Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan:win32/peals.E!cl


  • This topic is locked This topic is locked

#16
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Thanks Joe - Quick question. The second link you gave me (when I clicked on V2 or higher) also redirects here: https://support.micr...n-us/kb/2970908

 

What next?


  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Try this link for clean up tool,

http://www.majorgeek...val_tool,1.html

A box should pop up on the page, choose save file, save to desktop, then double click and run it. Then reinstall MSE and see if it up dates, if not try all those other instructions and see if we can get it working.

Let me know

Thanks
Joe :)
  • 0

#18
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Thanks, Joe! Got the download, running it now. :)


  • 0

#19
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

So . . . the file that downloaded (and that I just ran) was MicrosoftFixIt50692.msi - didn't see anything about a clean-up/removal tool. Is it possible it no longer exists? At any rate, the thing ran very quickly.

 

Back to re-installing MSE at this point, or should I try anything else first?

 

Thanks again!


  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
No. Go ahead an reinstall MSE and try to up date.
  • 0

#21
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Thanks! Good news: I was able to update MSE after the cmd procedure. A scan still gives me the preliminary threat warning, but shows no detected items at the end of the scan.


  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

This scan can take a very long time. When you're done with the computer for the nite I'd start it then.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
NOTE: In some instances if no malware is found there will be no log produced.
  • 0

#23
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi Joe - sorry, I keep forgetting to do this at night and then needing the computer for work during the day. I'm setting an alarm to remind myself to run this scan this evening. Thanks for your patience!


  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
No problem, I need all the time I can get to figure out what's wrong :)

I like delays, gives me time to think.

Thanks
Joe :)
  • 0

#25
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi Joe,

 

Okay, I've tried this four times now, with the same results every time:

 

Within 15 minutes, the scan detects 1 threat. It continues.

Within an hour or two, it's detected a total of 5, and all the fields that previously showed which locations it was scanning, etc., go to black. It stays that way for at least an hour, with the scan progress indicator frozen.

If I leave it like this overnight (without touching it), in the morning, the window is missing all its fields, though it still shows the greyed out "stop" button, and the program is non-responsive.

 

It doesn't seem able to complete an entire scan.

 

Also, I just checked MSE, and it seems it's again not updating definitions.

 

So . . . recommendations? Thanks again!


Edited by starsknight, 13 July 2016 - 02:54 PM.

  • 0

Advertisements


#26
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

An update: If I run Rkill, then immediately try to update MSE, it works. So same thing as before.

 

Why this is the case, I've no idea, because Rkill doesn't seem to be finding anything nasty--at least, not that I recognize as nasty. I'm posting the log here just in case you see something I don't.

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 07/13/2016 03:54:54 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 07/13/2016 03:56:16 PM
Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)
 


  • 0

#27
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Strange happenings. I want to look at the 2 frst logs again.

The Rkill thing makes no sense to me.

Lets try a bitdefender scan and see what it does, should be a quick scan I think.

http://quickscan.bitdefender.com/
When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).

Then

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#28
starsknight

starsknight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Well, at least I'm in good company. ;)

 

To add to the fun, when I opened FRST, it said an update was available . . . and then hit an error when it tried to update. (Related to whatever's preventing MSE from updating? I don't know.) Re-downloading the program solved the problem.

 

I accidentally hit "Scan" without checking "Addition," so I reran the scan with the addition, and I've posted the first scan log along with the addition text that I got from the second scan.

QuickScan 32-bitv0.9.9.147
--------------------------
Scan date:  Wed Jul 13 20:06:14 2016
Machine ID: 2A6197A0



No infection found.
-------------------



Processes
---------
(unsigned)  Amazon Unbox Video (DEBUG)               3760    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(unsigned)  Amazon Unbox Video (DEBUG)               5360    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(unsigned)  Brother ControlCenter                    7140    C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(unsigned)  Brother ControlCenter                    5860    C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(unsigned)  Brother Help                             5824    C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(unsigned)  QBIDPService                             3340    C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(unsigned)  QuickBooks for Windows                   3212    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(unsigned)  Vodafone Mobile Broadband                4084    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

(verified)  2007 Microsoft Office system            13380    C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(verified)  2007 Microsoft Office system             2052    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(verified)  Access Connections                       1344    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(verified)  Bluetooth Software                       7512    C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(verified)  Firefox                                 13812    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(verified)  Firefox                                  1824    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(verified)  Foxit Cloud Safe Update Service          2088    C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(verified)  Foxit Updater                           13468    C:\Users\User1\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
(verified)  Google Update                            2604    C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(verified)  Intel® Dynamic Application Loader Hos  6420    C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(verified)  Intel® Integrated Clock Controller Se  5508    C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(verified)  Intel® Management and Security Applic  6672    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(verified)  Intel® USB 3.0 Monitor                 5572    C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(verified)  Java Platform SE Auto Updater            2308    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified)  Lenovo Communications Utility            2468    C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(verified)  Lenovo Communications Utility            2440    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(verified)  Lenovo Communications Utility            2592    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(verified)  Lenovo Communications Utility            2920    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(verified)  Lenovo Solution Center Notifications     6652    C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(verified)  Logitech Webcam Software                 1312    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(verified)  Microsoft® Windows® Operating System     5668    C:\Windows\SysWOW64\rundll32.exe
(verified)  Microsoft® Windows® Operating System     5904    C:\Windows\SysWOW64\rundll32.exe
(verified)  On Screen Display                        3308    C:\Program Files\Lenovo\HOTKEY\micmute.exe
(verified)  On Screen Display                        3508    C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(verified)  On Screen Display                        4432    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
(verified)  Power Manager                            6944    C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(verified)  QuickBooks Automatic Update              5776    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(verified)  ScheduledTask                            5456    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(verified)  Scrivener                                3384    C:\Program Files (x86)\Scrivener\Scrivener.exe
(verified)  Skype                                    4324    C:\Program Files (x86)\Skype\Phone\Skype.exe
(verified)  Steam Client Bootstrapper                5288    C:\Program Files (x86)\Steam\Steam.exe
(verified)  Steam Client Service                     6080    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(verified)  Steam Client WebHelper                   6308    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(verified)  ThinkVantage Access Connections          2152    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(verified)  ThinkVantage Access Connections          3644    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(verified)  ThinkVantage Access Connections          5612    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe


Network activity
----------------
Process Skype.exe (4324) connected on port 40013 --> 157.55.56.157
Process Skype.exe (4324) connected on port 12350 --> 91.190.218.63
Process Skype.exe (4324) connected on port 443 (HTTP over SSL) --> 207.46.150.121
Process Skype.exe (4324) connected on port 443 (HTTP over SSL) --> 157.56.194.23
Process Skype.exe (4324) connected on port 443 (HTTP over SSL) --> 65.52.108.74
Process Steam.exe (5288) connected on port 27018 --> 208.78.164.12
Process firefox.exe (13812) connected on port 443 (HTTP over SSL) --> 104.16.55.15
Process firefox.exe (13812) connected on port 443 (HTTP over SSL) --> 104.16.21.6
Process firefox.exe (13812) connected on port 80 (HTTP) --> 151.101.56.239
Process firefox.exe (13812) connected on port 80 (HTTP) --> 35.8.122.80
Process firefox.exe (13812) connected on port 80 (HTTP) --> 35.8.122.80
Process firefox.exe (13812) connected on port 443 (HTTP over SSL) --> 64.233.177.154
Process firefox.exe (13812) connected on port 443 (HTTP over SSL) --> 54.213.112.246
Process firefox.exe (13812) connected on port 443 (HTTP over SSL) --> 54.230.207.247
Process firefox.exe (13812) connected on port 80 (HTTP) --> 104.28.28.94
Process firefox.exe (13812) connected on port 80 (HTTP) --> 104.28.28.94
Process firefox.exe (13812) connected on port 80 (HTTP) --> 104.28.28.94
Process firefox.exe (13812) connected on port 80 (HTTP) --> 104.28.28.94
Process firefox.exe (13812) connected on port 80 (HTTP) --> 104.28.28.94
Process firefox.exe (13812) connected on port 80 (HTTP) --> 192.0.77.2
Process firefox.exe (13812) connected on port 80 (HTTP) --> 192.229.163.16
Process firefox.exe (13812) connected on port 80 (HTTP) --> 192.229.163.16
Process firefox.exe (13812) connected on port 80 (HTTP) --> 192.229.163.16
Process firefox.exe (13812) connected on port 80 (HTTP) --> 192.229.163.16
Process firefox.exe (13812) connected on port 80 (HTTP) --> 192.229.163.16

Process QBCFMonitorService.exe (3212) listens on ports: 8019
Process Skype.exe (4324) listens on ports: 443 (HTTP over SSL), 62763
Process Steam.exe (5288) listens on ports: 27036
Process LMS.exe (6672) listens on ports: 623, 16992


Autoruns and critical files
---------------------------
(verified)  Adobe® Flash® Player Update Service      C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(unsigned)  Brother ControlCenter                    C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
(unsigned)  Brother Help                             C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(verified)  Data Protect                             C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(verified)  Dolby Profile Selector                   C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(verified)  Google Update                            C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified)  Google Update                            C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
(verified)  Intel® PIconStartup                    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
(verified)  Intel® USB 3.0 Monitor                 C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(verified)  IntuitSyncManager                        C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
(verified)  Java Platform SE Auto Updater            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified)  Microsoft® Windows® Operating System     c:\Windows\System32\userinit.exe
(verified)  QuickBooks                               C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE
(verified)  QuickBooks Automatic Update              C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(unsigned)  RCIMGDIR                                 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(unsigned)  Setup for Word Converter                 C:\Program Files (x86)\RL-Software\FwWordConverter\complete.exe
(unsigned)  Status Monitor Application               C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(verified)  Steam Client Bootstrapper                C:\Program Files (x86)\Steam\Steam.exe
(verified)  ThinkPad Power Manager                   C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL
(unsigned)  Vodafone Mobile Broadband                C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe


Browser plugins
---------------
(verified)  Adobe Content Decryption Module for Fir  C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\gmp-eme-adobe\17\eme-adobe.dll
(verified)  Bitdefender QuickScan                    C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified)  Bonjour                                  C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified)  Bonjour                                  C:\Program Files\Bonjour\mdnsNSP.dll
(verified)  Foxit Reader Plugin for Mozilla          C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
(verified)  gmpopenh264.dll                          C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
(verified)  Google Talk Plugin                       C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified)  Google Talk Plugin Video Renderer        C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll
(verified)  Google Update                            C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
(verified)  Google Update                            C:\Users\User1\AppData\Local\Google\Update\1.3.30.5\npGoogleUpdate3.dll
(verified)  Intel® Identity Protection Technology    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
(verified)  Intel® Identity Protection Technology    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
(verified)  Internet Explorer                        C:\Windows\SysWOW64\ieframe.dll
(verified)  Java Deployment Toolkit 8.0.910.15       C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll
(verified)  Java™ Platform SE 8 U91               c:\program files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
(verified)  Java™ Platform SE 8 U91               C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
(verified)  Java™ Platform SE 8 U91               c:\program files (x86)\Java\jre1.8.0_91\bin\ssv.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\mswsock.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\nlaapi.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\wshbth.dll
(verified)  npitunes.dll                             C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
(verified)  NPSWF32_22_0_0_209.dll                   C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
(verified)  Silverlight Plug-In                      c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
(verified)  Widevine Content Decryption Module       C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\gmp-widevinecdm\1.4.8.866\widevinecdm.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\NapiNSP.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\pnrpnsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll


Scan
----
MD5: 1902e987add6ba7be92182e9c9cc84fd  C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientAppRoot.dll
MD5: b3e457cadcbb5a7943526f66dc8c9dce  C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientDll.dll
MD5: d33ec08741ee5a2751ddb57ca19467a8  C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
MD5: fa1f3378d4144ffe6ab67adbfdaae8c9  C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
MD5: 4f41d1614558e9bba23f89d524cd63c5  C:\Program Files (x86)\Amazon\Amazon Unbox Video\Interop.MSNETOBJLib.dll
MD5: 4eeb9939b9dcf1b194909b2fa2bf924d  C:\Program Files (x86)\Amazon\Amazon Unbox Video\Interop.WMPLib.dll
MD5: cc98fc4d7364a439f2b1b4427831462c  C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
MD5: 84148d7b17a37bb328e5bf6c80295128  C:\Program Files (x86)\Amazon\Amazon Unbox Video\WMUtils.dll
MD5: f6d02735de16705c1ebe6429592cd355  C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: ccd7e282045ab48cea58aa2e2a715362  C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
MD5: b11f7db91e12bbca71be88bfb2120faf  C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MD5: bbe933796d8118ab935d9781932945dc  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
MD5: 065818b8a2cd7f08d6dc8c598191548c  C:\Program Files (x86)\Browny02\BrYNSvc.exe
MD5: 5b4df4ce6865445a9cd03041fdf80755  C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
MD5: a0a4c760e18df1f62d535b817b0add0d  C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
MD5: 1bd65346639f0d8d4b97940b93e6637a  C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Client\EntitlementClientBootstrap.dll
MD5: 78ac252a3cfbc716410ca4e1bc646030  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\CFScan.dll
MD5: 9ee9aa5d1fb3f3b99467a20b03b47c5d  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
MD5: 2825b64816878ac4bf77bb9f64b4b650  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
MD5: 580c57a38aabffeabe984b23f5f7eb19  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBDBPortFinder.DLL
MD5: dcb40ee63c09bf739ee63a8f1cf03b12  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBExcel2003ReportUpdater.dll
MD5: 179c6fe96633c09ab23a05c91b1a7f62  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBExcel2007ReportUpdater.dll
MD5: f5dd097058c147cde4c5aa476b2f3f2c  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
MD5: 4d3e4e53a499edd1d8e27b98d60844fa  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgrps.dll
MD5: 3f70caa86a33e3df4076fae4dcc5c155  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgRequestMgr.dll
MD5: 0f4f31ab19cee846b065516c52a89b6d  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\QBSendError20.dll
MD5: a8f25951d8f0957580e18ea2734d839d  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbuchannel.dll
MD5: db399af3a41cbebedc7249b7fb510250  C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
MD5: 7105825f70f90d361547c38f22c55e41  C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
MD5: 059b8158c08c82c78dc6a8153a2467a4  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 67a95b9d129ed5399e7965cd09cf30e7  C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
MD5: d29457125756a4a6d1996bbc2f2322aa  C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MD5: fc5cb6727354b634cd8ad3efb4b8f83d  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\msxml5.dll
MD5: 4c5d603a632023bfdb8edd4436882abf  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\1033\MSOINTL.DLL
MD5: 5cc3601219670472a30f46ecd1fe16be  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\EXP_PDF.DLL
MD5: 2ec2d39c0b3fbc6455b09afb079d9606  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSO.DLL
MD5: c7d010bd8bcef2eb3fca8f7cd3c08d9f  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSORES.DLL
MD5: 9400a4be6f7a1ad44784dde01fc7fa95  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\msoshext.dll
MD5: 8756a6231fda9f9c765eebd3e7ceaa31  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: d1fcd9233dc2d6a2a254fd0767aa8557  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\OGL.DLL
MD5: 1a8b4857f2caaed89e16b1ed1f24930d  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\RICHED20.DLL
MD5: cb0c98dd5c3108f71baa938b1ecd8b04  C:\Program Files (x86)\Common Files\microsoft shared\PROOF\MSLID.DLL
MD5: a4fc868f6fc03876e29e4d87731b8e31  C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: 3500c5a37c554238188054e804f118e4  C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
MD5: 8b6edead7669dad6011cae9fa9905b02  C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
MD5: 06aed43be0459c57c0aaa3fe6348b84c  C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
MD5: a1e09ef88c03497abc16c70387401a88  C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
MD5: c54c5669b5038c77b80fc2652d1de9aa  C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
MD5: f0f53bee080290b6b6aa8884883f3a42  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
MD5: 0b690be0ea771429ad626603e0f98229  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
MD5: ee864cd35936e4aad8120321907da8f5  C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
MD5: adac36b845f254d24a57d42a83149a2b  C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MD5: 8ca08fabc7c8216ccc92cffb76f8d972  C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MD5: a79c5d495fb882e2a82220902f860486  C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MD5: 5130082becc7955f916cbbf591ff23f7  C:\Program Files (x86)\FileZilla FTP Client\libwinpthread-1.dll
MD5: 997c065268a23420998f93eea97c7a74  C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\x86\FPC_ExcelAddin_x86.dll
MD5: 7511420248e0174f8aceafc075a01777  C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\x86\FPC_WordAddin_x86.dll
MD5: 3757c8ad7745f4d7d5f823edfce03532  C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
MD5: f71d4f4ee655a5b1208c73897f064c90  C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\x86\FPC_ExcelAddin_x86.dll
MD5: 68ac22e5d2706d88f7b1ef5d01a18586  C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\x86\FPC_WordAddin_x86.dll
MD5: 1af58c92fd9f3f07c6e4d18599b34fac  C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
MD5: 56fe3c885b0901601549e23e7a435984  C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
MD5: c426f7e678d6e539041847556059d5e8  C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
MD5: dd7423abbe2913e70d50e9318ad57ee4  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
MD5: b081146d3c02df2afa565236acb4d92e  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MD5: 83ff82fe209e7997067b375dad6cf23d  C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
MD5: 52069aeb42d3d0f97cbca1085ebf55e6  C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
MD5: 3a04163c21393955c5468b3e01f5682e  C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
MD5: 54a18a5ccf3dfec763eea7ab69467b2c  C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
MD5: fdb60d898ba461f62d407f362cc21c2c  C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
MD5: d52e40ec1a522e9ee233f5a2276c857e  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
MD5: cce49eda4f9999a42cde1d1bfcd84545  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ComEventHandler.dll
MD5: 0713e449e19ff50ab69fcadc40f7bacb  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\Common.dll
MD5: f09ed8abdbd70d6b0722f9f400bc15f5  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\Configurator.dll
MD5: 081c80e1381da7c4fd4367bc6a888ab3  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\EventManager.dll
MD5: 6542e67b166b1aeb5326f11e66360d9c  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\GmsCommon.dll
MD5: 76f9efb95a1577f37d568e61c8c6965e  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\HistoryEventHandler.dll
MD5: 098f726b32e0c2a396c50fb23d94c900  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\HostChangesNotificationService.dll
MD5: f2a48417d9cdeb03aff78582bf9e97ee  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\IPRefreshService.dll
MD5: 888a1dd2eb317faf3906e64acee7a1bc  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
MD5: c0d0fa14af1b8f75839a61bd9cae89de  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\PartialFWUpdateService.dll
MD5: 9f54be53195aa30b889d0d519cf63d80  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\PortForwardingService.dll
MD5: e8500d9691707a3b2635259e402c11e6  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\SoapServerService.dll
MD5: 507e68ac439f62699698cb222d1dfc72  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\StatusEventHandler.dll
MD5: 4328d086b0f38c8bc89c065c755a1fac  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\WinLogEventHandler.dll
MD5: 482766ae4722c246f542d2977958bf51  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\WMIEventHandler.dll
MD5: 275b8c38948de7d2c9180bb8349f19ea  C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\WsmanClient.dll
MD5: b77beb4a4a9016b0907ba21b25c931de  C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
MD5: 7515ec02e1f288107c95d5c195381235  C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
MD5: 6c0642f02f720b544fe5426bca02960a  C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: fe2d0ed8798bc8b87a30a9b90ea91c67  C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE
MD5: f40e8c944675bf87e605e8e02fa76eda  C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: b79fd6f0cf022f9410c48a3fb230637a  C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll
MD5: 48834c67e801d0976e7347e8d9f6c47d  c:\program files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
MD5: 7850b31195a7e1e7152c6a6ae8e7f85a  C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
MD5: fbdf99dd214cdbca0a3d6ae8313cdbde  c:\program files (x86)\Java\jre1.8.0_91\bin\ssv.dll
MD5: 2aa7bd93cdc140c70c40557355123e06  C:\Program Files (x86)\Lenovo\Access Connections\AcAdaptersInfo.dll
MD5: 0591b45e104bed1b540184b304e12100  C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll
MD5: f83d92ea69649b1986fec6da99ad025d  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
MD5: 79ddf0a9e28d5a9add27a4c7111d35fb  C:\Program Files (x86)\Lenovo\Access Connections\ACGUIHlpr.dll
MD5: 52e7d1fd88c74bf50523ec08f9dd124f  C:\Program Files (x86)\Lenovo\Access Connections\ACHelper.dll
MD5: f3f67990edf403bdfc5c6901a70e2ce7  C:\Program Files (x86)\Lenovo\Access Connections\AcLocSettings.dll
MD5: 2aafa37aded63359e85a236be65a0700  C:\Program Files (x86)\Lenovo\Access Connections\ACNewBiosHelper.dll
MD5: a33356da500f7a3873f8bfbc72e7f28a  C:\Program Files (x86)\Lenovo\Access Connections\ACon.dll
MD5: c6865125f0eb758704dd8923faf4da28  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgr.dll
MD5: c355e18a892271574976dfec962a66c5  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
MD5: 025454740c684dee790c40dbfee26c64  C:\Program Files (x86)\Lenovo\Access Connections\AcSmBiosHelper.dll
MD5: 59997cde434376e03384c2659728da17  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
MD5: 2c55ba6258b6e2bbd509731eefa11923  C:\Program Files (x86)\Lenovo\Access Connections\AcSvcHlpr.dll
MD5: 39af9b293fd97c9c74100d65764d7dc7  C:\Program Files (x86)\Lenovo\Access Connections\AcSvcStub.dll
MD5: 50aa5e368e8c847e314b552e152d73c0  C:\Program Files (x86)\Lenovo\Access Connections\ACTurinSupport.dll
MD5: aead37f3390a64b071b958f7435f9870  C:\Program Files (x86)\Lenovo\Access Connections\ACVistaWlAutoconfig.dll
MD5: b8322d9cea1cf6abe931898634ee6eac  C:\Program Files (x86)\Lenovo\Access Connections\MFC71ENU.dll
MD5: c7d2394972293e932b8816bfa17eb3f2  C:\Program Files (x86)\Lenovo\Access Connections\Res\US\GUIHlprRes.dll
MD5: 8bc2a5593cf9e12250dbe3ff45f89bbe  C:\Program Files (x86)\Lenovo\Access Connections\Res\US\SvcHlprRes.dll
MD5: 4169624842ee86b6bbfa330fee1dfb83  C:\Program Files (x86)\Lenovo\Access Connections\Res\US\TrayRes.dll
MD5: d14b3b8e28f8d210598c7f416fbe8210  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
MD5: 79c05c44012998a0c90e17f627bf5734  C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe
MD5: 71303975843cc57ee49a01a67c4a0765  C:\Program Files (x86)\Lenovo\System Update\SUService.exe
MD5: bef1ead605cf791fdbb48add71075509  C:\Program Files (x86)\Microsoft Office\Office12\1033\WWINTL.DLL
MD5: b250b8ef77f3d3e38a57e1f77c48202b  C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
MD5: ab97e11e38c1dc822f245a776210b988  C:\Program Files (x86)\Microsoft Office\Office12\MSOSTYLE.DLL
MD5: da79517783552b80229705d9720b8e8d  C:\Program Files (x86)\Microsoft Office\Office12\msproof6.dll
MD5: 3a9fba6005bc10ef8d1e61b9fe589505  C:\Program Files (x86)\Microsoft Office\Office12\NLSDATA0009.DLL
MD5: 1a514ca70e5faf1cec2f51cdab1367a7  C:\Program Files (x86)\Microsoft Office\Office12\NLSLEXICONS0009_SP.dll
MD5: 707f023159b541ead5dd6adb2e605443  C:\Program Files (x86)\Microsoft Office\Office12\NLSMODELS0009.dll
MD5: 7f2c8065f1079d04bd8bc2b19750a596  C:\Program Files (x86)\Microsoft Office\Office12\OART.DLL
MD5: 20711c7f3a5e9f686eb1f4132a5e6d47  C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
MD5: 68e37d1b73607868386aa21f46503350  C:\Program Files (x86)\Microsoft Office\Office12\WWLIB.DLL
MD5: 0a7cfc4ee9cc3206b1dc522fcb8c3db1  c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
MD5: ac459c202132d16f80264833b28b77cd  C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
MD5: 8fe11a6b735f7c904e1dc0ef7ea79b78  C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: af59d99c913ba60d0a127c81ccb8d4aa  C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 666f886ccf1130e2511c1258f2d1a5e9  C:\Program Files (x86)\Mozilla Firefox\icudt56.dll
MD5: 842779b9589137a56b2d42a9004432ad  C:\Program Files (x86)\Mozilla Firefox\icuin56.dll
MD5: 8334014f04ce1225df994206ef1c5c3c  C:\Program Files (x86)\Mozilla Firefox\icuuc56.dll
MD5: 59e5652530ec21e9a98854a3d02da337  C:\Program Files (x86)\Mozilla Firefox\lgpllibs.dll
MD5: b886f9dabeb09305f93760957b731154  C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: fd5cabbe52272bd76007b68186ebaf00  C:\Program Files (x86)\Mozilla Firefox\msvcp120.dll
MD5: 034ccadc1c073e4216e9466b720f9849  C:\Program Files (x86)\Mozilla Firefox\msvcr120.dll
MD5: 73b108a2bbb682a9d2034435cb5b1739  C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 4ee4ea54376269fe76c89e047b4de808  C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: cd6fcfbabbfa5b66a510c7811055d0cd  C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: b26a9cdc001c94aa5316ca70899493a6  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 04caf02e46088d15f1ea3eadf69d3bea  C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
MD5: e7be4c89f7792c632b3723b60992866d  C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: c2f3bd8f1782497c52c2a0889443ee13  C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 69e23c730974bac8c11df2b7c4c9d37b  C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 155bd8c83821f4c0ddda1c5598fff43a  C:\Program Files (x86)\RL-Software\FwWordConverter\complete.exe
MD5: 20e2c192803826ead87dcbb26b63140e  C:\Program Files (x86)\Scrivener\Aspell\bin\aspell-15.dll
MD5: 3ac077a1381347720c8a87e7b4d4d87d  C:\Program Files (x86)\Scrivener\drs32.dll
MD5: 8aebebb548e89e99c3038c588567c0ff  C:\Program Files (x86)\Scrivener\imageformats\qgif4.dll
MD5: 90f584cdfac065067ffa8e64d07cdc6e  C:\Program Files (x86)\Scrivener\imageformats\qico4.dll
MD5: 26e8a6d0fc4fcc2f3d92eedd5ecd5be9  C:\Program Files (x86)\Scrivener\imageformats\qjpeg4.dll
MD5: ed2f27fc6617f041937df4fe080d8347  C:\Program Files (x86)\Scrivener\imageformats\qmng4.dll
MD5: fb13cecf7fd157adc3fd63bc69f50152  C:\Program Files (x86)\Scrivener\imageformats\qtga4.dll
MD5: ae624dac44d18434325e8cf0b7c58cb6  C:\Program Files (x86)\Scrivener\imageformats\qtiff4.dll
MD5: f3de10aabd5c7a1a186c9966f037d0c0  C:\Program Files (x86)\Scrivener\mfc100u.dll
MD5: bc83108b18756547013ed443b8cdb31b  C:\Program Files (x86)\Scrivener\msvcp100.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3  C:\Program Files (x86)\Scrivener\msvcr100.dll
MD5: 91804beb578a44b6c0413cc377bb5867  C:\Program Files (x86)\Scrivener\phonon4.dll
MD5: 1fe4783c5ace0fc8f26cc0a91534fbe4  C:\Program Files (x86)\Scrivener\phonon_backend\phonon_ds94.dll
MD5: 88452d4eb83a8b0afedb025abad085da  C:\Program Files (x86)\Scrivener\QtCore4.dll
MD5: e9fe7401d1a84c8c9a4a76cc5bc7a93a  C:\Program Files (x86)\Scrivener\QtGui4.dll
MD5: 4e910a4cf6212457824cee226881df96  C:\Program Files (x86)\Scrivener\QtMultimedia4.dll
MD5: 382142feaa5532e80a030705fb4cb271  C:\Program Files (x86)\Scrivener\QtNetwork4.dll
MD5: e89c8c4c99f65f1b706f481356b064e7  C:\Program Files (x86)\Scrivener\QtSolutions_MMLWidget-2.4.dll
MD5: a15c0d646ccbfa62a8e0501249bb0876  C:\Program Files (x86)\Scrivener\QtSql4.dll
MD5: 280e3588d29be1bc856d1186b18249e8  C:\Program Files (x86)\Scrivener\QtWebKit4.dll
MD5: 9c7745be8303b5281aba5ca559b3650a  C:\Program Files (x86)\Scrivener\QtXml4.dll
MD5: 9d314cb3c1733f17e5abe573ec6cca77  C:\Program Files (x86)\Scrivener\rds32.dll
MD5: 485f105e66d8f8b03149316e654bf4ec  C:\Program Files (x86)\Scrivener\Scrivener.exe
MD5: cc3b24c68651e1520c63a9cf71c98a57  C:\Program Files (x86)\Scrivener\ter21.dll
MD5: e8d17a7d1d30e31754281ae33bece8cb  C:\Program Files (x86)\Scrivener\wrs5.dll
MD5: b7d3a639e23f80c4eefdeed370d955fd  C:\Program Files (x86)\Skype\Phone\RtmCodecs.dll
MD5: 188d5756fd547c6e91272b1d6112f05c  C:\Program Files (x86)\Skype\Phone\RtmMediaManager.dll
MD5: 2e497adcbda3d4cdaa4c24af2b568ec4  C:\Program Files (x86)\Skype\Phone\RtmPal.dll
MD5: f04d04783df23bdac5167f58561a7127  C:\Program Files (x86)\Skype\Phone\RtmPltfm.dll
MD5: eb8c655cab1c50dc69ed9a8464dd9623  C:\Program Files (x86)\Skype\Phone\SkypeResources.dll
MD5: 27b990b20bcf63060a135b99ddfd38c1  C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
MD5: a58b05e6b949d86144907f0a4d807032  C:\Program Files (x86)\Skype\Updater\Updater.dll
MD5: 9a66a87bbc0ec4463042959b7c0d4ac1  C:\Program Files (x86)\Skype\Updater\Updater.exe
MD5: b2e6163d02505cb5d207077157a25cbd  C:\Program Files (x86)\Steam\bin\chromehtml.dll
MD5: b19362f8ba9e2eeae4906e4364c16948  C:\Program Files (x86)\Steam\bin\filesystem_stdio.dll
MD5: 9f3be6c577833ad416dbdff5e3c658b1  C:\Program Files (x86)\Steam\bin\friendsui.dll
MD5: 48d21ec25239e10731ad0e1f41f5f962  C:\Program Files (x86)\Steam\bin\libcef.dll
MD5: 21477963330aaa0ed0cd29226caf4dac  C:\Program Files (x86)\Steam\bin\serverbrowser.dll
MD5: 839804836f86db9d7b3c0e33b50e0506  C:\Program Files (x86)\Steam\bin\steamservice.dll
MD5: cf320fe13d0bca3e79a20e99b72e80d4  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
MD5: 6fafa6bcfb1af191f62a3fa13a22eca8  C:\Program Files (x86)\Steam\bin\vgui2_s.dll
MD5: 00cb61cc5a2aefb4473f67dfd18fc557  C:\Program Files (x86)\Steam\crashhandler.dll
MD5: 4ba842ad880526ce756226ae5a696e53  C:\Program Files (x86)\Steam\icui18n.dll
MD5: 22ae80823fb465f7fd55c5a0781032e8  C:\Program Files (x86)\Steam\icuuc.dll
MD5: e5508e5ac8c0eb05633e469746910636  C:\Program Files (x86)\Steam\libavcodec-56.dll
MD5: 0399722a7331639946a856be5884f73b  C:\Program Files (x86)\Steam\libavformat-56.dll
MD5: d865864ce86ed3b4e10138368886b99d  C:\Program Files (x86)\Steam\libavresample-2.dll
MD5: 56033b08981a1799d27508fcaa779d27  C:\Program Files (x86)\Steam\libavutil-54.dll
MD5: 76774f3be1f04e399783ebb484d8b059  C:\Program Files (x86)\Steam\libswscale-3.dll
MD5: 7e9325fc761ef29ac13f141688aaa53b  C:\Program Files (x86)\Steam\openvr_api.dll
MD5: c268948ec2584aba7a0f787d10afb75f  C:\Program Files (x86)\Steam\SDL2.dll
MD5: adb8d21fc136bc4092a7f87dd4426f50  C:\Program Files (x86)\Steam\Steam.exe
MD5: 1abb5f5258be883ae0b7c871e50b2af6  C:\Program Files (x86)\Steam\steamclient.dll
MD5: 36e249ce7f521e66a6ddd9a28ea1018f  C:\Program Files (x86)\Steam\SteamUI.dll
MD5: 87b2c3a6c3d349becf24b22585200bf0  C:\Program Files (x86)\Steam\tier0_s.dll
MD5: be9312f72ab68fc7cd38f5bc7fc6fe35  C:\Program Files (x86)\Steam\v8.dll
MD5: 72e0a779e6be86cb993ed3f014a45d0c  C:\Program Files (x86)\Steam\video.dll
MD5: 31f8e2a84098e4b73d3b664176e32934  C:\Program Files (x86)\Steam\vstdlib_s.dll
MD5: 497e0e7cd4e6a708edf8ef4d1702f427  C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
MD5: 3e1ba96f0b2e07117ad0e81c2b685e32  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
MD5: cba1369bfb60056b7c1958b444a94ae2  C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL
MD5: 3d399923fbae81a7fb3593dabf5d4cdd  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
MD5: a2cf504cd272a96696d3f4109ea7b74b  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
MD5: 59e6d1cc4ea1a19d07570aa0657ed966  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
MD5: bfdd791e6a204b31eca59c841184df3b  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Base.Contracts.dll
MD5: ed541f252e03873f3b2a75a084148192  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Base.Factory.dll
MD5: 208a19ded4c9973671865301cf4294c4  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Base.Internals.dll
MD5: 02242ee6e7aa85c35f6134f1f628f0a5  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Base.Win32.dll
MD5: 03cb2c5ab6aad1827ed665db538aa600  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Common.dll
MD5: 3ca17a1ed726dac08079ab636a366618  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Data.dll
MD5: 05f02f3be4d1e38ec8934db2d6e15c68  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.DataAccessor.dll
MD5: 4d9a99bed196e8bea89c9accb634ca60  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.LogEngine.dll
MD5: 269bb259645a46e4141d5aa29955c4c7  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.NtService.Core.dll
MD5: 7b61b9626afff1bb516912f5b0ad428f  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.NtServiceMessaging.dll
MD5: eaaa2b83c4764fdcfbee4a4d6546de92  C:\Program Files\Bonjour\mdnsNSP.dll
MD5: b5c2f92ee1106dfe7bb1cce4d35b6037  C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 3b3774c868868257533ec7e715bb6d53  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 621b25188adf78ddbe11dba3c8c2a4a9  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
MD5: dae6c3099d291eed8922a65c29abcf52  C:\Program Files\Intel\iCLS Client\HeciServer.exe
MD5: d45226e3e7a25f1e7ce8df8fd0a2a098  C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
MD5: ee274f4ff151856770de75f40cce7877  C:\Program Files\Intel\Media SDK\mfx_mft_h264ve_w7_32.dll
MD5: a0f7df30b3e110b70b9ae5304aa74053  C:\Program Files\Intel\WiFi\bin\EvtEng.exe
MD5: 821249a8ac2bbb95a43abec6e0253658  C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
MD5: 1bb69a5ea8f2024af1799e35eb96fcab  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
MD5: f4b68f7c1666a2a6cd1d37a08f1d6df1  C:\Program Files\iPod\bin\iPodService.exe
MD5: 58db3f794b593c97e906cf831273dc93  C:\Program Files\Lenovo\Communications Utility\CamDll.dll
MD5: c8a336c1a6ecf7d05b5f5eeeb67b5c6f  C:\Program Files\Lenovo\Communications Utility\CamMute.exe
MD5: 827a88c614dc4fcf340595b64891e355  C:\Program Files\Lenovo\Communications Utility\CommFunc.dll
MD5: bef94e1a08e1fe00cf12f1dfd9505408  C:\Program Files\Lenovo\Communications Utility\cv210.dll
MD5: 9e4da93286e2d5d0674a0a692eb4f627  C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
MD5: 1be7d996427935775fc63d276a7db57f  C:\Program Files\Lenovo\Communications Utility\TPKNRDLL.dll
MD5: f899e5d26ba44cd91bc568f1770f25f1  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
MD5: 2c6067f919df0d2d2ee8044042219779  C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
MD5: bec7d8e2b17adc28f70fb992a3dc7b1b  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
MD5: f96adc7ea527c2588cb0a7aa94f23b31  C:\Program Files\Lenovo\HOTKEY\micmute.exe
MD5: 748794ad5de5867d444149b827a5461c  C:\Program Files\Lenovo\HOTKEY\micmute6.dll
MD5: ccf673cd41815063eec0de517f5e1d27  C:\Program Files\Lenovo\HOTKEY\tphkload.exe
MD5: 7ff003567be266566a2f13be04f76714  C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
MD5: 7551756c95bd7ba52af058b88c70e657  C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
MD5: 5f2c900a90848bcbf8650d5d3f1bda88  C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
MD5: 096b8e6f9336727b505fe6addf34dfde  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
MD5: ee982f13f0957ab40992ddbc47164a76  C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
MD5: c66fe30bba4604a06ee9e4180abe4bd9  c:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: b8f4f580638373fbf72f2b572446d294  c:\Program Files\Microsoft Security Client\NisSrv.exe
MD5: db97de88cdc64028aebea79bc7e5cc75  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
MD5: c8306c64f95dabc69a11df3a664c00fb  C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
MD5: 296f537391ce77506837f88e9862e61e  C:\Program Files\ThinkPad\Bluetooth Software\syswow64\BtMmHook.dll
MD5: 3bc2844af786ca422cc31d505acfa9f2  C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
MD5: 7cbb1d4d13dc62d7f529d87151fd3cd3  C:\Program Files\Windows Defender\MpSvc.dll
MD5: a9f3bfc9345f49614d5859ec95b9e994  C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: efe69bc2fd477fd4bbd22210d3e63893  C:\Users\User1\AppData\Local\Google\Update\1.3.30.5\npGoogleUpdate3.dll
MD5: a87094a06753cb5c76847ee6da0a1ed1  C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
MD5: cf55bd262eceb9343f2002e06e0b17d2  C:\Users\User1\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
MD5: 67d64c11c1dd750526c54f0604338370  C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: b1c853e7285e224a69695be88ed31a2c  C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\gmp-eme-adobe\17\eme-adobe.dll
MD5: ea3d36516f6119e7480912bc6aba432f  C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
MD5: 75bb7fd4799a6801b4e2c0ca160f09b3  C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\gmp-widevinecdm\1.4.8.866\widevinecdm.dll
MD5: 20ff20fbc1f20adec0ad6af98abe9545  C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
MD5: 57d28190c994ad5e9b1007fb2259393a  C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll
MD5: 45caa0edcfdf1622a3ce22ab21b995d7  C:\Windows\AppPatch\AcGenral.dll
MD5: 96c70bd48d49b87475f4572dedc62eb9  C:\Windows\AppPatch\AcLayers.dll
MD5: 8aab6be9b3ab11b9c3107137830ae7e3  C:\Windows\AppPatch\AcSpecfc.dll
MD5: 0f504e938087b32ff98f71e6d839ee5d  C:\Windows\AppPatch\acwow64.dll
MD5: b7a50025e0d3521e6aa4d2f047c95f61  C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MD5: 6f2b486ca0b4d8564e5f2f36d84c3dc4  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll
MD5: 2e07e664e806f8f6b98b20a005700cfe  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\82ecf48db57ddf66f74fca17b0f99453\System.Drawing.ni.dll
MD5: 462356e502d52680ce6c66058084c1e5  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MD5: 3b38591d281994143da4a0d5da723e0d  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c00840ee7b4eb45e78557fc3c8785733\System.ServiceProcess.ni.dll
MD5: 39bd457bfd3e427f14669d37637fca43  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2804664decc8bc37bdc172b35a5bdd46\System.Web.Services.ni.dll
MD5: a1d8e10783d114d806408365d060337a  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09e9b52418dba5729ace249cf0487675\System.Windows.Forms.ni.dll
MD5: 2fbb653f8bf919e32c9869fa545a5f01  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MD5: aa60fc73326973a774036486421f386c  C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MD5: 839fd7c9e08308ebd10b962684c6a673  C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MD5: 2f77fd6ecd1ce82f3677b0c20579138d  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\339dea31bc0a1a0a99ff83830bfe70af\System.ServiceProcess.ni.dll
MD5: 4b24c335c4f636e4ea039651aa8a1d53  C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MD5: c4002b6b41975f057d98c439030cea07  C:\Windows\ehome\ehrecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3  C:\Windows\explorer.exe
MD5: b4d73f04e9bc076f7cdac4327df636bb  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: c98a5b9d932430ad8eebd3ef73756ef7  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: f15ab80b867d3332d5ddfb0a05b9ce04  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
MD5: 9acbe5ec13c2cc95833bfb7636ca8b1a  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
MD5: e58808846b62041bfb05395e1ced6499  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
MD5: 1598db790793a396298825c1ca17fb47  C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: 09a116fb06c5e362ef8938d29cdab27b  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: f13ec8a783e0cb0d6dc26a3ca848b7b8  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
MD5: ff98ef5a50ea52fa115fe60b0f0a92b1  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: becf99287d000efdd5e26ea722450598  C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
MD5: a15811ef4a3d20f6c7d67c4673014e18  C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: e9bd0a4240d867f49821a1129e405ffa  C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 51ae9d12d76424c4fd1112d989da050d  C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
MD5: 79ea94e7a55e673b1e5202e666b61ec2  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: f5ab4d2e36625f355e81539239765107  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
MD5: 4e760901954969963dc30cbafcbb9afd  C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 773212b2aaa24c1e31f10246b15b276c  C:\Windows\servicing\TrustedInstaller.exe
MD5: 6207f1cc3d3192231a0577ea6e0de1bd  C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
MD5: 7bc8bba19a55549d00a9db8c552cd485  C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
MD5: afdb6d7cb18fc522b65ba53053c5f52e  C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
MD5: 8c26f086b7400b67a0e0c96036fae4eb  C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 36db08d99caa77ddff869c5c93008a8f  C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 73cd151a8a16f2ce017457cd29eb3a43  C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
MD5: e3ca6656aaa79df28cf69f5550a57752  C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
MD5: 6a2199708220ccb9b2c251891b8f31af  C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
MD5: 0630e384d3a0f5fb25ad8b7eecd7d469  C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
MD5: 065a7a2d8f5ad55f0d357f00d01a2dbb  C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 6c65bccf882266429b13845a7c18bb86  C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
MD5: 3a3c498fe3136a7e24fb29a8d1fc95ea  C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 35df3cc409d9f4ee95a0d7f4e4592808  C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
MD5: cb37a9a47920e7549fd58fa50c1e25f5  C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: ccd279b5b4cffef9e03a06fdbfdc5368  C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
MD5: 6a20380c18e28b4953956d759df4e917  C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
MD5: b68a3f69c402a06c2458e8f917393e13  C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: ca4af9e85a0c43b59662c29035e8c89d  C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: c2a4a67432b2dc6266435d60b7dcd26e  C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: d2d5f2efae8462f08292e92510e01fc4  C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
MD5: c56a083fad0ac0f30a80e09bacd53a99  C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 7aad56d84d94bcdded5707d90f5882a1  C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
MD5: 1de295951abc2e2bf2635a759c1cfef9  C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
MD5: dba2c22401755200380a0f66f799c9f8  C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: d49f40cc3a5e6f7f557e694ce0f54d92  C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: d73cfb6d315cf6780d4b74c75b2dfdc9  C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
MD5: c08d46a0b7b9c6f412fb18f13bca1c91  C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 6a13b4f3b3f575f1e24b877b9359aaba  C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 49aca548b2423f1c67898e6ac719a9a6  C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MD5: 2e33dfd10f28f86c3fc40ee123cc3904  C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7  C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 60f4aefa103d421ea4a40e31409b4756  C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 007863e45f25aa47a4c30d0930bbfd85  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MD5: 589cbc4989f750e1da35625ab481cf43  C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7  C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
MD5: 547507620eb6d2a5e296113213a26cb0  C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
MD5: c899e7e3a4f42b802da1e97f9908bd26  C:\Windows\System32\apisetschema.dll
MD5: ad7b9c14083b52bc532fba5948342b98  C:\Windows\System32\cmd.exe
MD5: 33f67bbcc3c0499d3f3382473114cfa8  C:\Windows\System32\cryptsvc.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63  C:\Windows\System32\dhcpcore.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e  C:\Windows\System32\explorer.exe
MD5: d1af38fbac0dc7e6d796b0ed01707ee0  C:\Windows\System32\inetsrv\apphostsvc.dll
MD5: 57c8c20bfa5bef6bd851ebac67a8ced0  C:\Windows\System32\inetsrv\iisw3adm.dll
MD5: f61a069a5517f85662ed9a6c5ad5445a  C:\Windows\System32\msiexec.exe
MD5: e94c583cde2348950155f2af2876f34d  C:\Windows\System32\mswsock.dll
MD5: fe48346938c1cdddf4e4097db9b99764  C:\Windows\System32\nlaapi.dll
MD5: 5792e7c663faa39335d4f787b9499490  C:\Windows\System32\ntdll.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720  C:\Windows\System32\pla.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8  C:\Windows\System32\provsvc.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd  C:\Windows\System32\SearchIndexer.exe
MD5: 4ae380f39a0032eab7dd953030b26d28  C:\Windows\System32\SessEnv.dll
MD5: 414da952a35bf5d50192e28263b40577  C:\Windows\System32\shsvcs.dll
MD5: 613bf4820361543956909043a265c6ac  C:\Windows\System32\tapisrv.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223  c:\Windows\System32\userinit.exe
MD5: 34eee0dfaadb4f691d6d5308a51315dc  C:\Windows\System32\wcncsvc.dll
MD5: dde994e9159497d0d5ab2cdf66d1ead6  C:\Windows\System32\wdi.dll
MD5: 55c70654420dbf429604fd567e6f3cd3  C:\Windows\System32\WebClnt.dll
MD5: ca9f7888b524d8100b977c81f44c3234  C:\Windows\System32\winhttp.dll
MD5: ac122407b29378ff9646f03404ac7c54  C:\Windows\System32\wshbth.dll
MD5: 1de9bd23afa36150586c732d876d9b74  C:\Windows\System32\WsmSvc.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc  C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a  C:\Windows\SysWOW64\advapi32.dll
MD5: fd9c6d2e90b3cf9c0d72f59b66ea1989  C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
MD5: 6a13b4f3b3f575f1e24b877b9359aaba  C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 49aca548b2423f1c67898e6ac719a9a6  C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
MD5: 2e33dfd10f28f86c3fc40ee123cc3904  C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7  C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 60f4aefa103d421ea4a40e31409b4756  C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866  C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 007863e45f25aa47a4c30d0930bbfd85  C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MD5: 589cbc4989f750e1da35625ab481cf43  C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7  C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
MD5: d3e8c7fadb758e5d222c639cc65790ad  C:\Windows\SysWOW64\apphelp.dll
MD5: 50b8937a81360d16a5c772302bd32cfe  C:\Windows\SysWOW64\AudioSes.dll
MD5: d0aadbcf6f9a77471b46156058ddc2a1  C:\Windows\SysWOW64\CbFsMntNtf3.dll
MD5: 013ef7c66c5896dbb395406c8baa8266  C:\Windows\SysWOW64\CbFsNetRdr3.dll
MD5: f436e847fa799ecd75ad8c313673f450  C:\Windows\SysWOW64\cfgmgr32.dll
MD5: d1de1eafde97be41cf6585027ff3e732  C:\Windows\SysWOW64\comdlg32.dll
MD5: 727bcdd53b58b6cb79589672f63a0206  C:\Windows\SysWOW64\credssp.dll
MD5: e9bb0cd09da17c71fd1b9954d75aeef7  C:\Windows\SysWOW64\credui.dll
MD5: f4afdb5abea0c9079e8193e24d1db21d  C:\Windows\SysWOW64\crypt32.dll
MD5: e6d4634bc2e13322727283eec677853c  C:\Windows\SysWOW64\cryptbase.dll
MD5: d864c283ffd7c080fdc25fd4c798ff8d  C:\Windows\SysWOW64\cryptnet.dll
MD5: b54fd1991e659fd61ef1d34ec27aaecd  C:\Windows\SysWOW64\cryptsp.dll
MD5: b7d2bb84c590f0ae9da51dbb065a780e  C:\Windows\SysWOW64\cryptui.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47  C:\Windows\SysWOW64\cscapi.dll
MD5: 14800bd31701a5047ac3145bb1e698ae  C:\Windows\SysWOW64\d2d1.dll
MD5: 965cfc7687f0d188f215dc142fc8f6a1  C:\Windows\SysWOW64\d3d10warp.dll
MD5: 6de66fe7c526637e74cd066461c7c871  C:\Windows\SysWOW64\d3d11.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6  C:\Windows\SysWOW64\d3d9.dll
MD5: 6b003e11cdbda3b45a3d16e5a9d3f73b  C:\Windows\SysWOW64\davclnt.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8  C:\Windows\SysWOW64\dbghelp.dll
MD5: 68054f129d15ce0a50e1e3841222a166  C:\Windows\SysWOW64\dciman32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08  C:\Windows\SysWOW64\devobj.dll
MD5: 162d247e995eaebf3ef4289069e1111c  C:\Windows\SysWOW64\devrtl.dll
MD5: 81f6c1ae23b1c493d9e996c3103915d7  C:\Windows\SysWOW64\dhcpcsvc6.dll
MD5: 5e08ac958be05247ff1539e0d1ce7905  C:\Windows\SysWOW64\dinput8.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9  C:\Windows\SysWOW64\dnsapi.dll
MD5: dcc148408770f2d55b201f8fc26438a1  C:\Windows\SysWOW64\drmv2clt.dll
MD5: c9fb8c3d650ef8bd76865ec20a19a5bc  C:\Windows\SysWOW64\DShowRdpFilter.dll
MD5: 52213d271f6804aaa44f57aefd2b778a  C:\Windows\SysWOW64\dwmapi.dll
MD5: ce21524c53e9671a7108b28fb9b4e474  C:\Windows\SysWOW64\DWrite.dll
MD5: d4f264fe23f8953d840904418220c15e  C:\Windows\SysWOW64\dxgi.dll
MD5: 1060d60cca69a8136a87dbe3c8f4a467  C:\Windows\SysWOW64\EhStorAPI.dll
MD5: 2d4814d567e5a85c473228ba772a7afb  C:\Windows\SysWOW64\evr.dll
MD5: e2a17bcc08d92f42e08af6ba2f93aba7  C:\Windows\SysWOW64\ExplorerFrame.dll
MD5: f0d0e883ebbdc7615dc9edea0ffb2817  C:\Windows\SysWOW64\FWPUCLNT.DLL
MD5: 143046ac227c193b5b2e0e20bc0cf1dd  C:\Windows\SysWOW64\gdi32.dll
MD5: 66b2a244152c78e4c298807bc544aa26  C:\Windows\SysWOW64\ieframe.dll
MD5: d47db47a2c61664dab00550ebb342afa  C:\Windows\SysWOW64\iertutil.dll
MD5: 0957d92d1a6b81b46bc75087d210f8b2  C:\Windows\SysWOW64\igd10iumd32.dll
MD5: fd3c5b29f10ebf79d814e3304794702f  C:\Windows\SysWOW64\igdumdim32.dll
MD5: 4102dbd507368d368d8a695fb5315294  C:\Windows\SysWOW64\igdusc32.dll
MD5: e7b9d5ff20ffdd4aae2ef1d1b8c27a37  C:\Windows\SysWOW64\imagehlp.dll
MD5: a6f09e5669d9a19035f6d942caa15882  C:\Windows\SysWOW64\imm32.dll
MD5: 703de467af3e19d13fcde095761dd46d  C:\Windows\SysWOW64\InetClnt.dll
MD5: a16db15eaa50b48a521e600cedb26466  C:\Windows\SysWOW64\IntelCpHeciSvc.exe
MD5: a90dc9abd65db1a8902f361103029952  C:\Windows\SysWOW64\IPHLPAPI.DLL
MD5: ce982d0cbe88bea12a74ba9ff70ddc88  C:\Windows\SysWOW64\jscript9.dll
MD5: a38e10b4143a19f32d64517b6a1fcb98  C:\Windows\SysWOW64\kernel32.dll
MD5: 0a4ce9aaa18f9de7414c1e7be572f5fa  C:\Windows\SysWOW64\KernelBase.dll
MD5: c140f86932b5b61f54a4d836e2d34ab2  C:\Windows\SysWOW64\ksproxy.ax
MD5: 630a31f277349109299e590856a4b004  C:\Windows\SysWOW64\Kswdmcap.ax
MD5: 8ea53101ff2b15bdff934b62a8fb326d  C:\Windows\SysWOW64\logoncli.dll
MD5: 415fb89174e6d8bfc885a00a01c3446b  C:\Windows\SysWOW64\lpk.dll
MD5: 32b31b696cb8e8f380831dfeb80a67e4  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 62d98b286c805e193568037b70d936d2  C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
MD5: 8bc9db92c4b2f3be89185beab2afc1f6  C:\Windows\SysWOW64\mapi32.dll
MD5: 5b0c6247027fcf5a2e2f150e298d2ffa  C:\Windows\SysWOW64\mf.dll
MD5: 493fc0f59054a6f4f3775655fb55295c  C:\Windows\SysWOW64\mfc100.dll
MD5: 2a2c442f00b45e01d4c882eea69a01bc  C:\Windows\SysWOW64\mfc100enu.dll
MD5: df9a5545501a2442ca54c73c6f4de827  C:\Windows\SysWOW64\mfc120.dll
MD5: bc61781863211abbc7c15248ccfaf9a0  C:\Windows\SysWOW64\mfc120enu.dll
MD5: dc6612a9ee015a36ba2a27bc9cc12537  C:\Windows\SysWOW64\mfc42.dll
MD5: c5667ee72d7364be81516c0707fef724  C:\Windows\SysWOW64\mfplat.dll
MD5: bfebb6f76a0988a38260870c61a6d1b7  C:\Windows\SysWOW64\mfreadwrite.dll
MD5: 243974ec02f7ae49e4179c54624143ab  C:\Windows\SysWOW64\MMDevAPI.dll
MD5: d4191efab91e00fc09257aa5ebaf503b  C:\Windows\SysWOW64\mprapi.dll
MD5: 938f39b50bafe13d6f58c7790682c010  C:\Windows\SysWOW64\msasn1.dll
MD5: 7f8678c59f188528d60104e697c2361e  C:\Windows\SysWOW64\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d  C:\Windows\SysWOW64\mscoree.dll
MD5: 84b460bb65567ed42dd605fa044db370  C:\Windows\SysWOW64\msctf.dll
MD5: 7069aab8536f29ed7323140973a2894b  C:\Windows\SysWOW64\msdmo.dll
MD5: 7fa485555bf802fe3db5598004dbdfac  C:\Windows\SysWOW64\msdrm.dll
MD5: 3a16ea01fcfaab40882db5bfee632322  C:\Windows\SysWOW64\msftedit.dll
MD5: 1730f4b69593eb38072daf273b5565ab  C:\Windows\SysWOW64\mshtml.dll
MD5: d7c4abb0f1ffa371928eed0c7a6e24dc  C:\Windows\SysWOW64\msi.dll
MD5: 298fde634538b62ceeec266d8773b21a  C:\Windows\SysWOW64\msls31.dll
MD5: 2413d2216d08faf7d7178d9e0b481aeb  C:\Windows\SysWOW64\msmpeg2vdec.dll
MD5: 70e96ebe87a38857619671fcb9c8ec7b  C:\Windows\SysWOW64\msnetobj.dll
MD5: bc83108b18756547013ed443b8cdb31b  C:\Windows\SysWOW64\msvcp100.dll
MD5: fd5cabbe52272bd76007b68186ebaf00  C:\Windows\SysWOW64\msvcp120.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3  C:\Windows\SysWOW64\msvcr100.dll
MD5: 034ccadc1c073e4216e9466b720f9849  C:\Windows\SysWOW64\msvcr120.dll
MD5: ced41cb18c8e98d1ea7126d894842fca  C:\Windows\SysWOW64\msvcr120_clr0400.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e  C:\Windows\SysWOW64\msvcrt.dll
MD5: c335ec1182ac10b188705554e0bc1186  C:\Windows\SysWOW64\msvfw32.dll
MD5: e94c583cde2348950155f2af2876f34d  C:\Windows\SysWOW64\mswsock.dll
MD5: bf49b5d47d80d8711e3d54c8e0a59130  C:\Windows\SysWOW64\msxml3.dll
MD5: 2032b7698a8dca5e157fd4ed153e9a76  C:\Windows\SysWOW64\msxml6.dll
MD5: aec6e5459a89a9d42e6e7ba7d21fdfff  C:\Windows\SysWOW64\ncrypt.dll
MD5: 2fca0d2c59a855c54bafa22aa329df0f  C:\Windows\SysWOW64\netapi32.dll
MD5: 1ff7e4f548c7c372c804938f0d5b36ae  C:\Windows\SysWOW64\netcfgx.dll
MD5: eab975db4c2805927fe5bd047d05c9aa  C:\Windows\SysWOW64\netshell.dll
MD5: 20b3934db73eaba2b49b7177873cb81f  C:\Windows\SysWOW64\netutils.dll
MD5: 3d57ffbad3ed16b63de3879bab0fb56f  C:\Windows\SysWOW64\networkexplorer.dll
MD5: fe48346938c1cdddf4e4097db9b99764  C:\Windows\SysWOW64\nlaapi.dll
MD5: 5792e7c663faa39335d4f787b9499490  C:\Windows\SysWOW64\ntdll.dll
MD5: d7b7159bc8374e87d8c45a30377a3440  C:\Windows\SysWOW64\ntlanman.dll
MD5: 03f3b770dfbed6131653ceda8ca780f0  C:\Windows\SysWOW64\ntshrui.dll
MD5: 7d34af98a706230cc2dedfe0cabf87ab  C:\Windows\SysWOW64\odbc32.dll
MD5: 4548507ed3c17db4739dbbeaf6378004  C:\Windows\SysWOW64\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa  C:\Windows\SysWOW64\oleacc.dll
MD5: a208dac2932649cff82a6a684d8bb1f6  C:\Windows\SysWOW64\oleaut32.dll
MD5: 703ffd301ab900b047337c5d40fd6f96  C:\Windows\SysWOW64\olepro32.dll
MD5: f748f53fe09d21d8ecbb6421e6792024  C:\Windows\SysWOW64\onex.dll
MD5: 487f44b08efeaf5ad087878357b9403d  C:\Windows\SysWOW64\pdh.dll
MD5: e98278865e8daba21cfe5fe4be34210a  C:\Windows\SysWOW64\PortableDeviceApi.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a  C:\Windows\SysWOW64\propsys.dll
MD5: cc5bf60e9d3f181c0b62ac91ad8634b8  C:\Windows\SysWOW64\qcap.dll
MD5: 492ff9c530ec0352b3c904ce9898269d  C:\Windows\SysWOW64\qedit.dll
MD5: 96db6a923dedb58fc7cbbf5cff73314d  C:\Windows\SysWOW64\quartz.dll
MD5: 102cf6879887bbe846a00c459e6d4abc  C:\Windows\SysWOW64\riched20.dll
MD5: a84651315c2cbb67686b4176e515fafd  C:\Windows\SysWOW64\rpcrt4.dll
MD5: 5997d769cdb108390dcfaebf442bf816  C:\Windows\SysWOW64\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159  C:\Windows\SysWOW64\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859  C:\Windows\SysWOW64\samcli.dll
MD5: 31f7525fb731186382a8a33da036dacb  C:\Windows\SysWOW64\schannel.dll
MD5: 6581b52e133cc6d00661c58968c7e212  C:\Windows\SysWOW64\SearchFolder.dll
MD5: 449a23270388c656437453e06a876bba  C:\Windows\SysWOW64\secur32.dll
MD5: 10fb16b50affda6d44588f3c445dc273  C:\Windows\SysWOW64\setupapi.dll
MD5: 2c4a87ca8c00e98efdcfa2e8ec9a3503  C:\Windows\SysWOW64\shdocvw.dll
MD5: 4478348e3942ad9eed9ab263afe7cd83  C:\Windows\SysWOW64\shell32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71  C:\Windows\SysWOW64\shlwapi.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87  C:\Windows\SysWOW64\srvcli.dll
MD5: 7dde339472915cd45d47e92c22e7b69a  C:\Windows\SysWOW64\sspicli.dll
MD5: 6a1e8deb746912df47cf651e138401d7  C:\Windows\SysWOW64\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6  C:\Windows\SysWOW64\sxs.dll
MD5: d23e615e0969aecc1134e372b0b295d1  C:\Windows\SysWOW64\synceng.dll
MD5: 20a20a911cd79a6f6839167149a05668  C:\Windows\SysWOW64\syncui.dll
MD5: 672d7c5080acb003343006405da2e621  C:\Windows\SysWOW64\thumbcache.dll
MD5: 465dbf63a5049e4db4bc5c12ffe781cb  C:\Windows\SysWOW64\tquery.dll
MD5: c9708c9f3dba3dbfb1d2fee1e9dabad0  C:\Windows\SysWOW64\twext.dll
MD5: 7c25f33e59d387de06b11b8ec38cf26d  C:\Windows\SysWOW64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3  C:\Windows\SysWOW64\user32.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b  C:\Windows\SysWOW64\userenv.dll
MD5: a5f833506bf6a1b5d693e1499dee2444  C:\Windows\SysWOW64\usp10.dll
MD5: 28d2b08d3d33670b0d010ed2ba2ab513  C:\Windows\SysWOW64\vcomp100.dll
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a  C:\Windows\SysWOW64\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21  C:\Windows\SysWOW64\wbemcomn.dll
MD5: ef5fc09e1ff10f2f88fe0588d955d766  C:\Windows\SysWOW64\wdigest.dll
MD5: d205c24a9d069049fe2df2a1b38726a7  C:\Windows\SysWOW64\wdmaud.drv
MD5: fb19fc5951a88f3c523e35c2c98d23c0  C:\Windows\SysWOW64\webio.dll
MD5: 5f3628dcf926c4499be1dc74431dfbc8  C:\Windows\SysWOW64\WindowsCodecs.dll
MD5: 62a6eb5771580cae445804389f3f7432  C:\Windows\SysWOW64\WindowsCodecsExt.dll
MD5: ca9f7888b524d8100b977c81f44c3234  C:\Windows\SysWOW64\winhttp.dll
MD5: a8c80a92549afdd6891c8159d4c0a107  C:\Windows\SysWOW64\wininet.dll
MD5: d5aefad57c08349a4393d987df7c715d  C:\Windows\SysWOW64\winmm.dll
MD5: 81c0fa250ef6dc1c6b3fa2bce81d6c2e  C:\Windows\SysWOW64\WinSATAPI.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8  C:\Windows\SysWOW64\winspool.drv
MD5: fd67683fba9b2c4bb551780bd8846f64  C:\Windows\SysWOW64\winsta.dll
MD5: 588d52c2d0e60ee71fd5a64407865b10  C:\Windows\SysWOW64\wintrust.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202  C:\Windows\SysWOW64\wkscli.dll
MD5: a882cd13f68656cfd657e6639d3d3e17  C:\Windows\SysWOW64\wlanui.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152  C:\Windows\SysWOW64\Wldap32.dll
MD5: 0f416e23dd2eb4debe70608020cfd283  C:\Windows\SysWOW64\WMVCORE.DLL
MD5: 43c9cf6825cea58f1815b7c3dbbb385c  C:\Windows\SysWOW64\Wpc.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9  C:\Windows\SysWOW64\ws2_32.dll
MD5: ac122407b29378ff9646f03404ac7c54  C:\Windows\SysWOW64\wshbth.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968  C:\Windows\SysWOW64\wtsapi32.dll
MD5: 77f595dee5ffacea72b135b1fce1312e  C:\Windows\SysWOW64\xinput1_3.dll
MD5: edf2a5e96bec469da3f64e9bdd386111  C:\Windows\SysWOW64\xmllite.dll
MD5: a2f0b6a45ef5b68173aaa2a39690904e  C:\Windows\SysWOW64\zipfldr.dll
MD5: 1d109ed0d660654ea7ff1574558031c4  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MD5: d34a527493f39af4491b3e909dc697ca  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MD5: 58788565442368b0615ddaf1d452b843  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
MD5: 885e18b2d0a445fb637850282530eb72  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
MD5: 4e17189ddbdcaecd09c3e250ac5521c7  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18946_none_72d45ee78666ea32\GdiPlus.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.02 MB sent, 1.68 KB recvd
Scanned 666 files and modules - 61 seconds

==============================================================================
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Ran by User1 (administrator) on DAUNTLESS (13-07-2016 20:16:04)
Running from C:\Users\User1\Desktop\FRST64
Loaded Profiles: User1 (Available Profiles: User1 & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Scrivener HQ Pty Ltd.) C:\Program Files (x86)\Scrivener\Scrivener.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Foxit Corporation) C:\Users\User1\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\User1\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Farbar) C:\Users\User1\Desktop\FRST64\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [408576 2011-04-19] (Vodafone)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2016-02-11] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [FwWordConverter] => C:\Program Files (x86)\RL-Software\FwWordConverter\complete.exe [210944 2016-06-20] (R&L Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2014-05-30]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-28]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-28]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-28]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{00F12050-C1AB-420D-93CB-FDF14345310D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{043BE712-F8BC-4377-96FB-45DB49ECFB1D}: [NameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{043BE712-F8BC-4377-96FB-45DB49ECFB1D}: [DhcpNameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{29476DF9-6B52-48BF-9ABE-9D23CBBCCBDA}: [NameServer] 197.250.65.178 41.223.5.33
Tcpip\..\Interfaces\{36EED24D-C991-404A-9A7B-1353998A1249}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5F842A87-F1DD-44FE-99AE-8492F10299AD}: [NameServer] 197.250.65.178 41.223.5.33

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2572138134-34439291-2312372487-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2016-02-11] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2572138134-34439291-2312372487-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2572138134-34439291-2312372487-1000: @talk.google.com/O1DPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2572138134-34439291-2312372487-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User1\AppData\Local\Google\Update\1.3.30.5\npGoogleUpdate3.dll [2016-07-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-2572138134-34439291-2312372487-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User1\AppData\Local\Google\Update\1.3.30.5\npGoogleUpdate3.dll [2016-07-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Bitdefender QuickScan - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-07-13]
FF Extension: Adblock Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\7nkpvw3l.default-1437326176257\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-07-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (ColorZilla) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-08-17]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Boomerang for Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [23040 2015-02-22] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-03-13] (Foxit Software Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-02-11] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-02-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2016-02-11] (Intuit Inc.) [File not signed]
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-05-25] ()
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196608 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-13 20:06 - 2016-07-13 20:06 - 00000000 ____D C:\Users\User1\AppData\Roaming\QuickScan
2016-07-13 15:54 - 2016-07-13 20:13 - 00002230 _____ C:\Users\User1\Desktop\Rkill.txt
2016-07-12 12:23 - 2016-07-12 12:23 - 00000448 _____ C:\Users\User1\Desktop\2016-07-12 To Do.txt
2016-07-12 03:30 - 2016-07-12 03:30 - 06858912 _____ (ESET spol. s r.o.) C:\Users\User1\Desktop\esetonlinescanner_enu.exe
2016-07-12 03:30 - 2016-07-12 03:30 - 00000000 ____D C:\Users\User1\AppData\Local\ESET
2016-07-08 22:39 - 2016-07-12 14:36 - 00000413 _____ C:\Users\User1\Desktop\TO DO 7-8-2016.txt
2016-07-07 19:03 - 2016-07-07 19:03 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-07-07 19:03 - 2016-07-07 19:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-07-07 19:03 - 2016-07-07 19:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-07-07 19:01 - 2016-07-07 19:01 - 00001858 _____ C:\FixitRegBackup.reg
2016-07-07 19:00 - 2016-07-07 19:00 - 00806400 _____ C:\Users\User1\Desktop\MicrosoftFixit50692.msi
2016-07-07 17:34 - 2016-07-07 17:34 - 14324408 _____ (Microsoft Corporation) C:\Users\User1\Desktop\MSEInstall.exe
2016-07-07 16:12 - 2016-07-12 03:27 - 00000000 ____D C:\Users\User1\Documents\Beth Wedding
2016-07-06 12:43 - 2016-07-06 12:43 - 00025429 _____ C:\ComboFix.txt
2016-07-06 11:33 - 2016-07-06 12:43 - 00000000 ____D C:\Qoobox
2016-07-06 11:33 - 2016-07-06 12:05 - 00000000 ____D C:\Windows\erdnt
2016-07-06 11:33 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-07-06 11:33 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-07-06 11:33 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-07-06 11:33 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-06 11:33 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-07-06 11:33 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-07-06 11:33 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-07-06 11:33 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-07-06 10:56 - 2016-07-13 20:01 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000UA.job
2016-07-06 10:56 - 2016-07-13 11:15 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000Core.job
2016-07-06 10:56 - 2016-07-06 10:56 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000UA
2016-07-06 10:56 - 2016-07-06 10:56 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000Core
2016-07-05 23:27 - 2016-07-05 23:27 - 05659337 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2016-07-05 23:26 - 2016-07-07 16:12 - 00000322 _____ C:\Users\User1\Desktop\TO DO 7-5-2016.txt
2016-07-05 23:25 - 2016-07-05 23:25 - 00003422 _____ C:\Users\User1\Desktop\HARO 7-7.txt
2016-07-05 23:25 - 2016-07-05 23:25 - 00001855 _____ C:\Users\User1\Desktop\HARO - 7-6.txt
2016-07-04 15:25 - 2016-07-13 20:15 - 00000000 ____D C:\Users\User1\Desktop\FRST64
2016-07-04 12:45 - 2016-07-04 12:45 - 00000562 _____ C:\Users\User1\Desktop\JRT2.txt
2016-07-04 12:31 - 2016-07-04 12:41 - 00000562 _____ C:\Users\User1\Desktop\JRT.txt
2016-07-04 12:26 - 2016-07-04 12:26 - 01610816 _____ (Malwarebytes) C:\Users\User1\Desktop\JRT.exe
2016-07-04 12:08 - 2016-07-04 12:17 - 00000000 ____D C:\AdwCleaner
2016-07-04 12:06 - 2016-07-06 12:23 - 00000000 ____D C:\Users\User1\Desktop\Virus Fix Files
2016-07-04 12:00 - 2016-07-04 12:00 - 03712064 _____ C:\Users\User1\Desktop\adwcleaner_5.201.exe
2016-07-03 12:51 - 2016-07-13 20:16 - 00000000 ____D C:\FRST
2016-07-02 20:06 - 2016-07-02 20:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User1\Desktop\rkill.exe
2016-07-02 19:26 - 2016-07-02 19:26 - 00000261 _____ C:\Users\User1\Desktop\2016-07 Attempted Virus.txt
2016-07-02 19:25 - 2016-07-07 19:16 - 00000767 _____ C:\Users\User1\Desktop\2016-07 TO DO GENERAL.txt
2016-07-02 19:19 - 2016-07-02 19:19 - 00000220 _____ C:\Users\User1\Desktop\2016-07 To Do MM.txt
2016-07-02 19:15 - 2016-07-07 19:16 - 00000653 _____ C:\Users\User1\Desktop\2016-07 TO DO CAREER.txt
2016-06-28 12:10 - 2016-07-04 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-21 09:08 - 2016-06-21 09:08 - 00000652 _____ C:\Users\User1\Desktop\2016-06-21 To Do.txt
2016-06-21 09:07 - 2016-06-21 09:07 - 00003313 _____ C:\Users\User1\Desktop\2016-06-21 New Panora - put in Scriv.txt
2016-06-20 15:16 - 2016-06-20 15:16 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FwWordConverter
2016-06-20 15:16 - 2016-06-20 15:16 - 00000000 ____D C:\Program Files (x86)\RL-Software
2016-06-20 15:10 - 2016-07-12 03:15 - 00000000 ____D C:\Users\User1\Desktop\MM
2016-06-20 15:10 - 2016-07-04 12:02 - 00000000 ____D C:\Users\User1\Desktop\Pandora
2016-06-20 10:09 - 2016-06-20 10:09 - 00000000 ____D C:\Users\User1\.QtWebEngineProcess
2016-06-20 10:09 - 2016-06-20 10:09 - 00000000 ____D C:\Users\User1\.LSC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-13 20:16 - 2014-05-30 19:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-13 20:11 - 2014-05-30 23:59 - 00000000 ____D C:\Users\User1\AppData\Roaming\Skype
2016-07-13 19:40 - 2014-05-24 18:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-13 18:16 - 2014-05-30 19:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-13 03:40 - 2014-05-24 18:43 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-13 03:40 - 2014-05-24 18:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 03:40 - 2014-05-24 18:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-13 03:40 - 2014-05-24 18:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 03:40 - 2014-05-24 18:43 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 14:49 - 2013-03-08 13:21 - 00024695 _____ C:\Users\User1\Documents\Reading List.xlsx
2016-07-09 15:33 - 2014-05-24 19:45 - 00901622 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-09 15:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-08 11:40 - 2012-10-31 23:36 - 00000000 ____D C:\Users\User1\Documents\Recipes
2016-07-07 20:19 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-07 20:19 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-07 19:03 - 2014-05-30 17:05 - 00001945 _____ C:\Windows\epplauncher.mif
2016-07-07 17:34 - 2015-01-07 22:52 - 00000000 ____D C:\Users\User1\AppData\Local\ElevatedDiagnostics
2016-07-06 12:39 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-07-06 12:26 - 2009-07-14 00:13 - 00884036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-06 12:24 - 2016-04-15 19:10 - 00000000 ____D C:\Users\User1\Desktop\Installers
2016-07-06 12:20 - 2016-02-26 17:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-06 12:19 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-06 11:30 - 2012-11-19 04:40 - 00000000 ____D C:\Users\User1\Documents\Health
2016-07-06 10:56 - 2014-05-30 19:10 - 00000000 ____D C:\Users\User1\AppData\Local\Google
2016-07-06 10:56 - 2014-05-22 18:20 - 00000000 ____D C:\Users\User1\AppData\Roaming\Mozilla
2016-07-05 10:52 - 2014-05-24 17:05 - 00000000 ____D C:\Users\User1\Documents\Career
2016-07-04 16:30 - 2014-05-31 00:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-04 16:29 - 2015-06-04 11:38 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-04 16:29 - 2014-05-31 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-04 16:29 - 2014-05-31 00:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-04 15:27 - 2015-08-24 16:02 - 00000000 ____D C:\Users\User1\AppData\LocalLow\Temp
2016-07-04 12:18 - 2014-07-14 22:50 - 00000000 ____D C:\Users\User1\AppData\Local\DM
2016-07-04 12:18 - 2014-05-22 18:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-04 12:03 - 2012-11-20 04:39 - 00000000 ____D C:\Users\User1\Documents\To Do
2016-07-02 23:29 - 2016-01-06 17:01 - 00013122 _____ C:\Users\User1\Desktop\New Year's Resolutions.xlsx
2016-07-02 19:19 - 2013-04-23 16:48 - 00000000 ____D C:\Users\User1\Documents\Car
2016-07-02 19:11 - 2016-05-28 15:21 - 00006094 _____ C:\Users\User1\Desktop\2016-05 revive.txt
2016-07-02 17:24 - 2012-09-24 21:49 - 00000000 ____D C:\Users\User1\Documents\Financial
2016-07-02 16:33 - 2013-04-24 18:02 - 00000000 ____D C:\Users\User1\Documents\Writing - Publishing
2016-06-28 11:34 - 2012-07-27 16:23 - 00008727 _____ C:\Users\User1\Documents\Address Book (merge).xlsx
2016-06-26 12:30 - 2014-05-24 18:54 - 00000000 ____D C:\ProgramData\Oracle
2016-06-26 11:54 - 2014-12-22 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-26 11:54 - 2014-12-22 18:33 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-26 11:53 - 2015-09-07 16:40 - 00000000 ____D C:\Users\User1\.oracle_jre_usage
2016-06-26 11:53 - 2014-12-22 18:33 - 00097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-06-21 12:13 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-20 10:09 - 2014-05-30 11:07 - 00000000 ____D C:\Users\User1\AppData\Roaming\Lenovo
2016-06-20 10:09 - 2014-05-16 11:49 - 00000000 ____D C:\Users\User1
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-06-20 08:22 - 2014-05-16 12:09 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-06-20 08:21 - 2014-05-16 12:09 - 00000000 ____D C:\ProgramData\lenovo
2016-06-17 20:17 - 2014-05-30 19:11 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 20:17 - 2014-05-30 19:11 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-05-29 00:54 - 2014-05-29 00:54 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
2014-12-27 21:52 - 2014-12-27 21:52 - 0033193 _____ () C:\Users\User1\AppData\Roaming\UserTile.png
2015-04-15 10:59 - 2015-04-15 10:59 - 0000852 _____ () C:\Users\User1\AppData\Local\recently-used.xbel
2014-05-16 11:17 - 2015-09-08 01:34 - 0007598 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-05-30 19:14 - 2014-05-30 19:15 - 0037497 _____ () C:\Users\User1\AppData\Local\WiDiSetupLog.20140530.201458.wdl
2011-04-18 07:39 - 2011-04-18 07:39 - 0226364 ____R () C:\ProgramData\DeviceManager.xml.rc4
2014-05-16 11:21 - 2014-05-16 11:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-07 00:37

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by User1 (2016-07-13 20:19:38)
Running from C:\Users\User1\Desktop\FRST64
Windows 7 Professional Service Pack 1 (X64) (2014-05-16 16:49:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2572138134-34439291-2312372487-500 - Administrator - Disabled)
Guest (S-1-5-21-2572138134-34439291-2312372487-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2572138134-34439291-2312372487-1002 - Limited - Enabled)
User1 (S-1-5-21-2572138134-34439291-2312372487-1000 - Administrator - Enabled) => C:\Users\User1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com)
Amazon Unbox Video (x32 Version: 5.0.0.17 - Amazon.com) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Chicktionary (HKLM-x32\...\Chicktionary) (Version: 32.0.0.0 - Shockwave.com)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dominion (HKLM-x32\...\Dominion) (Version: 2.01.03.15 - MakingFun)
DVDSmith Movie Backup 1.0.8 (HKLM-x32\...\DVDSmith Movie Backup_is1) (Version:  - dvdsmith.com)
EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.9.56.313 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{0A33872C-25C0-4E0A-80DB-53067BB717DD}) (Version: 7.1.3.320 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Framework to DOC Converter (HKLM-x32\...\FwWordConverter) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iExplorer 3.8.1.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Instant Eyedropper 1.8.0.0 (HKLM-x32\...\Instant Eyedropper_is1) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.0.0.30 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.30 - RICOH)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
King's Bounty: Crossworlds (HKLM\...\Steam App 63910) (Version:  - Katauri Interactive)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.10 - Lenovo)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.20 - Lenovo)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0029 - Lenovo)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 7.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.4.0 - Moritz Bunkus)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
oDesk Team (HKU\S-1-5-21-2572138134-34439291-2312372487-1000\...\oDVT) (Version:  - oDesk Corporation)
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
PDF Combine (HKLM-x32\...\PDF Combine_is1) (Version: 2.5 - Softplicity, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
QuickBooks (x32 Version: 26.0.4005.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4005.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Bottom of the Well (HKLM\...\Steam App 449020) (Version:  - Red Nettle Studio)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.60.4.0 - Lenovo Group Limited)
To Burn in Memory (HKLM\...\Steam App 434120) (Version:  - Orihaus)
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.103.31248 - Vodafone)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{8A589AFF-8DA8-49C5-B89B-20C9DF31F2B7}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.30.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2572138134-34439291-2312372487-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.30.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050EB29E-C2B0-49CD-948F-8F8B93FC70B9} - System32\Tasks\{973EBCA8-13FC-4FC9-A17B-F72EC28DAA9F} => C:\Users\User1\Desktop\cdrw_usb.exe [2015-09-30] (Hewlett-Packard Company)
Task: {0DC58467-E110-44A2-94AD-91839DBBA2FE} - System32\Tasks\{2D58202E-985D-4C3C-B4DA-3773DA1746A6} => C:\Users\User1\Desktop\cdrw_usb.exe [2015-09-30] (Hewlett-Packard Company)
Task: {16D31C0E-8558-460F-A99F-210908D160B1} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {16F48D39-488A-43A8-ABEB-26161573A3C7} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {1F99488C-6245-4149-AFE5-2A82D9B9ADE7} - System32\Tasks\{C22F8FB1-0C1B-456D-A673-BC7DE9BBC9EA} => pcalua.exe -a C:\Users\User1\Desktop\cdrw_usb.exe -d C:\Users\User1\Desktop
Task: {23B39133-AEC4-4BD6-94AE-1936CA0C6799} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {47A82873-906B-482D-B4AF-294B06D7D308} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {4B7D375C-C218-41F9-91AC-31DB701BEE11} - System32\Tasks\{B53B2FBA-689F-4469-B81D-77A5A2578B6D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula
Task: {560C6AC3-B0BA-40CE-B442-5B168CFFA7DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {5CA28A94-E6E1-4617-9452-C891EF58484C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {5FDE3E9F-4EBB-48AF-99EB-B674881BFAC6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {726F67B6-7A3F-4A9A-B0D7-2E5D20A0E4CC} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {788128B1-D8B7-4D50-8D20-AAC1CA87274C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000Core => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-06] (Google Inc.)
Task: {84AC1D00-6E33-4858-86CE-3F5781C417B9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {8B8E0E10-B5E7-4A28-8FBE-AA89CFD8E1D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {953387FE-BC45-4785-B2D6-DCBFF3E52E78} - System32\Tasks\{E13195ED-6D24-4991-BBC7-755E00EB9873} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula
Task: {99E49901-85B5-49DB-A980-CE181E766BF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B1114AEF-08EB-4357-8272-270BD8124C34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000UA => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-06] (Google Inc.)
Task: {B8D62B00-6B07-4574-A388-DAB5084F0413} - System32\Tasks\{28BB1BE4-29E6-40E6-81AA-4B76259079D4} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/privacy
Task: {C2532CF2-89CD-42F8-88BF-830F5ABBFBCD} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-05-25] ()
Task: {CBF6B82D-2C44-4B2D-97C5-2E01E659577B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {DED424F2-3A49-4F4F-90BA-030ADB2D3DAB} - System32\Tasks\{32F8231C-00E1-45D7-963D-0A5BD7249447} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/privacy
Task: {E05D9D5D-8774-4F0A-92A9-3E40E891C903} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {EB9256A1-C6E5-4204-A795-487D2896881B} - System32\Tasks\{167203B5-F0D2-4EA6-A6B4-D55C48ED8AE7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/eula

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000Core.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572138134-34439291-2312372487-1000UA.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User1\Desktop\Backup HD Stuff\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Constant Guard Protection Suite.lnk -> hxxp://security.comcast.net/?cid=xfactiv_security (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Stuff\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\Live PC Help.lnk -> hxxp://www.thephonesupport.com/?src=dtop (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Stuff\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY Connect.lnk -> hxxp://www.comcast.net/qry/goto?app=mail&cid=xfactiv_email (No File)
Shortcut: C:\Users\User1\Desktop\Backup HD Stuff\Meredith's Computer - delete 2-9\2015-01-06\Users\Meredith\Desktop (copied)\XFINITY TV.lnk -> hxxp://xfinitytv.comcast.net/?cid=xfactiv_tv (No File)

==================== Loaded Modules (Whitelisted) ==============

2014-06-01 19:55 - 2013-04-15 10:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-06-01 19:56 - 2013-04-15 10:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-21 15:44 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-05-16 11:22 - 2013-11-16 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-05-20 09:30 - 2016-04-14 06:08 - 00107008 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-06-01 19:55 - 2013-04-15 10:50 - 00343552 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006SD.DLL
2014-06-01 19:55 - 2013-04-15 10:49 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006GC.dll
2014-06-01 19:55 - 2013-04-15 10:49 - 04003328 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006SU.DLL
2014-12-11 15:15 - 2014-12-11 15:15 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-05-30 17:29 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-05-30 17:29 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2015-02-22 07:41 - 2015-02-22 07:41 - 00110592 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2016-02-26 17:11 - 2016-04-29 15:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-26 17:11 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-26 17:11 - 2016-06-14 19:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-26 17:11 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-26 17:11 - 2016-06-14 19:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 23:35 - 2016-02-17 17:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-04-21 15:44 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-02-26 17:11 - 2016-06-14 14:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-05-30 17:34 - 2013-12-03 12:36 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-08-13 09:09 - 2014-08-13 09:09 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2016-04-06 23:53 - 2015-09-12 05:03 - 00195584 _____ () C:\Program Files (x86)\Scrivener\QtSolutions_MMLWidget-2.4.dll
2016-04-06 23:53 - 2002-12-19 23:41 - 01364823 _____ () C:\Program Files (x86)\Scrivener\Aspell\bin\aspell-15.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-07-06 11:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2572138134-34439291-2312372487-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{42DE4584-70BA-4E32-9208-BB52CEFAF8DE}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{FB8C0C5A-06A1-4414-82C8-A7821A3B5E74}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CF6F66CA-FA5A-4DE5-9371-B1E5BBA96B99}C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AD29E40F-5D45-42B7-B0D0-3810BD85C2C0}C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{983A3230-DB8F-4BB0-A52D-D7F92FCD1297}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{BED21FF6-C104-473A-9A51-407AED9BEFDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B28AA31-4793-4D0C-AFE7-F8040AB55873}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0435B6C1-EC17-4127-A73A-E81FD04CB7AB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5DB4D6BE-26D6-4C09-8B89-D3EBA46C1156}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{4EF3F7AD-A7B2-4069-AAF1-353C7166C049}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68BBFCC5-0273-4777-B720-AD8E72BD0E7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D195F671-4CFA-4140-AF86-B7A249934111}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B752D27C-F5CA-4F3B-B10D-CC6725B75B9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A2FEE2C-8BCA-4702-9B1A-DF00432A5C01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB6AA92E-D768-44E3-AF67-4C5886584B07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A4B6CA1C-CBD0-4E35-802F-2870FEBD1178}] => (Allow) C:\Users\User1\Desktop\PDFCombine-74674127.exe
FirewallRules: [{FB1FBFA1-9AFE-4258-9238-DCE425D978DE}] => (Allow) C:\Users\User1\Desktop\PDFCombine-74674127.exe
FirewallRules: [{2D6C4B04-24D7-4BC6-BA5D-6EFEF6665EDF}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{FC9AD853-0C49-44CD-8BFA-DEA5E40BBF8C}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{1F29B9BD-0BAB-42F0-BE07-6DD64CCA36D3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB3F4683-1893-4CAF-A532-7F512CEDE7B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D96E1F9A-376B-4FB1-9833-8D487727CE5D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F634337A-61AF-40D9-9AC6-0292FE238503}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{22F79A5F-B099-4C99-B69C-E1983AF0D3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{C0CBC54B-BFB9-4080-87DF-A6CD673AA249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{466D5510-402C-471F-84E8-ED30B8A8E300}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bottom of the Well\bottomofthewell.exe
FirewallRules: [{C85B70F1-0897-49FB-B404-0A9C3870BA39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bottom of the Well\bottomofthewell.exe
FirewallRules: [{BEA5BFF0-4F23-44C4-98BD-494DFFC68210}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To Burn in Memory\nw.exe
FirewallRules: [{082C4761-312B-41DF-9068-0B6A88AEF097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To Burn in Memory\nw.exe
FirewallRules: [{DCAF376F-DBC8-4E1A-874B-90ABA08AE260}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{E2C3EFF7-180C-4B20-B2D4-C7367215D577}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{9CCD6B1D-6502-487B-8CB6-2F3FD621C89D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE
FirewallRules: [{E6C9A777-8E11-46EF-AC8E-DB85CEF0EFA4}] => (Allow) LPort=54925
FirewallRules: [{0F8890D9-395B-4C9D-B431-CF0CD6DEAE7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{010D9204-B1D8-4F28-A068-28837E23851B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{48724F8F-179E-4C69-BD9C-F3F642951DE8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E4317D68-3C11-433C-AF1E-F93E0BBF7B35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E4D8F78C-C93F-4D64-8D7D-460BACE2DCED}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{D6D3FE4D-B3C5-46DD-8405-A4739A15C9DC}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Restore Points =========================

06-07-2016 11:33:45 ComboFix created restore point
06-07-2016 12:17:32 Restore Point Created by FRST
07-07-2016 19:01:25 Installed Microsoft Fix it 50692
07-07-2016 20:16:04 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2016 11:44:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1712954

Error: (07/13/2016 11:44:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1712954

Error: (07/13/2016 11:44:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2016 11:44:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1711940

Error: (07/13/2016 11:44:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1711940

Error: (07/13/2016 11:44:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2016 11:44:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1710941

Error: (07/13/2016 11:44:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1710941

Error: (07/13/2016 11:44:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2016 11:44:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1709803


System errors:
=============
Error: (07/13/2016 11:46:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (07/13/2016 11:46:38 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/13/2016 11:46:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (07/13/2016 11:46:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/13/2016 11:46:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (07/13/2016 11:46:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/13/2016 11:46:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (07/13/2016 11:46:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/13/2016 11:46:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (07/13/2016 11:46:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
  Date: 2016-07-06 11:42:57.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 11:42:57.772
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-05-16 12:52:14.479
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 13:37:23.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-30 13:44:47.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 13:18:22.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-29 13:41:53.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-01 10:47:18.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-22 15:59:24.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-22 13:58:58.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 11984.8 MB
Available physical RAM: 6841.58 MB
Total Virtual: 23967.8 MB
Available Virtual: 18772.44 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.35 GB) (Free:41.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:6.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4B3E34C6)
Partition 1: (Active) - (Size=1000 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#29
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
I have to get off for the night.

Can you see out of curiosity if MSE will up date in safe mode with networking.

Restart the computer, during restart, keep tapping the F8 key so we can boot into the Advanced boot options menu, black screen with white text.

From the screen using your arrow keys select "Safemode with networking" then hit enter and try to up date.

Let me know.

Next we will run System file checker.

Do you know if windows up date is working ?, because we will look at the too
  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
If you're up late or Tomorrow here's the instruction for running System file checker.

I should return tomorrow at around 5 pm EST
  • Open an elevated command prompt by right clicking on the command prompt and choosing Run as administrator.
  • In the elevated command prompt, type sfc /scannow and press Enter. Please note the space between sfc /
  • This may take a little bit of time to finish so your patience will be needed.
  • When the scan is complete, open another elevated command prompt and copy and paste the following command, then press Enter.

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

    This will place a sfcdetails.txt file on your desktop with only the SFC scan result details from the CBS.LOG in it.
    Please copy and paste the results in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP