A9-840D-7350E933C3E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF8FADF9-5D5E-45A9-840D-7350E933C3E9}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0A40505-AA46-481F-99CB-850AB51A95B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0A40505-AA46-481F-99CB-850AB51A95B7}" => key removed successfully
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF2F80BD-4316-473E-9C80-BA8FCB7B810A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF2F80BD-4316-473E-9C80-BA8FCB7B810A}" => key removed successfully
C:\Windows\System32\Tasks\{175F3DF0-F1A2-45DE-AF6C-7D6518E134F2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{175F3DF0-F1A2-45DE-AF6C-7D6518E134F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5BE355A-0AE4-4CBC-BFAB-B384378162D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5BE355A-0AE4-4CBC-BFAB-B384378162D7}" => key removed successfully
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core" => key removed successfully
C:\Windows\Tasks\Superclean.job => moved successfully
 
==== End of Fixlog 20:59:52 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Sue (administrator) on BOOTS (12-02-2016 21:02:44)
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue (Available Profiles: Sue & catzrule & Colleen & MSSQL$SQLEXPRESS)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [213416 2012-11-21] (SecureW2 B.V.)
HKLM-x32\...\Run: [CCBCertificate] => C:\Program Files (x86)\CCBComponents\DMWZ\CCBCertificate.exe
HKLM-x32\...\Run: [USBKeyTools.exe] => C:\Program Files (x86)\CCBComponents\HDZB\USBKeyTools.exe
HKLM-x32\...\Run: [wdcertm_ccb] => C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe [72224 2014-07-30] ( Beijing WatchData System Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Epson Stylus NX420(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Google Update] => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2014-05-19] (Apache Software Foundation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_Plugin.exe [1163456 2015-12-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\MountPoints2: {dfa986c6-e12e-11e1-8400-806e6f6e6963} - Q:\LenovoQDrive.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-11-07]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{2EC2979D-7E49-476E-9BA1-92EE5BD758B6}: [DhcpNameServer] 202.99.96.68 202.99.104.68
Tcpip\..\Interfaces\{E4C916A7-9A0C-48F5-B7AF-F15C76502EA8}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7CKMB_enUS497
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\buhx8ial.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin-x32: @ccb.com.cn/CCBEnckey,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBEnckey.dll [No File]
FF Plugin-x32: @ccb.com.cn/CCBInfoScan,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBInfoScan.dll [No File]
FF Plugin-x32: @ccb.com.cn/CCBNetSignCom,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBNetSignCom.dll [No File]
FF Plugin-x32: @ccb.com.cn/dmwz-ccbdevidctrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npdmccbplugin.dll [No File]
FF Plugin-x32: @ccb.com.cn/dmwz-WriteCert,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npdmwritecert.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZB2gCertCtrl,version=2.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZB2gCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZB2gSNCtrl,version=2.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZB2gSNCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZBCertCtrl,version=1.0.0.8 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZBCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZBSNCtrl,version=1.0.0.8 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZBSNCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/npTDRImportCertCtrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npTDRImportCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/npTDRSNctrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npTDRSNctrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/WDImportCertCtrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npWDImportCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/wdkctrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npwdkctrl.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @freescreensharing/detector -> C:\Users\Sue\AppData\Local\FreeScreenSharing\npfreesee.dll [2014-06-05] (Free Screen Sharing)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Sue\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sue\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @talk.google.com/O1DPlugin -> C:\Users\Sue\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sue\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sue\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2016-02-05] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-05]
CHR Extension: (Google Docs) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05]
CHR Extension: (Google Drive) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-28]
CHR Extension: (Skype) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-28]
CHR Extension: (Google Hangouts) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-07] (Adobe Systems) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
S2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S2 HZ_CommSrv; C:\Windows\SysWOW64\HZ_CommSrv.exe [18792 2013-05-14] (华大智宝电子系统有限公司)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS2; c:\Program Files (x86)\Microsoft SQL Server\mytest\MSSQL10.SQLEXPRESS2\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS2; c:\Program Files (x86)\Microsoft SQL Server\mytest\MSSQL10.SQLEXPRESS2\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S3 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [103936 2014-05-19] (Apache Software Foundation) [File not signed]
S2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S2 WDMonitorCCB; C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe [137608 2014-07-30] ( Beijing WatchData System Co., Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40552 2013-06-15] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 20:59 - 2016-02-12 20:59 - 00021074 _____ C:\Users\Sue\Desktop\Fixlog.txt
2016-02-06 00:05 - 2016-02-06 00:05 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-06 00:04 - 2016-02-06 00:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-05 22:35 - 2016-02-05 22:45 - 00061802 _____ C:\Users\Sue\Desktop\Addition.txt
2016-02-05 22:33 - 2016-02-12 21:03 - 00023751 _____ C:\Users\Sue\Desktop\FRST.txt
2016-02-05 22:31 - 2016-02-12 21:02 - 00000000 ____D C:\FRST
2016-02-05 22:31 - 2016-02-05 22:32 - 00028092 _____ C:\Users\Sue\Downloads\FRST.txt
2016-02-05 22:30 - 2016-02-05 22:30 - 02370560 _____ (Farbar) C:\Users\Sue\Desktop\FRST64.exe
2016-02-05 22:25 - 2016-02-05 22:25 - 00000000 ____D C:\Users\Sue\AppData\Local\Macromedia
2016-02-05 22:23 - 2016-02-05 22:30 - 00000000 ____D C:\Users\Sue\AppData\Local\Mozilla
2016-02-05 22:23 - 2016-02-05 22:23 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-05 22:23 - 2016-02-05 22:23 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-05 22:23 - 2016-02-05 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-05 22:23 - 2016-02-05 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-05 22:22 - 2016-02-05 22:19 - 43051376 _____ C:\Users\Sue\Downloads\Firefox-Setup-44-0_EN.exe
2016-02-05 22:02 - 2016-02-05 22:02 - 00000000 ____D C:\Users\Sue\AppData\Local\ElevatedDiagnostics
2016-02-05 21:43 - 2016-02-05 21:43 - 00000258 _____ C:\Users\Sue\Desktop\myreg.reg
2016-02-05 21:19 - 2016-02-05 21:19 - 00000000 ____D C:\Windows\pss
2016-02-02 10:40 - 2016-02-02 10:40 - 00000000 ____D C:\Users\catzrule\AppData\Local\Apple Computer
2016-01-15 20:43 - 2016-01-15 20:43 - 01539452 _____ C:\Users\Sue\Downloads\hw_13.pdf
2016-01-13 09:33 - 2015-11-16 20:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 09:33 - 2015-11-16 20:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 09:32 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 09:32 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 09:32 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 09:32 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 09:32 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 09:32 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 09:32 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 09:32 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 09:32 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 09:32 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 09:32 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 09:32 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 09:32 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 09:32 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 09:32 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 09:32 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 09:32 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 09:32 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 09:32 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 09:32 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 09:32 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 09:32 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 09:32 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 09:32 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 09:32 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 09:32 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 09:32 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 09:32 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 09:32 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 09:32 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 09:32 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 09:32 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 09:32 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 09:32 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 09:32 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 09:32 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 09:32 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 09:32 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 09:32 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 09:32 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 09:32 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 09:32 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 09:32 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 09:32 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 09:32 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 09:32 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 09:32 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 09:32 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 09:32 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 09:32 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 09:32 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 09:32 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 09:32 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 09:32 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 09:32 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 09:32 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 09:32 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 09:32 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 09:32 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 09:32 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 09:32 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 09:32 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 09:32 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 09:32 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 09:32 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 09:32 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 09:32 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 09:32 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 09:32 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 09:32 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 09:32 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 09:32 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 09:32 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 09:32 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 09:32 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 09:32 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 09:32 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 09:32 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 09:32 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 09:32 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 09:32 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 09:32 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 09:32 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 09:32 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 09:32 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 09:32 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 09:32 - 2015-11-16 20:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 09:32 - 2015-11-16 20:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 09:32 - 2015-11-16 20:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 09:32 - 2015-11-16 20:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 09:32 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 09:32 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 09:32 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 09:32 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 09:32 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 09:32 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 09:32 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 09:31 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 09:31 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 09:31 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 09:31 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 09:31 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 09:31 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 09:31 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 09:31 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 09:31 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 09:31 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 09:31 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 09:31 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 09:31 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 09:31 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 09:31 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 09:31 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 09:31 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 09:31 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 09:31 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 09:31 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 09:31 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 09:31 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 09:31 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 09:31 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 09:31 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 09:31 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 09:31 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 09:31 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 09:31 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 09:31 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 09:31 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 09:31 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 09:31 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 09:31 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 09:31 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 09:31 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 09:31 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 09:31 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 09:31 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 09:31 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 09:31 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 09:31 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 09:31 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 09:31 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 20:59 - 2015-07-31 14:06 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-02-12 20:59 - 2014-03-23 10:07 - 00000000 ____D C:\Users\catzrule
2016-02-05 23:55 - 2012-10-23 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-05 23:54 - 2015-08-15 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-05 23:54 - 2015-06-12 13:44 - 00000000 ____D C:\Users\Classic .NET AppPool
2016-02-05 23:54 - 2014-11-22 14:27 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Dropbox
2016-02-05 23:54 - 2014-03-24 07:05 - 00000000 ____D C:\Users\Colleen
2016-02-05 23:54 - 2014-03-23 10:09 - 00000000 ____D C:\Users\catzrule\AppData\Local\Lenovo
2016-02-05 23:54 - 2013-06-11 22:14 - 00000000 ____D C:\Users\Sue\Downloads\support
2016-02-05 23:54 - 2013-06-11 22:11 - 00000000 ____D C:\Users\Sue\Downloads\sources
2016-02-05 23:54 - 2012-08-29 21:28 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-05 23:54 - 2012-08-15 18:45 - 00000000 ____D C:\Users\Sue\AppData\Local\Google
2016-02-05 23:54 - 2012-08-15 18:12 - 00000000 ____D C:\Users\Sue
2016-02-05 23:54 - 2012-08-08 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-02-05 23:54 - 2012-08-08 03:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-02-05 23:54 - 2011-12-08 15:42 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-05 23:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-05 23:53 - 2015-06-23 18:03 - 00000000 ____D C:\Users\Sue\AppData\Local\Dropbox
2016-02-05 23:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-02-05 23:51 - 2015-06-15 18:14 - 00000000 ____D C:\Users\Sue\Downloads\Citrix
2016-02-05 23:51 - 2014-07-08 22:58 - 00000000 ____D C:\Users\Sue\Downloads\apache-tomcat-7.0.54
2016-02-05 23:51 - 2014-07-08 21:24 - 00000000 ____D C:\Users\Sue\Downloads\apache-ant-1.9.4
2016-02-05 23:51 - 2014-06-20 18:38 - 00000000 ____D C:\Users\Sue\Downloads\Microsoft JDBC Driver 4.0 for SQL Server
2016-02-05 23:51 - 2014-06-19 22:49 - 00000000 ____D C:\Users\Sue\Downloads\glassfish4
2016-02-05 23:51 - 2014-06-01 11:14 - 00000000 ____D C:\Users\Sue\Downloads\Demo_and_Source_BinarySearchTree
2016-02-05 23:51 - 2013-06-11 22:11 - 00000000 ____D C:\Users\Sue\Downloads\efi
2016-02-05 23:51 - 2012-12-20 10:48 - 00000000 ____D C:\Users\Sue\Downloads\gist_voiceToText
2016-02-05 23:48 - 2014-09-22 19:32 - 00000000 __RHD C:\MSOCache
2016-02-05 23:48 - 2013-01-31 19:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-05 22:43 - 2012-11-21 16:35 - 00000000 ____D C:\Users\Sue\AppData\Local\CrashDumps
2016-02-05 22:23 - 2015-12-21 22:24 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Mozilla
2016-02-05 21:19 - 2009-07-13 23:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-05 21:19 - 2009-07-13 23:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-05 21:18 - 2012-08-08 03:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-05 21:14 - 2013-07-04 23:09 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job
2016-02-05 21:10 - 2014-05-13 13:59 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2016-02-05 21:10 - 2012-08-29 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-05 21:10 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-05 20:21 - 2012-08-15 18:22 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Nitro PDF
2016-02-05 18:26 - 2012-08-29 21:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-05 18:26 - 2012-08-29 21:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-05 18:26 - 2012-08-29 21:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-05 18:11 - 2012-08-08 03:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-05 18:09 - 2009-07-14 00:38 - 00067584 ____S C:\Windows\bootstat(23).dat
2016-02-05 17:58 - 2014-11-22 14:28 - 00000000 ___RD C:\Users\Sue\Dropbox
2016-02-05 17:55 - 2013-06-29 10:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job
2016-02-05 17:49 - 2013-06-29 10:11 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core
2016-02-05 17:49 - 2013-06-29 10:11 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job
2016-02-05 17:49 - 2012-08-08 03:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-05 17:49 - 2012-08-08 03:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 11:18 - 2014-03-23 10:11 - 00000000 ____D C:\Users\catzrule\AppData\Roaming\Nitro PDF
2016-01-25 11:20 - 2012-08-15 19:06 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-16 00:14 - 2013-07-04 23:09 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job
2016-01-15 20:56 - 2015-10-24 12:03 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-15 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-15 10:17 - 2009-07-13 23:45 - 00462424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-15 10:16 - 2015-08-15 02:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 10:16 - 2015-08-15 02:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 10:14 - 2014-12-12 03:18 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-15 10:14 - 2014-05-08 08:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 17:56 - 2015-07-05 22:27 - 00000000 ____D C:\Users\catzrule\Documents\Math
 
==================== Files in the root of some directories =======
 
2015-06-11 07:21 - 2015-06-11 07:21 - 0000020 _____ () C:\Users\Sue\AppData\Roaming\appdataFr3.bin
2013-01-20 14:21 - 2013-01-20 14:21 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some files in TEMP:
====================
C:\Users\catzrule\AppData\Local\Temp\Network Wizard.exe
C:\Users\Sue\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2bdjeq.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-03 09:52
 
==================== End of FRST.txt ============================
 

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Looks like the fix did what it was supposed to.  Are you able to run IE?  Is Chrome working?


  • 0

#5
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Thank you for your help so far.  No, IE and Chrome still do not work. I was able to install Firefox, and it has not been hijacked yet.

In December RKinner helped me remove malware on a different computer in this thread. I will try those steps next. 


  • 0

#6
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I ran the ADW Cleaner and the Junkware Removal Tool.  IE and Chrome still do not work.  Thanks for any help you can provide. Here are the results of my new FRST scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Sue (administrator) on BOOTS (13-02-2016 05:51:46)
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue & MSSQL$SQLEXPRESS (Available Profiles: Sue & catzrule & Colleen & MSSQL$SQLEXPRESS)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(华大智宝电子系统有限公司) C:\Windows\SysWOW64\HZ_CommSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [213416 2012-11-21] (SecureW2 B.V.)
HKLM-x32\...\Run: [CCBCertificate] => C:\Program Files (x86)\CCBComponents\DMWZ\CCBCertificate.exe
HKLM-x32\...\Run: [USBKeyTools.exe] => C:\Program Files (x86)\CCBComponents\HDZB\USBKeyTools.exe
HKLM-x32\...\Run: [wdcertm_ccb] => C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe [72224 2014-07-30] ( Beijing WatchData System Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Epson Stylus NX420(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Google Update] => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2014-05-19] (Apache Software Foundation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28920448 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Facebook Update] => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-04] (Facebook Inc.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sue\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\MountPoints2: {dfa986c6-e12e-11e1-8400-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [Lenovo.ShowBand] => C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [] => [X]
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [Lenovoautoqdrive] => C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-11-07]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{2EC2979D-7E49-476E-9BA1-92EE5BD758B6}: [DhcpNameServer] 202.99.96.68 202.99.104.68
Tcpip\..\Interfaces\{E4C916A7-9A0C-48F5-B7AF-F15C76502EA8}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7CKMB_enUS497
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7CKMB
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7CKMB
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\buhx8ial.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin-x32: @ccb.com.cn/CCBEnckey,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBEnckey.dll [No File]
FF Plugin-x32: @ccb.com.cn/CCBInfoScan,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBInfoScan.dll [No File]
FF Plugin-x32: @ccb.com.cn/CCBNetSignCom,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBNetSignCom.dll [No File]
FF Plugin-x32: @ccb.com.cn/dmwz-ccbdevidctrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npdmccbplugin.dll [No File]
FF Plugin-x32: @ccb.com.cn/dmwz-WriteCert,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npdmwritecert.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZB2gCertCtrl,version=2.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZB2gCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZB2gSNCtrl,version=2.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZB2gSNCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZBCertCtrl,version=1.0.0.8 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZBCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZBSNCtrl,version=1.0.0.8 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZBSNCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/npTDRImportCertCtrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npTDRImportCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/npTDRSNctrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npTDRSNctrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/WDImportCertCtrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npWDImportCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/wdkctrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npwdkctrl.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @freescreensharing/detector -> C:\Users\Sue\AppData\Local\FreeScreenSharing\npfreesee.dll [2014-06-05] (Free Screen Sharing)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Sue\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sue\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @talk.google.com/O1DPlugin -> C:\Users\Sue\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sue\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sue\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2016-02-05] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-05]
CHR Extension: (Google Docs) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05]
CHR Extension: (Google Drive) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-28]
CHR Extension: (Skype) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-28]
CHR Extension: (Google Hangouts) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-07] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 HZ_CommSrv; C:\Windows\SysWOW64\HZ_CommSrv.exe [18792 2013-05-14] (华大智宝电子系统有限公司)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS2; c:\Program Files (x86)\Microsoft SQL Server\mytest\MSSQL10.SQLEXPRESS2\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS2; c:\Program Files (x86)\Microsoft SQL Server\mytest\MSSQL10.SQLEXPRESS2\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S3 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [103936 2014-05-19] (Apache Software Foundation) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDMonitorCCB; C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe [137608 2014-07-30] ( Beijing WatchData System Co., Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40552 2013-06-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-13 05:49 - 2016-02-13 05:49 - 00004296 _____ C:\Users\Sue\Desktop\JRT.txt
2016-02-13 05:43 - 2016-02-13 05:40 - 01609032 _____ (Malwarebytes) C:\Users\Sue\Desktop\JRT.exe
2016-02-13 05:41 - 2016-02-13 05:41 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-13 05:41 - 2016-02-13 05:41 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-13 05:01 - 2016-02-13 05:22 - 00000000 ____D C:\AdwCleaner
2016-02-13 04:59 - 2016-02-13 04:57 - 01508352 _____ C:\Users\Sue\Desktop\AdwCleaner.exe
2016-02-12 21:30 - 2016-02-12 21:30 - 14243008 _____ (Microsoft Corporation) C:\Users\Sue\Downloads\mseinstall.exe
2016-02-12 21:24 - 2016-02-12 21:25 - 00462424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 21:23 - 2016-02-12 21:28 - 152175896 _____ (Microsoft Corporation) C:\Users\Sue\Downloads\msert.exe
2016-02-12 20:59 - 2016-02-12 20:59 - 00021074 _____ C:\Users\Sue\Desktop\Fixlog.txt
2016-02-06 00:05 - 2016-02-06 00:05 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-06 00:04 - 2016-02-06 00:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-05 22:35 - 2016-02-12 21:05 - 00057035 _____ C:\Users\Sue\Desktop\Addition.txt
2016-02-05 22:33 - 2016-02-13 05:52 - 00029002 _____ C:\Users\Sue\Desktop\FRST.txt
2016-02-05 22:31 - 2016-02-13 05:51 - 00000000 ____D C:\FRST
2016-02-05 22:31 - 2016-02-05 22:32 - 00028092 _____ C:\Users\Sue\Downloads\FRST.txt
2016-02-05 22:30 - 2016-02-05 22:30 - 02370560 _____ (Farbar) C:\Users\Sue\Desktop\FRST64.exe
2016-02-05 22:25 - 2016-02-05 22:25 - 00000000 ____D C:\Users\Sue\AppData\Local\Macromedia
2016-02-05 22:23 - 2016-02-05 22:30 - 00000000 ____D C:\Users\Sue\AppData\Local\Mozilla
2016-02-05 22:23 - 2016-02-05 22:23 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-05 22:23 - 2016-02-05 22:23 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-05 22:23 - 2016-02-05 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-05 22:23 - 2016-02-05 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-05 22:22 - 2016-02-05 22:19 - 43051376 _____ C:\Users\Sue\Downloads\Firefox-Setup-44-0_EN.exe
2016-02-05 22:02 - 2016-02-05 22:02 - 00000000 ____D C:\Users\Sue\AppData\Local\ElevatedDiagnostics
2016-02-05 21:43 - 2016-02-05 21:43 - 00000258 _____ C:\Users\Sue\Desktop\myreg.reg
2016-02-05 21:19 - 2016-02-05 21:19 - 00000000 ____D C:\Windows\pss
2016-02-02 10:40 - 2016-02-02 10:40 - 00000000 ____D C:\Users\catzrule\AppData\Local\Apple Computer
2016-01-15 20:43 - 2016-01-15 20:43 - 01539452 _____ C:\Users\Sue\Downloads\hw_13.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-13 05:43 - 2012-09-10 20:34 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Skype
2016-02-13 05:41 - 2014-04-10 22:12 - 00000000 ____D C:\Users\Sue\AppData\Local\Akamai
2016-02-13 05:41 - 2012-08-15 18:22 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Nitro PDF
2016-02-13 05:38 - 2012-08-08 03:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-13 05:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-13 04:34 - 2012-11-21 16:35 - 00000000 ____D C:\Users\Sue\AppData\Local\CrashDumps
2016-02-12 21:41 - 2014-03-23 10:07 - 00000000 ____D C:\Users\catzrule
2016-02-12 20:59 - 2015-07-31 14:06 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-02-05 23:55 - 2012-10-23 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-05 23:54 - 2015-08-15 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-05 23:54 - 2015-06-12 13:44 - 00000000 ____D C:\Users\Classic .NET AppPool
2016-02-05 23:54 - 2014-11-22 14:27 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Dropbox
2016-02-05 23:54 - 2014-03-24 07:05 - 00000000 ____D C:\Users\Colleen
2016-02-05 23:54 - 2014-03-23 10:09 - 00000000 ____D C:\Users\catzrule\AppData\Local\Lenovo
2016-02-05 23:54 - 2013-06-11 22:14 - 00000000 ____D C:\Users\Sue\Downloads\support
2016-02-05 23:54 - 2013-06-11 22:11 - 00000000 ____D C:\Users\Sue\Downloads\sources
2016-02-05 23:54 - 2012-08-29 21:28 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-05 23:54 - 2012-08-15 18:45 - 00000000 ____D C:\Users\Sue\AppData\Local\Google
2016-02-05 23:54 - 2012-08-15 18:12 - 00000000 ____D C:\Users\Sue
2016-02-05 23:54 - 2012-08-08 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-02-05 23:54 - 2012-08-08 03:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-02-05 23:54 - 2011-12-08 15:42 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-05 23:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-05 23:53 - 2015-06-23 18:03 - 00000000 ____D C:\Users\Sue\AppData\Local\Dropbox
2016-02-05 23:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-02-05 23:51 - 2015-06-15 18:14 - 00000000 ____D C:\Users\Sue\Downloads\Citrix
2016-02-05 23:51 - 2014-07-08 22:58 - 00000000 ____D C:\Users\Sue\Downloads\apache-tomcat-7.0.54
2016-02-05 23:51 - 2014-07-08 21:24 - 00000000 ____D C:\Users\Sue\Downloads\apache-ant-1.9.4
2016-02-05 23:51 - 2014-06-20 18:38 - 00000000 ____D C:\Users\Sue\Downloads\Microsoft JDBC Driver 4.0 for SQL Server
2016-02-05 23:51 - 2014-06-19 22:49 - 00000000 ____D C:\Users\Sue\Downloads\glassfish4
2016-02-05 23:51 - 2014-06-01 11:14 - 00000000 ____D C:\Users\Sue\Downloads\Demo_and_Source_BinarySearchTree
2016-02-05 23:51 - 2013-06-11 22:11 - 00000000 ____D C:\Users\Sue\Downloads\efi
2016-02-05 23:51 - 2012-12-20 10:48 - 00000000 ____D C:\Users\Sue\Downloads\gist_voiceToText
2016-02-05 23:48 - 2014-09-22 19:32 - 00000000 __RHD C:\MSOCache
2016-02-05 23:48 - 2013-01-31 19:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-05 22:23 - 2015-12-21 22:24 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Mozilla
2016-02-05 21:14 - 2013-07-04 23:09 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job
2016-02-05 21:10 - 2014-05-13 13:59 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2016-02-05 21:10 - 2012-08-29 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-05 18:26 - 2012-08-29 21:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-05 18:26 - 2012-08-29 21:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-05 18:26 - 2012-08-29 21:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-05 18:11 - 2012-08-08 03:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-05 18:09 - 2009-07-14 00:38 - 00067584 ____S C:\Windows\bootstat(23).dat
2016-02-05 17:58 - 2014-11-22 14:28 - 00000000 ___RD C:\Users\Sue\Dropbox
2016-02-05 17:55 - 2013-06-29 10:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job
2016-02-05 17:49 - 2013-06-29 10:11 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core
2016-02-05 17:49 - 2013-06-29 10:11 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job
2016-02-05 17:49 - 2012-08-08 03:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-05 17:49 - 2012-08-08 03:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 11:18 - 2014-03-23 10:11 - 00000000 ____D C:\Users\catzrule\AppData\Roaming\Nitro PDF
2016-01-25 11:20 - 2012-08-15 19:06 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-16 00:14 - 2013-07-04 23:09 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job
2016-01-15 20:56 - 2015-10-24 12:03 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-15 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-15 10:16 - 2015-08-15 02:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 10:16 - 2015-08-15 02:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 10:14 - 2014-12-12 03:18 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-15 10:14 - 2014-05-08 08:38 - 00000000 ___SD C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2013-01-20 14:21 - 2013-01-20 14:21 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\catzrule\AppData\Local\Temp\Network Wizard.exe
C:\Users\Sue\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2bdjeq.dll
C:\Users\Sue\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-03 09:52

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Sue (2016-02-13 05:53:19)
Running from C:\Users\Sue\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-08-16 12:11:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3253851711-2362259233-3746204868-500 - Administrator - Disabled)
catzrule (S-1-5-21-3253851711-2362259233-3746204868-1008 - Limited - Enabled) => C:\Users\catzrule
Colleen (S-1-5-21-3253851711-2362259233-3746204868-1009 - Limited - Enabled) => C:\Users\Colleen
Guest (S-1-5-21-3253851711-2362259233-3746204868-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3253851711-2362259233-3746204868-1002 - Limited - Enabled)
Sue (S-1-5-21-3253851711-2362259233-3746204868-1000 - Administrator - Enabled) => C:\Users\Sue

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assessments on Client (x32 Version: 8.100.9431 - Microsoft) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCB "E Safety" Internet Banking security components  1.0.8.7 (HKLM-x32\...\CCB "E Safety" Internet Banking security components Setup) (Version: 1.0.8.7 - China Construction Bank)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.6.0 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0 - FileZilla Project)
FreeScreenSharing (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\FreeScreenSharing) (Version: 0.58.75.0 - Free Conferencing Corporation)
GitHub (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\5f7eb300e2ea4ebf) (Version: 2.13.2.4 - GitHub, Inc.)
GlassFish Server Open Source Edition 4.0 (HKLM\...\nbi-glassfish-mod-4.0.0.89.0) (Version:  - )
Google Chrome (HKLM-x32\...\{A29ED7D5-3D50-35AC-A6B7-1C5F735D926D}) (Version: 47.0.2526.111 - Google, Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kits Configuration Installer (x32 Version: 8.100.9431 - Microsoft) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM-x32\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Web - ENU (HKLM-x32\...\{4bd1cdab-bf82-42c1-af37-e4918141913f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Web Publish - Visual Web Developer Express 2010 (HKLM-x32\...\{A6A4CD8C-B9E2-443E-82F2-1313AD3C9A16}) (Version: 1.0.30810.0 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Screen Recorder Launcher (HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\ScreenRecorderLauncher) (Version: 1.7 - )
SecureW2 Enterprise Client 3.5.9 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
Toolkit Documentation (x32 Version: 8.100.9431 - Microsoft) Hidden
UnzipLite 0.2 (HKLM-x32\...\UnzipLite) (Version: 0.2 - Amnis Technology Ltd)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU (HKLM-x32\...\{D25C502E-FF51-424C-8C38-8596FE47D0CD}) (Version: 4.0.8482.1 - Microsoft Corporation)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Assessment and Deployment Kit for Windows 8.1 Preview (HKLM-x32\...\{e83a4859-7373-4aab-8dbe-dafccac24fe0}) (Version: 8.100.9431 - Microsoft Corporation)
Windows Azure Authoring Tools - June 2012 Release (HKLM\...\{646A1C52-6194-4992-8D21-8D9E42AE820A}) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Emulator - June 2012 Release (HKLM\...\Windows Azure Emulator - June 2012 Release) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Libraries for .NET 1.7 – June 2012 (HKLM\...\{AED07B87-975F-4F60-B7C9-38B8596C6531}) (Version: 1.7 - Microsoft Corporation)
Windows Azure PowerShell - August 2012 (HKLM-x32\...\{4D5B43AD-5AF4-4AF4-B90E-C90AC951A486}) (Version: 0.6.2 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2010 - June 2012 SP1 (HKLM-x32\...\{3dcba276-d593-49cc-9141-08b8a339c984}) (Version: 1.7.50716.1601 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2012 - June 2012 SP1 (HKLM-x32\...\{540cc2f4-4f11-47be-8ebb-e665ed4e9d01}) (Version: 1.7.50716.1601 - Microsoft Corporation)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.100.9431 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.9431 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DB31F7A-D1EA-4158-9383-E994AAAAF762} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {1E32D6BA-1999-42DF-8E74-60D04D671799} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2012-11-21] (SecureW2 B.V.)
Task: {2511E3B7-BFB1-4AEE-82AA-3B0BC02C4D61} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {343471F6-E885-4CF3-8FDF-5190021EECDB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {3BAE8D6C-3273-417E-BFBD-48B71D55148C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {461EF6B0-130A-4F5F-802A-A97EC32A6BB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4B6509D1-45D6-44C5-A7AB-A1369455294C} - System32\Tasks\{91A02A83-63A3-42F6-8901-38AA6208A58D} => pcalua.exe -a C:\glassfish4\uninstall.exe -d C:\glassfish4 -c "c:\java\jdk1.8.0_05"
Task: {527D1848-D309-46AF-923F-6B7D44D7C00F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {547DAF72-079E-4E5B-906A-2A001D396435} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {56ED5604-CAAD-4704-AB60-A16530CAC576} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6C0DFE9D-C308-4FF3-A146-C91BC94E29E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6C6C79AE-CB00-4A46-A39D-F1B45A024B92} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {6D2D5BA6-45E9-425B-B887-C2C880F5D610} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {76B62AFF-2A50-41FD-8958-E240360C6D6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {78D2E44C-0342-4898-99A8-83FB31508A72} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {7C693D95-BE5E-4DE3-B93E-2348AA206608} - System32\Tasks\{220D48E6-8D41-4273-831B-6D1D1F425703} => pcalua.exe -a "c:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" -c /X86
Task: {8EEA55BA-1578-42C0-876A-32C04D78F597} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {92D1C0A3-5708-4FD9-BCB5-53F5103BF577} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {96D94120-15B8-4115-8D86-AFABC2A409E2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {A406C534-2B02-4441-A6FF-9325BA9365C3} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Boots.Sue => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {A701A4CA-64F1-4D9C-B931-A2B3EB88D1D3} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Boots.catzrule => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {B4F5273E-F368-448A-B26F-D96B2F06E669} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {D27583F5-32D9-415C-BE6D-D6E4B5F0EB9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-05] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E2A78890-941D-4BCE-B171-2E318B2BD8D0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {E84DBFC8-B20C-420E-8189-26645DD4933C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {F498DF6C-D156-43F7-A481-51BC42E3065A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-21 03:53 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-28 10:07 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-08-08 03:10 - 2012-05-15 16:32 - 00093696 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2012-05-24 01:04 - 2012-05-24 01:04 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2012-08-08 03:16 - 2012-01-17 01:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-08-08 03:11 - 2011-08-02 06:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-08-08 03:11 - 2011-08-02 06:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2012-08-08 03:05 - 2012-02-20 22:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\customercouncil.net -> customercouncil.net
IE restricted site: HKU\.DEFAULT\...\pycic.com -> pycic.com
IE trusted site: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\ccb.cn -> hxxps://b2b.ccb.cn
IE trusted site: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\ccb.com -> hxxps://*.ccb.com
IE trusted site: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\ccb.com.cn -> hxxps://*.ccb.com.cn

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-11-15 11:42 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{35BEF5D6-05D4-49DA-94F7-8C1C9C4DA2B4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DC05AE51-40B3-4E14-8E91-EEDA4D2269EA}] => (Allow) LPort=2869
FirewallRules: [{5FB12950-EF25-4663-B202-0C642C9041B4}] => (Allow) LPort=1900
FirewallRules: [{523CE888-5B5D-4744-A7D1-9D511E122591}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CF66590A-0194-49BB-A2F4-9AD68F879C4C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{ACF3293F-F80F-473B-BE39-EEF313EA8766}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7051FC77-ADD2-466C-921A-E15534AEDF4D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{022727FF-DED2-4210-809A-246DDEF34872}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{888FA3B4-E4BA-4559-ADCD-CDF84A315D8B}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{C9CD562B-15CC-47E2-A658-CF3D18C06A81}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{9FCBBFF0-13B1-4BFA-85C5-9F7DAFA5B49D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{DA22C75F-A92B-4FDE-B6FD-25A8616FBEC6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{EA3109C3-822D-4586-BECA-5FDEED42DFCF}] => (Allow) C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgent.exe
FirewallRules: [TCP Query User{457E6A94-57F3-4CDF-B5B5-B93FC778318D}C:\users\sue\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sue\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1521C271-D839-486F-8136-0204EA612ADE}C:\users\sue\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sue\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4B381672-F399-4702-BE8D-B8BCF15697B1}C:\users\sue\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sue\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4F709366-E6C2-4DBA-9AC4-AA346E8A2C3A}C:\users\sue\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sue\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B450B17-AD8D-4C93-9CA7-BEDEBEA9BB60}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{78ECDB9E-9D69-435F-ABD6-A26C1FA7DEFB}C:\users\sue\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sue\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FC5E8C34-F698-460A-AB71-E54ACDD5B1A7}C:\users\sue\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sue\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4239EF37-8208-4EB9-821F-D9A2A0DF4003}C:\users\sue\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\sue\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{97DEF525-526D-46F2-9268-D6DF62025170}C:\users\sue\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\sue\appdata\local\akamai\netsession_win.exe
FirewallRules: [{34A69B2F-AF76-40A2-A9F8-EBF62A543E9F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{FB0C2985-4F2B-4744-9758-6C068B24695B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [TCP Query User{DEFCED8F-7ECA-4F05-AD8D-850C5C1F9CC5}C:\java\jdk1.8.0_05\jre\bin\javaw.exe] => (Allow) C:\java\jdk1.8.0_05\jre\bin\javaw.exe
FirewallRules: [UDP Query User{66E30672-206D-41D4-A4A4-E75D4AC768C8}C:\java\jdk1.8.0_05\jre\bin\javaw.exe] => (Allow) C:\java\jdk1.8.0_05\jre\bin\javaw.exe
FirewallRules: [TCP Query User{D7945155-C2BA-4119-A01D-0DEFA0198FB2}C:\java\jdk1.8.0_05\bin\java.exe] => (Allow) C:\java\jdk1.8.0_05\bin\java.exe
FirewallRules: [UDP Query User{D8DEC1DF-BABC-4D4E-9882-F467354E4213}C:\java\jdk1.8.0_05\bin\java.exe] => (Allow) C:\java\jdk1.8.0_05\bin\java.exe
FirewallRules: [TCP Query User{69820824-985D-4EE1-B353-7A4F8724708D}C:\java\jdk1.8.0_05\bin\javaw.exe] => (Allow) C:\java\jdk1.8.0_05\bin\javaw.exe
FirewallRules: [UDP Query User{31BEF3BD-9D9A-422C-B202-7AF2DE21BAFC}C:\java\jdk1.8.0_05\bin\javaw.exe] => (Allow) C:\java\jdk1.8.0_05\bin\javaw.exe
FirewallRules: [TCP Query User{8483E638-5BFF-484D-88A8-59295AB2ECAA}C:\users\sue\appdata\local\freescreensharing\freescreensharing.exe] => (Allow) C:\users\sue\appdata\local\freescreensharing\freescreensharing.exe
FirewallRules: [UDP Query User{E1729DBF-5C02-4D6E-A267-C15DD939A93E}C:\users\sue\appdata\local\freescreensharing\freescreensharing.exe] => (Allow) C:\users\sue\appdata\local\freescreensharing\freescreensharing.exe
FirewallRules: [{F01F980F-2248-49D8-9822-13A140E39F46}] => (Allow) C:\Users\Sue\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{F432BAAD-BEB3-411C-9812-3C2FCAB7F4B6}] => (Allow) C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{852662E6-AF69-40AA-A3EA-486F439BD878}] => (Allow) C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A3CAAEB7-342E-43A6-B6F1-988DA7A570A2}C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0F4B50D6-965E-4DAA-B554-D86784BB1E3A}C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sue\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{38AA8D4B-8F72-4ABA-9C0B-1A215A49CF8F}C:\users\catzrule\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\catzrule\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{4CEA47F9-5316-46DB-8C0F-32F569327D2D}C:\users\catzrule\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\catzrule\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{95CD2D42-7CAD-4E40-BBF3-30F16D1651E6}C:\users\catzrule\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\catzrule\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8C9E526D-0538-4DA8-9C11-943D016A4A38}C:\users\catzrule\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\catzrule\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{011BD9A9-B85D-4DE3-A237-EF67EB350724}C:\program files (x86)\windows live\photo gallery\wlxphotogallery.exe] => (Allow) C:\program files (x86)\windows live\photo gallery\wlxphotogallery.exe
FirewallRules: [UDP Query User{EA66BC49-65BD-48EE-AE45-8B434C75DFC3}C:\program files (x86)\windows live\photo gallery\wlxphotogallery.exe] => (Allow) C:\program files (x86)\windows live\photo gallery\wlxphotogallery.exe
FirewallRules: [{2E0A1AC4-E4B7-4EC1-A145-CF526CF6F3CD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9BD7A3D5-231D-4372-8D4D-8E681D5F1E06}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6F104BFE-866C-485A-A677-1421B983C190}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BB8A6C75-1053-4A96-B9FF-1AA3FA456B6D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E8662F47-1633-4BDF-81C7-35B0967B3886}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{DD64E619-BCB3-4783-8CAE-F8F8042D7B57}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{28FC0172-8A3A-411E-AD04-E740FDC900C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{93C12842-6900-4A3A-80FF-5029D02228C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0322D7CA-4700-4462-B8FF-45AFD9434792}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

27-01-2016 10:48:50 Windows Update
28-01-2016 09:48:47 Windows Update
29-01-2016 10:26:35 Windows Update
30-01-2016 16:37:09 Windows Update
01-02-2016 09:02:01 Windows Update
01-02-2016 16:42:41 Windows Update
02-02-2016 10:50:22 Windows Update
02-02-2016 11:13:21 Windows Update
03-02-2016 09:52:42 Windows Update
03-02-2016 20:01:17 Removed Google Chrome
03-02-2016 20:18:09 Chrome Cleanup Tool
05-02-2016 16:11:15 Windows Update
05-02-2016 17:25:41 Restore Operation
05-02-2016 17:50:21 Windows Update
05-02-2016 18:27:52 Windows Update
05-02-2016 20:25:18 Windows Update
13-02-2016 05:44:47 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2016 05:40:06 AM) (Source: MsiInstaller) (EventID: 10005) (User: Boots)
Description: Product: Akamai NetSession Interface -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2761. The arguments are: , ,

Error: (02/13/2016 05:39:44 AM) (Source: MsiInstaller) (EventID: 1041) (User: Boots)
Description: Failed to begin a Windows Installer transaction C:\Windows\TEMP\Low\SkypeClickToCall\Download\SkypeToolbars.msi. Error 1618 occurred while beginning the transaction.

Error: (02/13/2016 05:39:24 AM) (Source: MSSQL$SQLEXPRESS2) (EventID: 17120) (User: )
Description: SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

Error: (02/13/2016 05:39:24 AM) (Source: MSSQL$SQLEXPRESS2) (EventID: 17826) (User: )
Description: Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.

Error: (02/13/2016 05:39:24 AM) (Source: MSSQL$SQLEXPRESS2) (EventID: 17182) (User: )
Description: TDSSNIClient initialization failed with error 0x2740, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Only one usage of each socket address (protocol/network address/port) is normally permitted.

Error: (02/13/2016 05:39:24 AM) (Source: MSSQL$SQLEXPRESS2) (EventID: 17182) (User: )
Description: TDSSNIClient initialization failed with error 0x2740, status code 0xa. Reason: Unable to initialize the TCP/IP listener. Only one usage of each socket address (protocol/network address/port) is normally permitted.

Error: (02/13/2016 05:39:24 AM) (Source: MSSQL$SQLEXPRESS2) (EventID: 26023) (User: )
Description: Server TCP provider failed to listen on [ 'any' <ipv6> 1433]. Tcp port is already in use.

Error: (02/13/2016 05:39:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2016 05:38:48 AM) (Source: MSSQL$SQLEXPRESS2) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS2\Performance'. SQL Server performance counters are disabled.

Error: (02/13/2016 05:38:29 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled.


System errors:
=============
Error: (02/13/2016 05:39:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (SQLEXPRESS2) service terminated with service-specific error %%10048.

Error: (02/13/2016 05:38:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/13/2016 05:37:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/13/2016 05:36:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/13/2016 05:34:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/13/2016 05:34:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/13/2016 05:34:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/13/2016 05:34:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/13/2016 05:34:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/13/2016 05:34:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
  Date: 2015-12-24 11:45:45.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 11:45:32.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 11:45:28.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 11:45:28.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 11:45:25.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:33.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:15.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:13.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:12.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-07 13:55:11.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 49%
Total physical RAM: 3819.11 MB
Available physical RAM: 1938 MB
Total Virtual: 7636.42 MB
Available Virtual: 5665.62 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:282.95 GB) (Free:114.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9BC55669)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
 
Copy the next line:
 
"C:\Program Files\Internet Explorer\iexplore" -extoff
 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter.  Does IE open?  This tries to open IE with all extensions turned off.
 
If this fails, Start, Control Panel. Internet Options, Advanced, then Hit the Reset button at the bottom.  This resets IE to a pristine state where it might start working again.
 
 
 
Are you still using this:
 
CCB "E Safety" Internet Banking security components  1.0.8.7 (HKLM-x32\...\CCB "E Safety" Internet Banking security components Setup) (Version: 1.0.8.7 - China Construction Bank)
 
If not uninstall it.
 
 
Go to http://eset.com/onlinescan and click on ESET online Scanner.  (I think for FF you need to accept an extension then restart FF)  Accept the terms  then press Start (If you get a warning from your browser tell it you want to run it).  This will take several hours to run.
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 
 
 

  • 0

#8
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Here is the ESET log:

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e8c2efc08448964eb1fd58c512786e5d
# end=init
# utc_time=2016-02-13 01:27:44
# local_time=2016-02-13 08:27:44 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 28114
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e8c2efc08448964eb1fd58c512786e5d
# end=updated
# utc_time=2016-02-13 01:29:45
# local_time=2016-02-13 08:29:45 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e8c2efc08448964eb1fd58c512786e5d
# engine=28114
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-02-13 05:11:56
# local_time=2016-02-13 12:11:56 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# scanned=358120
# found=17
# cleaned=16
# scan_time=13329
sh=2CC417DE8663F74EA39CA8B9D0434CA3B5FD5BE5 ft=1 fh=c71c001164321b29 vn="a variant of Win32/Adware.MultiPlug.NA application" ac=I fn="C:\Users\All Users\374311380\BIT6E70.tmp"
sh=B492E083AFD5954BD93E99E9E7A93C08F73F170D ft=1 fh=626de6f7ffde9f00 vn="Win32/Adware.Mongoose application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$R24KLC7.tmp"
sh=2B765BCFE36ADC73C176510B839F33445B0DB175 ft=1 fh=75ea1c5b4e263591 vn="multiple threats (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RD5068L.crdownload"
sh=42D5E704A06B94C3F60A6882BEB220EE255044A8 ft=1 fh=bf4942332fd38505 vn="a variant of Win32/Kuping.J potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RGJIJD3.exe"
sh=42D5E704A06B94C3F60A6882BEB220EE255044A8 ft=1 fh=bf4942332fd38505 vn="a variant of Win32/Kuping.J potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RIH7OJY.exe"
sh=47AFBB6BF8ADFBC1BCB3ECBCC2AAAB374B16B752 ft=1 fh=30f427f041cc1a0c vn="multiple threats (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RIXRQ25.exe"
sh=EDC0EECE57E514D3900A40E325883BBA759CDD9A ft=1 fh=63c43f592182049c vn="a variant of Win32/GuaGua.A potentially unwanted application (deleted)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RU55S45.exe"
sh=7AE7EC4F927D511FE361C70AB7200C3429415852 ft=1 fh=f8489d57fd54e17b vn="a variant of Win32/Adware.SpeedingUpMyPC.AP application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RE1WG83\7940.ftf"
sh=1094A2E262E2D3F4C170F3EB302BC5D4D6177224 ft=1 fh=4845552893365ff3 vn="multiple threats (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RIE2697\44338.ftf"
sh=2CC417DE8663F74EA39CA8B9D0434CA3B5FD5BE5 ft=1 fh=c71c001164321b29 vn="a variant of Win32/Adware.MultiPlug.NA application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LighterInit\LighterInit.dll.vir"
sh=7AE7EC4F927D511FE361C70AB7200C3429415852 ft=1 fh=f8489d57fd54e17b vn="a variant of Win32/Adware.SpeedingUpMyPC.AP application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\{1ce4ed23-c532-1f4d-1ce4-4ed23c53b48f}\hqghumeaylnlf.exe.vir"
sh=E5EDC3121FA9850504C8521BA248E284ABF152AC ft=1 fh=15d281a4befb9e56 vn="a variant of Win32/DealPly.AP potentially unwanted application (cleaned by deleting)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\{3F7AD7B9-6FF8-063F-DE7E-76BD0EFCA533}\1.9.2.1\neme.dll.vir"
sh=86A21B2368745417E5704117E0F1039710B07E92 ft=1 fh=91f19890c225434e vn="a variant of Win32/ExtenBro.CB trojan (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Google\Chrome\Application\chrome.dll"
sh=2CC417DE8663F74EA39CA8B9D0434CA3B5FD5BE5 ft=1 fh=c71c001164321b29 vn="a variant of Win32/Adware.MultiPlug.NA application (cleaned by deleting)" ac=C fn="C:\ProgramData\374311380\BIT6E70.tmp"
sh=FB422262B65F189F55F25A93C0B626B252861FCB ft=1 fh=22206be2fcac636d vn="a variant of Win32/AdWare.iBryte.AA application (cleaned by deleting)" ac=C fn="C:\Users\Sue\Downloads\Player-Chrome (1).exe"
sh=2BCEF27FFA470EA728147987B138E6B13F02EE6A ft=1 fh=f7b2b6ba62bb39cc vn="a variant of Win32/AdWare.iBryte.AA application (cleaned by deleting)" ac=C fn="C:\Users\Sue\Downloads\Player-Chrome.exe"
sh=0B0A70984997D5C2DA2664467EAFA5450B6C2203 ft=1 fh=85d2f6305c42c15f vn="a variant of Win32/InstallIQ potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Sue\Downloads\unziplite_d1178550.exe"
 

and here is the list of threats (maybe a duplicate of the log):

C:\Users\All Users\374311380\BIT6E70.tmp    a variant of Win32/Adware.MultiPlug.NA application    
C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$R24KLC7.tmp    Win32/Adware.Mongoose application    cleaned by deleting
C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RD5068L.crdownload    multiple threats    cleaned by deleting
C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RGJIJD3.exe    a variant of Win32/Kuping.J potentially unwanted application    cleaned by deleting
C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RIH7OJY.exe    a variant of Win32/Kuping.J potentially unwanted application    cleaned by deleting
C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RIXRQ25.exe    multiple threats    cleaned by deleting
C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RU55S45.exe    a variant of Win32/GuaGua.A potentially unwanted application    deleted
C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RE1WG83\7940.ftf    a variant of Win32/Adware.SpeedingUpMyPC.AP application    cleaned by deleting
C:\$Recycle.Bin\S-1-5-21-3253851711-2362259233-3746204868-1000\$RIE2697\44338.ftf    multiple threats    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LighterInit\LighterInit.dll.vir    a variant of Win32/Adware.MultiPlug.NA application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\{1ce4ed23-c532-1f4d-1ce4-4ed23c53b48f}\hqghumeaylnlf.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AP application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\{3F7AD7B9-6FF8-063F-DE7E-76BD0EFCA533}\1.9.2.1\neme.dll.vir    a variant of Win32/DealPly.AP potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Google\Chrome\Application\chrome.dll    a variant of Win32/ExtenBro.CB trojan    cleaned by deleting
C:\ProgramData\374311380\BIT6E70.tmp    a variant of Win32/Adware.MultiPlug.NA application    cleaned by deleting
C:\Users\Sue\Downloads\Player-Chrome (1).exe    a variant of Win32/AdWare.iBryte.AA application    cleaned by deleting
C:\Users\Sue\Downloads\Player-Chrome.exe    a variant of Win32/AdWare.iBryte.AA application    cleaned by deleting
C:\Users\Sue\Downloads\unziplite_d1178550.exe    a variant of Win32/InstallIQ potentially unwanted application    cleaned by deleting
 


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Any improvement?


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Also it doesn't appear to have done anything about:

 

C:\Users\All Users\374311380\BIT6E70.tmp

 

Is it still there?  For that matter the whole folder is suspicious.  What else is in it?


  • 0

Advertisements


#11
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Definitely some progress... Google Chrome appears to be working.  When I click the start button and select Internet Explorer, Google Chrome starts up instead.  (Some might say this is an improvement in itself.) If I type "iexplore.exe" into the start menu, then IE comes up ok.  Also strange: I get the message that "this copy of Windows is not legitimate" (or something like that). 

After a reboot, here is the new FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Sue (administrator) on BOOTS (13-02-2016 12:34:00)
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue & MSSQL$SQLEXPRESS (Available Profiles: Sue & catzrule & Colleen & MSSQL$SQLEXPRESS)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(????????????) C:\Windows\SysWOW64\HZ_CommSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGCA.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Facebook Inc.) C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Akamai Technologies, Inc.) C:\Users\Sue\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Akamai Technologies, Inc.) C:\Users\Sue\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [213416 2012-11-21] (SecureW2 B.V.)
HKLM-x32\...\Run: [CCBCertificate] => C:\Program Files (x86)\CCBComponents\DMWZ\CCBCertificate.exe
HKLM-x32\...\Run: [USBKeyTools.exe] => C:\Program Files (x86)\CCBComponents\HDZB\USBKeyTools.exe
HKLM-x32\...\Run: [wdcertm_ccb] => C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe [72224 2014-07-30] ( Beijing WatchData System Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Epson Stylus NX420(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Google Update] => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2014-05-19] (Apache Software Foundation)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28920448 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Facebook Update] => C:\Users\Sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-04] (Facebook Inc.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sue\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\...\MountPoints2: {dfa986c6-e12e-11e1-8400-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [Lenovo.ShowBand] => C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [] => [X]
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [Lenovoautoqdrive] => C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-11-07]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{2EC2979D-7E49-476E-9BA1-92EE5BD758B6}: [DhcpNameServer] 202.99.96.68 202.99.104.68
Tcpip\..\Interfaces\{E4C916A7-9A0C-48F5-B7AF-F15C76502EA8}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3253851711-2362259233-3746204868-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3253851711-2362259233-3746204868-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7CKMB_enUS497
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7CKMB
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7CKMB
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\buhx8ial.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-13] ()
FF Plugin-x32: @ccb.com.cn/CCBEnckey,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBEnckey.dll [No File]
FF Plugin-x32: @ccb.com.cn/CCBInfoScan,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBInfoScan.dll [No File]
FF Plugin-x32: @ccb.com.cn/CCBNetSignCom,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBNetSignCom.dll [No File]
FF Plugin-x32: @ccb.com.cn/dmwz-ccbdevidctrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npdmccbplugin.dll [No File]
FF Plugin-x32: @ccb.com.cn/dmwz-WriteCert,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npdmwritecert.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZB2gCertCtrl,version=2.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZB2gCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZB2gSNCtrl,version=2.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZB2gSNCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZBCertCtrl,version=1.0.0.8 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZBCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/HDZBSNCtrl,version=1.0.0.8 -> C:\Program Files (x86)\CCBComponents\Plugins\npHDZBSNCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/npTDRImportCertCtrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npTDRImportCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/npTDRSNctrl,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npTDRSNctrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/WDImportCertCtrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npWDImportCertCtrl.dll [No File]
FF Plugin-x32: @ccb.com.cn/wdkctrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npwdkctrl.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @freescreensharing/detector -> C:\Users\Sue\AppData\Local\FreeScreenSharing\npfreesee.dll [2014-06-05] (Free Screen Sharing)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Sue\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sue\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @talk.google.com/O1DPlugin -> C:\Users\Sue\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3253851711-2362259233-3746204868-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sue\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sue\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sue\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2016-02-05] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-05]
CHR Extension: (Google Docs) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05]
CHR Extension: (Google Drive) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-28]
CHR Extension: (Skype) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-28]
CHR Extension: (Google Hangouts) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-07] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 HZ_CommSrv; C:\Windows\SysWOW64\HZ_CommSrv.exe [18792 2013-05-14] (????????????)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS2; c:\Program Files (x86)\Microsoft SQL Server\mytest\MSSQL10.SQLEXPRESS2\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS2; c:\Program Files (x86)\Microsoft SQL Server\mytest\MSSQL10.SQLEXPRESS2\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S3 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [103936 2014-05-19] (Apache Software Foundation) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDMonitorCCB; C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe [137608 2014-07-30] ( Beijing WatchData System Co., Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40552 2013-06-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-13 12:21 - 2016-02-13 12:21 - 00004586 _____ C:\Users\Sue\Desktop\eset-found-threats.txt
2016-02-13 08:27 - 2016-02-13 08:27 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-13 08:25 - 2016-02-13 08:26 - 02870984 _____ (ESET) C:\Users\Sue\Downloads\esetsmartinstaller_enu.exe
2016-02-13 06:07 - 2016-02-13 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-13 05:49 - 2016-02-13 05:49 - 00004296 _____ C:\Users\Sue\Desktop\JRT.txt
2016-02-13 05:43 - 2016-02-13 05:40 - 01609032 _____ (Malwarebytes) C:\Users\Sue\Desktop\JRT.exe
2016-02-13 05:41 - 2016-02-13 12:27 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-13 05:41 - 2016-02-13 12:27 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-13 05:01 - 2016-02-13 05:22 - 00000000 ____D C:\AdwCleaner
2016-02-13 04:59 - 2016-02-13 04:57 - 01508352 _____ C:\Users\Sue\Desktop\AdwCleaner.exe
2016-02-12 21:30 - 2016-02-12 21:30 - 14243008 _____ (Microsoft Corporation) C:\Users\Sue\Downloads\mseinstall.exe
2016-02-12 21:24 - 2016-02-12 21:25 - 00462424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 21:23 - 2016-02-12 21:28 - 152175896 _____ (Microsoft Corporation) C:\Users\Sue\Downloads\msert.exe
2016-02-12 20:59 - 2016-02-12 20:59 - 00021074 _____ C:\Users\Sue\Desktop\Fixlog.txt
2016-02-06 00:05 - 2016-02-06 00:05 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-06 00:04 - 2016-02-06 00:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-05 22:35 - 2016-02-13 05:54 - 00055129 _____ C:\Users\Sue\Desktop\Addition.txt
2016-02-05 22:33 - 2016-02-13 12:34 - 00031562 _____ C:\Users\Sue\Desktop\FRST.txt
2016-02-05 22:31 - 2016-02-13 12:34 - 00000000 ____D C:\FRST
2016-02-05 22:31 - 2016-02-05 22:32 - 00028092 _____ C:\Users\Sue\Downloads\FRST.txt
2016-02-05 22:30 - 2016-02-05 22:30 - 02370560 _____ (Farbar) C:\Users\Sue\Desktop\FRST64.exe
2016-02-05 22:25 - 2016-02-05 22:25 - 00000000 ____D C:\Users\Sue\AppData\Local\Macromedia
2016-02-05 22:23 - 2016-02-13 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-05 22:23 - 2016-02-05 22:30 - 00000000 ____D C:\Users\Sue\AppData\Local\Mozilla
2016-02-05 22:23 - 2016-02-05 22:23 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-05 22:23 - 2016-02-05 22:23 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-05 22:22 - 2016-02-05 22:19 - 43051376 _____ C:\Users\Sue\Downloads\Firefox-Setup-44-0_EN.exe
2016-02-05 22:02 - 2016-02-05 22:02 - 00000000 ____D C:\Users\Sue\AppData\Local\ElevatedDiagnostics
2016-02-05 21:43 - 2016-02-05 21:43 - 00000258 _____ C:\Users\Sue\Desktop\myreg.reg
2016-02-05 21:19 - 2016-02-05 21:19 - 00000000 ____D C:\Windows\pss
2016-02-02 10:40 - 2016-02-02 10:40 - 00000000 ____D C:\Users\catzrule\AppData\Local\Apple Computer
2016-01-15 20:43 - 2016-01-15 20:43 - 01539452 _____ C:\Users\Sue\Downloads\hw_13.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-13 12:32 - 2012-08-15 18:22 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Nitro PDF
2016-02-13 12:29 - 2012-08-08 03:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-13 12:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-13 12:26 - 2012-08-29 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-13 12:11 - 2015-03-03 22:01 - 00000000 ____D C:\ProgramData\374311380
2016-02-13 11:54 - 2012-08-08 03:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-13 11:16 - 2012-09-10 20:34 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Skype
2016-02-13 07:26 - 2012-08-29 21:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-13 07:26 - 2012-08-29 21:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-13 07:26 - 2012-08-29 21:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-13 05:57 - 2015-10-24 12:03 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-13 05:57 - 2012-08-08 03:19 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-13 05:55 - 2012-11-21 16:35 - 00000000 ____D C:\Users\Sue\AppData\Local\CrashDumps
2016-02-13 05:41 - 2014-04-10 22:12 - 00000000 ____D C:\Users\Sue\AppData\Local\Akamai
2016-02-12 21:41 - 2014-03-23 10:07 - 00000000 ____D C:\Users\catzrule
2016-02-12 20:59 - 2015-07-31 14:06 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-02-05 23:55 - 2012-10-23 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-05 23:54 - 2015-08-15 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-05 23:54 - 2015-06-12 13:44 - 00000000 ____D C:\Users\Classic .NET AppPool
2016-02-05 23:54 - 2014-11-22 14:27 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Dropbox
2016-02-05 23:54 - 2014-03-24 07:05 - 00000000 ____D C:\Users\Colleen
2016-02-05 23:54 - 2014-03-23 10:09 - 00000000 ____D C:\Users\catzrule\AppData\Local\Lenovo
2016-02-05 23:54 - 2013-06-11 22:14 - 00000000 ____D C:\Users\Sue\Downloads\support
2016-02-05 23:54 - 2013-06-11 22:11 - 00000000 ____D C:\Users\Sue\Downloads\sources
2016-02-05 23:54 - 2012-08-29 21:28 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-05 23:54 - 2012-08-15 18:45 - 00000000 ____D C:\Users\Sue\AppData\Local\Google
2016-02-05 23:54 - 2012-08-15 18:12 - 00000000 ____D C:\Users\Sue
2016-02-05 23:54 - 2012-08-08 03:14 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-02-05 23:54 - 2011-12-08 15:42 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-05 23:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-05 23:53 - 2015-06-23 18:03 - 00000000 ____D C:\Users\Sue\AppData\Local\Dropbox
2016-02-05 23:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-02-05 23:51 - 2015-06-15 18:14 - 00000000 ____D C:\Users\Sue\Downloads\Citrix
2016-02-05 23:51 - 2014-07-08 22:58 - 00000000 ____D C:\Users\Sue\Downloads\apache-tomcat-7.0.54
2016-02-05 23:51 - 2014-07-08 21:24 - 00000000 ____D C:\Users\Sue\Downloads\apache-ant-1.9.4
2016-02-05 23:51 - 2014-06-20 18:38 - 00000000 ____D C:\Users\Sue\Downloads\Microsoft JDBC Driver 4.0 for SQL Server
2016-02-05 23:51 - 2014-06-19 22:49 - 00000000 ____D C:\Users\Sue\Downloads\glassfish4
2016-02-05 23:51 - 2014-06-01 11:14 - 00000000 ____D C:\Users\Sue\Downloads\Demo_and_Source_BinarySearchTree
2016-02-05 23:51 - 2013-06-11 22:11 - 00000000 ____D C:\Users\Sue\Downloads\efi
2016-02-05 23:51 - 2012-12-20 10:48 - 00000000 ____D C:\Users\Sue\Downloads\gist_voiceToText
2016-02-05 23:48 - 2014-09-22 19:32 - 00000000 __RHD C:\MSOCache
2016-02-05 23:48 - 2013-01-31 19:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-05 22:23 - 2015-12-21 22:24 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Mozilla
2016-02-05 21:14 - 2013-07-04 23:09 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job
2016-02-05 21:10 - 2014-05-13 13:59 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2016-02-05 18:09 - 2009-07-14 00:38 - 00067584 ____S C:\Windows\bootstat(23).dat
2016-02-05 17:58 - 2014-11-22 14:28 - 00000000 ___RD C:\Users\Sue\Dropbox
2016-02-05 17:55 - 2013-06-29 10:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000UA.job
2016-02-05 17:49 - 2013-06-29 10:11 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core
2016-02-05 17:49 - 2013-06-29 10:11 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job
2016-02-05 17:49 - 2012-08-08 03:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-05 17:49 - 2012-08-08 03:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 11:18 - 2014-03-23 10:11 - 00000000 ____D C:\Users\catzrule\AppData\Roaming\Nitro PDF
2016-01-25 11:20 - 2012-08-15 19:06 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-16 00:14 - 2013-07-04 23:09 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3253851711-2362259233-3746204868-1000Core.job
2016-01-15 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-15 10:16 - 2015-08-15 02:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 10:16 - 2015-08-15 02:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 10:14 - 2014-12-12 03:18 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-15 10:14 - 2014-05-08 08:38 - 00000000 ___SD C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2013-01-20 14:21 - 2013-01-20 14:21 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\catzrule\AppData\Local\Temp\Network Wizard.exe
C:\Users\Sue\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2bdjeq.dll
C:\Users\Sue\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-03 09:52

==================== End of FRST.txt ============================


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

"this copy of Windows is not legitimate"

 

Sometimes Windows gets upset if another program looks at its secret files.  You may need to Start, Computer, System Properties then scroll down to the bottom.  Normally it will say Windows is Activated.  If it doesn't say that you may need to reactivate Windows.

 

http://www.wikihow.c...ivate-Windows-7

 

Let's look at the folder C:\Users\All Users\374311380

 

Copy the next 2 lines:

dir /a C:\Users\All Users\374311380 > \junk.txt
notepad \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

  • 0

#13
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I deleted that folder already and emptied the recycle bin.

The IE shortcut had been modified so that it pointed to Chrome, which explains why clicking on it opened up Chrome.  I deleted that shortcut and uninstalled Chrome.

 

Next I'll reinstall Chrome and see if I can figure out how to put back a shortcut to IE for All Users.  Not sure, but I think the malware may be gone now.  Still getting the "This copy of Windows is not genuine" message. I doubt my wife still has the Win 7 product license key, though the computer still has the Windows 7 sticker on it.


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

The number on the sticker should be good enough.

 

You can also do a System Restore back before the ESET scan if you have to and it will usually forget about it.  If you do that I would check that all of the files that ESET removed are still gone.

 

 Will this help with your IE?

 

https://support.micr...en-us/kb/945402


  • 0

#15
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

The Windows Fix-It said it wasn't compatible with my version of Windows -- though I think it should be.  I put the icons back on the desktop and taskbar. 

 

Thanks for your help. I'll turn the computer back over to my father-in-law now and see if he can use it without installing more malware.


  • 0






Similar Topics


Also tagged with one or more of these keywords: hijack, browser

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP