Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Recent Victim of "Fake Microsoft" Phishing Scam- Is PC Malware-Free?

    I am an intermediate PC user. I have a desktop Dell 531s PC, Windows 7- Home Premium- 64 bit. Service pack 1 is installed and windows is up-to-date. (1)- I was recently the victim of a "fake Microsoft" phishing scam (as I hadn't read about the scam, until afterward). I received a screen on my pc stating I should call Microsoft (at the 800 # given). I did, and "long story short"; the "agent" ended-up taking over my pc (voluntarily). (PS: They used the same "assist" program as Microsoft). (2)- I was told it would take 1 hour to make sure my pc was "clean"; however, after about "5 minutes" I began to doubt the authenticity and called Microsoft support, and asked if that was a "Microsoft Number", and was told "no". (3)- I was then told to disconnect my pc from the internet (which I did). The scammers had 5-10 minutes with my pc, however. (4)- Surprisingly, the (real) Microsoft agent, then ran a Microsoft Security Essentials "quick scan"- which came back - for malware, and thus deemed my pc as "malware-free".
    This was about ten days ago. As I didn't trust the thoroughness of the "quick scan" claiming such a declaration, the next day I ran several online virus scans myself (ESET, Surfer Pro, Hitman Pro, and a "full" Microsoft Essentials Scan. All came back (-).
    I realize my main concern, here, should be ID theft; and have already taken the advised measures regarding passwords, bank accounts, credit agencies, etc.
    I also realize the only way to know my pc is "absolutely" malware-free is to do a "clean install" of windows 7.

    Question: (Short of a clean-install), can you help me determine if any malware were "planted" on my pc?
    Thanks, ST

    Required scans (posted below)- I tried to "attach" but couldn't.
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
    Generated 11/30/2015 at 01:37 PM
    Application Version : 6.0.1208
    Database Version : 12218
    Scan type : Complete Scan
    Total Scan Time : 00:17:21
    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User
    Memory items scanned : 540
    Memory threats detected : 0
    Registry items scanned : 64362
    Registry threats detected : 0
    File items scanned : 20548
    File threats detected : 0
    ============
    End of Log
    ============

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 12/1/2015
    Scan Time: 11:04 AM
    Logfile: mbytes.txt
    Administrator: Yes
    Version: 2.2.0.1024
    Malware Database: v2015.12.01.04
    Rootkit Database: v2015.11.26.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Owner
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 380374
    Time Elapsed: 24 min, 27 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 2
    Broken.OpenCommand, HKCR\scrfile\shell\open\command, NOTEPAD.EXE "Good: ("Bad: (NOTEPAD.EXE "%1"),,[ffffffffffffffffffffffffffffffff]" /S)", %4, %5
    Broken.OpenCommand, HKCR\regfile\shell\open\command, NOTEPAD.EXE "Good: (regedit.exe "Bad: (NOTEPAD.EXE "%1"),,[ffffffffffffffffffffffffffffffff]")", %4, %5
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 8:40:57 PM, on 12/2/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18098)

    Boot mode: Normal
    Running processes:
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
    C:\Users\Owner\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
    O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" /lbstartup
    O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN38ME4GN005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help" /build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help" /build:7601 (User 'Default user')
    O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
    O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
    O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0B1D471A-2882-4EEC-AF6E-4E340F8D06A8} (Vianeta Framer Control Object) - https://webemr.spheris.com/Includes/...s/vNOffice.cab
    O16 - DPF: {72E3BD4F-F820-4C80-AED5-7184AC0942EB} (Manager Class) - https://webemr.spheris.com/Includes/...ditControl.CAB
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {90228B40-B6BE-4B60-B068-39D4A3D6CEAA} (ClientPrint.ctlClientPrint) - https://webemr.spheris.com/Includes/...lientPrint.CAB
    O16 - DPF: {AB7A19FB-B64F-468D-B8CC-93F8837B7A26} (VnWemrVu Control) - https://webemr.spheris.com/Includes/...vNWEBMRVUE.cab
    O16 - DPF: {BC8A08E6-18E6-4AE6-B18F-831C1B928C1F} (PrintMgr Class) - https://webemr.spheris.com/Includes/...etPrintMgr.CAB
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://vpn.chs.net/dana-cached/sc/J...etupClient.cab
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
    --
    End of file - 11857 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi! My name is zep516 and Welcome to Help2Go forums!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    No need to attach logs.
    Please do not run Hitman pro any more.
    Why do we have webroot installed (C:\Program Files\Webroot\WRSA.exe),? We don't want two Anti Virus programs running and you mentioned you ran Microsoft Security Essentials so i assumed you were using that.


    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop. 64 Bit version for you Scott. Save it to the desktop and run it from there.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Last edited by zep516; 12-02-2015 at 10:23 PM.

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Posted results: "FRST.txt" and "Addition.txt"

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
    Ran by Owner (administrator) on SCOTTT331-PC (03-12-2015 20:33:16)
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5550984 2011-09-22] (Acronis)
    HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536760 2011-09-22] (Acronis)
    HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4538680 2015-08-15] (iolo technologies, LLC)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-04-23] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [iCloud] => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
    HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-05-05]
    ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-05-05]
    ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    BootExecute: autocheck autochk *
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{C9FB3E8F-994A-477F-BF14-5E74782B4898}: [DhcpNameServer] 192.168.2.1
    Internet Explorer:
    ==================
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-05] (Webroot)
    BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-11-04] (Webroot)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-05] (Webroot)
    BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-11-04] (Webroot)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-05] (Webroot)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-05] (Webroot)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1333571199-921795633-1016984107-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
    DPF: HKLM-x32 {0B1D471A-2882-4EEC-AF6E-4E340F8D06A8} hxxps://webemr.spheris.com/Includes/CabFiles/vNOffice.cab
    DPF: HKLM-x32 {72E3BD4F-F820-4C80-AED5-7184AC0942EB} hxxps://webemr.spheris.com/Includes/CabFiles/vNetEditControl.CAB
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {90228B40-B6BE-4B60-B068-39D4A3D6CEAA} hxxps://webemr.spheris.com/Includes/CabFiles/ClientPrint.CAB
    DPF: HKLM-x32 {AB7A19FB-B64F-468D-B8CC-93F8837B7A26} hxxps://webemr.spheris.com/Includes/CabFiles/vNWEBMRVUE.cab
    DPF: HKLM-x32 {BC8A08E6-18E6-4AE6-B18F-831C1B928C1F} hxxps://webemr.spheris.com/Includes/CabFiles/vNetPrintMgr.CAB
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://vpn.chs.net/dana-cached/sc/JuniperSetupClient.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-24] (Microsoft Corporation)
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-11-10] [not signed]
    FF HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
    StartMenuInternet: firefox.exe - firefox.exe
    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]
    CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-05-05]
    StartMenuInternet: Google Chrome - chrome.exe
    ==================== Services (Whitelisted) ========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4682552 2015-08-15] (iolo technologies, LLC)
    S4 LMIRescue_bd5ca620-fd31-4cb9-90a4-d9634885160f; C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [3306336 2015-11-12] (LogMeIn, Inc.)
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot)
    ===================== Drivers (Whitelisted) ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
    S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-08-15] (EldoS Corporation)
    R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation )
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
    S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [43600 2015-11-04] (Webroot)
    U0 SR; no ImagePath
    U2 srservice; no ImagePath
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-12-03 20:33 - 2015-12-03 20:33 - 00023694 _____ C:\Users\Owner\Desktop\FRST.txt
    2015-12-03 20:32 - 2015-12-03 20:33 - 00000000 ____D C:\FRST
    2015-12-03 20:21 - 2015-12-03 20:21 - 02350080 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2015-12-03 20:20 - 2015-12-03 20:20 - 00000227 _____ C:\Users\Owner\Desktop\Farbar Recovery Scan Tool Download.url
    2015-12-02 21:37 - 2015-12-02 21:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
    2015-12-02 21:29 - 2015-11-29 13:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Documents\HijackThis.exe
    2015-12-02 20:40 - 2015-12-02 20:40 - 00003128 _____ C:\Windows\System32\Tasks\{2B554A71-DC75-437F-9A66-D26509EF3B7C}
    2015-12-02 18:09 - 2015-12-01 11:40 - 00098396 _____ C:\Users\Owner\Documents\445.pdf
    2015-12-02 16:33 - 2015-12-02 16:33 - 00434263 _____ C:\Users\Owner\Downloads\LOAwithTaxID.pdf
    2015-12-02 16:33 - 2015-12-02 16:33 - 00018503 _____ C:\Users\Owner\Downloads\AllForLessExisting1_4LINES_0097aacf3ea9.pdf
    2015-12-02 16:25 - 2015-12-02 16:25 - 02688306 _____ C:\Users\Owner\Downloads\u_flyer.pdf
    2015-11-29 13:17 - 2015-11-29 13:17 - 00000209 _____ C:\Users\Owner\Desktop\Microsoft Security Advisory 2757760 (2).url
    2015-11-29 13:10 - 2015-11-29 13:10 - 00000209 _____ C:\Users\Owner\Desktop\Microsoft Security Advisory 2757760.url
    2015-11-20 16:30 - 2015-08-27 06:31 - 00040584 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
    2015-11-20 16:30 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
    2015-11-20 16:29 - 2015-11-20 17:40 - 00000000 ____D C:\VIPRERESCUE
    2015-11-20 15:55 - 2015-11-20 15:55 - 00000000 ____D C:\Program Files\HitmanPro
    2015-11-20 15:52 - 2015-11-20 15:54 - 00193208 _____ C:\TDSSKiller.3.1.0.6_20.11.2015_15.52.13_log.txt
    2015-11-20 14:22 - 2015-08-15 23:39 - 00032568 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
    2015-11-20 04:46 - 2015-11-20 04:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
    2015-11-18 23:37 - 2015-11-16 14:10 - 00196608 _____ C:\Users\Owner\Documents\E4F922C9-89EB-4243-A546-851E6AC5E60F.Diagnose.etl
    2015-11-18 23:37 - 2015-11-01 03:27 - 00196608 _____ C:\Users\Owner\Documents\4950D4F7-A662-4AA5-8A9B-AE959AFA50A4.Diagnose.0.etl
    2015-11-18 23:07 - 2015-11-18 23:07 - 00050104 _____ C:\Users\Owner\Downloads\Tallent, Gregory 11.16.pdf
    2015-11-18 22:21 - 2015-11-18 22:21 - 02244586 _____ C:\Users\Owner\Downloads\lanss_smartguide_en.pdf
    2015-11-18 21:12 - 2015-11-18 21:12 - 00002075 _____ C:\Users\UpdatusUser\Desktop\VirusTotal Uploader 2.2.lnk
    2015-11-18 21:12 - 2015-11-18 21:12 - 00002075 _____ C:\Users\Owner\Desktop\VirusTotal Uploader 2.2.lnk
    2015-11-18 21:12 - 2015-11-18 21:12 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
    2015-11-18 20:01 - 2015-11-18 22:06 - 00001945 _____ C:\Windows\epplauncher.mif
    2015-11-17 22:32 - 2015-11-17 22:32 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
    2015-11-17 22:32 - 2015-11-17 22:32 - 00003144 _____ C:\Windows\System32\Tasks\iolo Process Governor
    2015-11-17 22:32 - 2015-11-17 22:32 - 00001477 _____ C:\Users\Public\Desktop\System Mechanic Professional.lnk
    2015-11-17 22:32 - 2015-11-17 22:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ioloGovernor
    2015-11-17 22:32 - 2015-11-17 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
    2015-11-17 22:32 - 2015-11-17 22:32 - 00000000 ____D C:\ProgramData\ioloGovernor
    2015-11-17 22:32 - 2015-11-17 22:32 - 00000000 ____D C:\Program Files (x86)\iolo
    2015-11-17 22:32 - 2015-08-15 23:50 - 00057144 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
    2015-11-17 22:32 - 2015-08-15 23:50 - 00025912 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
    2015-11-17 22:32 - 2015-08-15 23:42 - 02142520 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
    2015-11-17 22:32 - 2015-08-15 23:42 - 02084664 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
    2015-11-17 22:32 - 2015-08-15 23:35 - 00083224 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
    2015-11-17 22:32 - 2015-08-15 23:35 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
    2015-11-17 22:32 - 2015-08-15 23:35 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
    2015-11-17 22:30 - 2015-11-19 00:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\iolo
    2015-11-17 22:30 - 2015-11-17 22:50 - 00000000 ____D C:\ProgramData\iolo
    2015-11-16 16:29 - 2015-11-18 23:46 - 00000000 ____D C:\Windows\Patches
    2015-11-16 16:10 - 2015-11-18 23:24 - 00000004 _____ C:\Windows\SysWOW64\msdbcrpt.kar.{34d117e9-379c-46bd-a212-c2b15c596164}
    2015-11-16 16:10 - 2015-11-18 23:24 - 00000004 _____ C:\Windows\SysWOW64\fsdbcrpt.kar.{34d117e9-379c-46bd-a212-c2b15c596164}
    2015-11-16 15:51 - 2015-11-16 15:51 - 00000252 _____ C:\Users\Owner\Desktop\Clean Reinstall - Factory OEM Windows 7 - Windows 7 Help Forums.url
    2015-11-13 18:51 - 2015-11-13 18:51 - 00000220 _____ C:\Users\Owner\Desktop\Recover a Hacked Microsoft Account Microsoft Security.url
    2015-11-13 18:36 - 2015-11-18 21:02 - 00001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    2015-11-13 18:36 - 2015-11-18 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2015-11-13 18:36 - 2015-11-13 18:36 - 00000000 ____D C:\Program Files\VS Revo Group
    2015-11-13 18:36 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
    2015-11-12 19:51 - 2015-11-12 19:53 - 00000000 ____D C:\AdwCleaner
    2015-11-12 19:43 - 2015-11-12 19:51 - 00000000 ____D C:\ProgramData\HitmanPro
    2015-11-12 18:56 - 2015-11-12 18:56 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
    2015-11-12 18:56 - 2015-11-12 18:56 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
    2015-11-12 18:56 - 2015-09-08 18:54 - 00700584 _____ C:\Users\Owner\Desktop\Adware_Removal_Tool_by_TSA (1).exe
    2015-11-12 18:55 - 2015-11-14 22:05 - 00000000 ____D C:\Windows\pss
    2015-11-12 17:21 - 2015-11-18 21:16 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
    2015-11-12 14:59 - 2015-11-12 14:59 - 00000290 _____ C:\Users\Owner\Desktop\Spokeo Purchase.url
    2015-11-12 13:49 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-12 13:19 - 2015-11-12 13:19 - 00000000 ___HD C:\OneDriveTemp
    2015-11-11 00:29 - 2015-11-11 00:29 - 00001026 _____ C:\Users\Owner\Desktop\Readiris Pro 12.lnk
    2015-11-10 23:13 - 2015-11-10 23:13 - 00000000 ____D C:\Users\Owner\vNetWebEMRInstall5.2.26
    2015-11-10 20:19 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-11-10 20:19 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-11-10 20:19 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-11-10 20:19 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-11-10 20:19 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-11-10 20:19 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-11-10 20:19 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-11-10 20:19 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-11-10 20:19 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-11-10 20:19 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-11-10 20:19 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-11-10 20:19 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-11-10 20:19 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-11-10 20:19 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-11-10 20:19 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-11-10 20:19 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-11-10 20:19 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-11-10 20:19 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-11-10 20:19 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-11-10 20:19 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-11-10 20:19 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-11-10 20:19 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-11-10 20:19 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-11-10 20:19 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-11-10 20:19 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-11-10 20:19 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-11-10 20:19 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-11-10 20:19 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-11-10 20:19 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-11-10 20:19 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-11-10 20:19 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-11-10 20:19 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-11-10 20:19 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-11-10 20:19 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-11-10 20:19 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-11-10 20:19 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-11-10 20:19 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-11-10 20:19 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-11-10 20:19 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-11-10 20:19 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-11-10 20:19 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-11-10 20:19 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-11-10 20:19 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-11-10 20:19 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-11-10 20:19 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-11-10 20:19 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-11-10 20:19 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-11-10 20:19 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-11-10 20:19 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-11-10 20:19 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-11-10 20:19 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-11-10 20:19 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-11-10 20:19 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-11-10 20:19 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-11-10 20:19 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-11-10 20:19 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-11-10 20:19 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-11-10 20:19 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-11-10 20:19 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-11-10 20:19 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-11-10 20:19 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-11-10 20:19 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-11-10 20:19 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-11-10 20:19 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-11-10 20:19 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-11-10 20:19 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-11-10 20:19 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-11-10 20:19 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-11-10 20:19 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-11-10 20:19 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-11-10 20:19 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-11-10 20:19 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-11-10 20:19 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-11-10 20:19 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-11-10 20:19 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-11-10 20:19 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-11-10 20:19 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-11-10 20:19 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-11-10 20:19 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-11-10 20:19 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-11-10 20:18 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-11-10 20:18 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-11-10 20:18 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-11-10 20:18 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-11-10 20:18 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-11-10 20:18 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-11-10 20:18 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-11-10 20:18 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-11-10 20:18 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-11-10 20:18 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-11-10 20:18 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-11-10 20:18 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-11-10 20:18 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-11-10 20:18 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-11-10 20:18 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-11-10 20:18 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-11-10 20:18 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-11-10 20:18 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-11-10 20:18 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-11-10 20:18 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-11-10 20:18 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-11-10 20:18 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-11-10 20:18 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-11-10 20:18 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-11-10 20:18 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-11-10 20:18 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-11-10 20:18 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-11-10 20:18 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-11-10 20:18 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-11-10 20:18 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-11-10 20:18 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-11-10 20:18 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-11-10 20:18 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-11-10 20:18 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-11-10 20:18 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-11-10 20:18 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-11-10 20:18 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-11-10 20:18 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-11-10 20:18 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-11-10 20:18 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-11-10 20:18 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-11-10 20:18 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-11-10 20:18 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-11-10 20:18 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-11-10 20:18 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-11-10 20:18 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-11-10 20:18 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-11-10 20:18 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2015-11-10 20:18 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2015-11-10 19:47 - 2015-12-03 20:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-11-10 19:47 - 2015-11-10 19:47 - 04699336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2015-11-10 19:47 - 2015-11-10 19:47 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-11-10 19:47 - 2015-11-10 19:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-11-10 19:47 - 2015-11-10 19:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-11-09 19:35 - 2015-11-09 19:35 - 00000295 _____ C:\Users\Owner\Desktop\how to complete a psychiatric fit for work evaluation for job applicant - Google Search.url
    2015-11-09 17:56 - 2015-11-09 15:58 - 00202611 _____ C:\Users\Owner\Documents\7.pdf
    2015-11-09 17:55 - 2015-11-09 15:07 - 00896838 _____ C:\Users\Owner\Documents\NAMI 2013-Employment Rights.pdf
    2015-11-06 13:49 - 2015-11-06 02:06 - 00178865 _____ C:\Users\Owner\Documents\p.pdf
    2015-11-06 13:49 - 2015-11-06 02:05 - 00178865 _____ C:\Users\Owner\Documents\o.pdf
    2015-11-05 23:56 - 2015-11-05 23:56 - 00377245 _____ C:\Users\Owner\Downloads\na_prov_quickaccessguide_eng_05_2014.pdf
    2015-11-05 23:54 - 2015-11-05 23:54 - 00527416 _____ C:\Users\Owner\Downloads\WellcareProvResouceGde.pdf
    2015-11-05 23:49 - 2015-11-05 23:49 - 00361627 _____ C:\Users\Owner\Downloads\WellCareQuickGuide.pdf
    2015-11-05 23:48 - 2015-11-05 23:49 - 02302402 _____ C:\Users\Owner\Downloads\WellCare.pdf
    2015-11-05 23:48 - 2015-11-05 23:48 - 02323378 _____ C:\Users\Owner\Downloads\na_ccp_providermanual_eng_01_2015.pdf
    2015-11-05 23:32 - 2015-11-05 23:32 - 01605395 _____ C:\Users\Owner\Downloads\Wellcare_Manual.pdf
    2015-11-03 19:35 - 2015-11-03 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Juniper Networks
    2015-11-03 19:34 - 2015-11-03 19:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ICAClient
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-12-03 20:33 - 2015-05-05 17:20 - 00000000 ____D C:\ProgramData\WRData
    2015-12-03 20:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
    2015-12-03 20:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-03 19:43 - 2015-05-24 18:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2015-12-03 19:43 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2015-12-03 19:34 - 2009-07-13 23:45 - 00025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-12-03 19:34 - 2009-07-13 23:45 - 00025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-12-02 20:38 - 2015-04-23 12:16 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
    2015-12-02 20:04 - 2015-04-24 11:22 - 00341179 _____ C:\Users\Owner\Documents\Readiris.DUS
    2015-12-02 20:03 - 2015-05-27 22:27 - 00011968 _____ C:\Windows\SysWOW64\Netbooster_Log.txt
    2015-12-02 11:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2015-12-01 10:24 - 2015-04-23 12:15 - 00000000 ____D C:\Users\Owner
    2015-11-24 14:32 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2015-11-24 13:54 - 2015-05-24 18:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2015-11-24 13:51 - 2015-05-24 18:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-11-22 19:02 - 2015-08-12 19:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IDM
    2015-11-22 18:23 - 2015-04-23 12:16 - 00001413 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-11-20 12:22 - 2015-05-05 17:21 - 00170760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
    2015-11-20 12:22 - 2015-05-05 17:21 - 00105888 _____ (Webroot) C:\Windows\system32\WRusr.dll
    2015-11-18 18:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-11-17 22:32 - 2015-05-21 14:10 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
    2015-11-17 22:32 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
    2015-11-13 03:18 - 2009-07-13 23:45 - 00446728 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-12 19:30 - 2015-05-29 16:27 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2015-11-12 19:15 - 2015-08-12 19:19 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2015-11-12 19:13 - 2015-05-22 13:52 - 00000000 ___RD C:\Users\Owner\OneDrive
    2015-11-12 18:51 - 2015-08-19 18:11 - 00000000 ____D C:\Program Files (x86)\MyVideoConverter Pro
    2015-11-12 16:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2015-11-12 13:58 - 2015-08-19 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2015-11-12 13:58 - 2015-08-19 18:22 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
    2015-11-12 13:26 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-11 02:37 - 2015-08-12 19:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DMCache
    2015-11-10 23:00 - 2015-04-23 11:26 - 00000000 ____D C:\Windows\system32\MRT
    2015-11-10 22:59 - 2015-05-18 14:59 - 00000000 ____D C:\Users\UpdatusUser
    2015-11-10 22:54 - 2015-04-23 11:26 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-11-10 22:46 - 2015-04-24 09:00 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-11-10 22:43 - 2015-05-05 17:50 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-11-10 22:39 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
    2015-11-10 22:32 - 2015-05-25 23:40 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
    2015-11-10 22:32 - 2015-05-25 23:40 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
    2015-11-10 22:32 - 2015-05-25 23:40 - 00002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
    2015-11-10 21:05 - 2015-05-31 19:23 - 00000756 _____ C:\EventLOG.txt
    2015-11-10 21:05 - 2015-05-21 14:12 - 00000386 _____ C:\Windows\system32\ioloBootDefrag.cfg
    2015-11-07 19:21 - 2015-05-27 21:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer
    2015-11-05 23:13 - 2015-05-24 20:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PhotoScape
    2015-11-05 23:09 - 2015-06-04 21:53 - 00003072 ____H C:\Users\Owner\Desktop\photothumb.db
    2015-11-05 23:09 - 2015-04-24 11:23 - 00000000 ____D C:\Users\Owner\Desktop\Originals
    2015-11-04 14:09 - 2015-05-05 17:21 - 00043600 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
    2015-11-03 19:44 - 2015-11-02 16:53 - 00000000 ____D C:\Program Files (x86)\Belarc
    2015-11-03 14:47 - 2015-05-22 13:52 - 00002118 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    ==================== Files in the root of some directories =======
    2015-05-05 17:22 - 2015-05-05 17:22 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2015-11-03 19:42 - 2015-11-03 19:42 - 0000093 _____ () C:\Users\Owner\AppData\Roaming\ARCompanion.log
    2015-05-18 13:20 - 2015-05-18 13:20 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-06-22 14:20 - 2015-06-22 14:20 - 0022785 _____ () C:\ProgramData\SMSExport_20150622022048.log
    2015-08-29 17:46 - 2015-08-29 17:46 - 0001662 _____ () C:\ProgramData\SMSExport_20150829064631.log
    2015-08-29 17:57 - 2015-08-29 17:57 - 0001164 _____ () C:\ProgramData\SMSExport_20150829065719.log
    2015-08-29 18:03 - 2015-08-29 18:03 - 0001164 _____ () C:\ProgramData\SMSExport_20150829070315.log
    2015-10-21 16:20 - 2015-10-21 16:20 - 0001180 _____ () C:\ProgramData\SMSExport_20151021052013.log
    2015-11-06 20:14 - 2015-11-06 20:14 - 0001161 _____ () C:\ProgramData\SMSExport_20151106081429.log
    ==================== Bamital & volsnap =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-11-30 14:27
    ==================== End of FRST.txt ============================
    _______________________________________________________________________________________________________________________________________
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
    Ran by Owner (2015-12-03 20:34:51)
    Running from C:\Users\Owner\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2015-04-23 17:15:42)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-1333571199-921795633-1016984107-500 - Administrator - Disabled)
    Guest (S-1-5-21-1333571199-921795633-1016984107-501 - Limited - Disabled)
    LANGUARD_11_USER (S-1-5-21-1333571199-921795633-1016984107-1002 - Administrator - Enabled)
    Owner (S-1-5-21-1333571199-921795633-1016984107-1000 - Administrator - Enabled) => C:\Users\Owner
    UpdatusUser (S-1-5-21-1333571199-921795633-1016984107-1001 - Limited - Enabled) => C:\Users\UpdatusUser
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
    AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B93CD779-D1C1-4B4D-A9E5-564A542C6DFD}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.6.1 - iolo technologies, LLC)
    iTunes (HKLM\...\{43ABC943-FCE2-4B0C-9930-F2E90A06D926}) (Version: 12.3.1.23 - Apple Inc.)
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 11.6.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.6.6 - )
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1333571199-921795633-1016984107-1000\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Word 2010 (HKLM-x32\...\Office14.WordR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.2.0 - Mozilla)
    Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
    Readiris Pro 12 (HKLM-x32\...\{B6214EA9-7BE8-4A91-B8B3-45F42F90188F}) (Version: 12.00.6209 - I.R.I.S.)
    Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001B-0000-0000-0000000FF1CE}_Office14.WordR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.6.18 - Webroot)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24014}) (Version: 18.5.11112 - WinZip Computing, S.L. )
    ZixMail (HKLM-x32\...\{9980049F-B7E0-4B55-9976-DAD6A44D26C5}) (Version: 3.2.0 - ZixCorp)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1333571199-921795633-1016984107-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileCoAuthLib64.dll ()
    CustomCLSID: HKU\S-1-5-21-1333571199-921795633-1016984107-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
    ==================== Restore Points =========================
    27-10-2015 19:57:13 t
    10-11-2015 22:38:21 Windows Update
    12-11-2015 18:53:22 Removed WinZip Courier
    13-11-2015 03:00:39 Windows Update
    16-11-2015 16:08:13 Installed GFI LanGuard 2015
    18-11-2015 20:04:19 Windows Update
    18-11-2015 23:52:46 Removed GFI LanGuard 2015
    20-11-2015 05:01:07 Creating Restore Point. This may take several minutes...
    20-11-2015 05:18:14 Creating Restore Point. This may take several minutes...
    20-11-2015 12:20:10 Creating Restore Point. This may take several minutes...
    30-11-2015 14:35:16 Scheduled Checkpoint
    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {12786D16-846D-49FA-A16B-B3DC7E2C9332} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
    Task: {580C4F99-B1B8-49BE-8883-01F1C6C3478F} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {5BFE03FB-CA95-4A8F-A74E-148341C11B20} - System32\Tasks\{AC9E4382-9D85-4C63-B1D5-74AE772D733B} => pcalua.exe -a C:\Users\Owner\OneDrive\Documents\RI12\setup.exe -d C:\Users\Owner\OneDrive\Documents\RI12
    Task: {6B580877-90E5-440D-962A-1F2283600FD5} - System32\Tasks\{CCB97133-D5E4-4E32-948E-297CEB9F04F3} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4H0J6GYM\JavaSetup8u65.exe" -d C:\Users\Owner\Desktop
    Task: {6F693C70-6E7A-479E-9B39-9AF0E6B5960D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
    Task: {95102D00-A231-4E69-8ADF-E8A370284A30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {9CCB3D1D-3238-4832-85E9-A2AF01C11D39} - System32\Tasks\{A309B60A-EFC7-444F-8B84-C50E7976D8E1} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
    Task: {B0B63679-1F46-4634-BCDF-235F1E291211} - System32\Tasks\{2771EADC-98D4-43DF-B4AE-3F2001D1AFE1} => pcalua.exe -a C:\Users\Owner\Downloads\setup.exe -d C:\Users\Owner\Downloads
    Task: {C66A7816-904C-4554-9CB5-28729B0F40F7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)
    Task: {E8C8C56D-2E63-4513-A6C1-57B9E6A1078D} - System32\Tasks\{2B554A71-DC75-437F-9A66-D26509EF3B7C} => pcalua.exe -a C:\Users\Owner\Desktop\HijackThis.exe -d C:\Users\Owner\Desktop
    Task: {EA99FF4E-6BE5-487C-B8D1-3D2520936CDE} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2015-08-15] (iolo technologies, LLC)
    Task: {F44708CE-62FC-47E6-AB3A-979ACAC97ABD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
    Task: {FCEFC864-810A-4F8A-AC59-AACF7FB3CAA0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
    Task: {FECA09F5-805F-407E-A712-7BB245C404B6} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-06] ()
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)
    ==================== Loaded Modules (Whitelisted) ==============
    2015-05-18 14:59 - 2015-01-30 19:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-05-24 18:16 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-10-27 18:28 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_bd5ca620-fd31-4cb9-90a4-d9634885160f => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
    ==================== EXE Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1333571199-921795633-1016984107-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\Services: afcdpsrv => 3
    MSCONFIG\Services: LMIRescue_bd5ca620-fd31-4cb9-90a4-d9634885160f => 2
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: OneDrive => "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{4B4F2D67-C137-47F5-871E-1D8C03318FBA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{079C374C-ED3F-4735-B81B-CC344F35A861}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{B5204D53-95D4-44C8-8FD7-CFF80C68F732}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{3EC0128E-5F4C-4705-B7C6-C4008E23C2AA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{8358D02C-7366-4ED9-B218-19FAF9DABD11}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{8A0FAA67-F07A-46E0-A63D-49DAAC5258D3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{F9046ED7-079D-41C9-8EA0-E220342D2CBA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{2E2C9BA0-787D-4012-931D-A2528DA1E34F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{10572E17-C47E-4EE4-A308-C24F2A8992DD}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    FirewallRules: [{723869BC-3CBD-4D68-9B98-EACE9AA02605}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{A21F0A98-28BC-47DD-B386-FFB2CC7D17E3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{60024F40-F4DD-4467-9DC5-D97232EF9D7E}] => (Allow) LPort=2869
    FirewallRules: [{7C3A22D4-D20E-430A-AA3B-8537F658B6A1}] => (Allow) LPort=1900
    FirewallRules: [{1C64709D-D02E-4A4E-B9F9-59E2D72E933A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6928EC01-D8CE-4794-A21C-796B791317A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{85D70847-28B3-4590-AF02-D481C88D41E2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A58DB97F-FE26-4A29-9109-26A023AA2CB1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E2E28E31-6BE6-4D10-9D67-AEABE60BD885}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
    FirewallRules: [{BF482254-704F-4BC1-94C9-EDEB74D2FF20}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
    FirewallRules: [{2141D8F6-CBC4-4713-AD5D-382524943519}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
    FirewallRules: [{4385AFA8-D2A5-4010-B3E0-EF30EA657BE6}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
    FirewallRules: [{B6F68AAD-2F85-4A12-9393-258F96FE0303}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\DriveScrubber\DriveScrubber.exe
    FirewallRules: [{A2808F5A-BAD9-443D-B166-B1F4749A6AE0}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\DriveScrubber\DriveScrubber.exe
    FirewallRules: [{9244DB75-A797-4AA3-9F83-9F083A80B1F9}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\DriveScrubber\DriveScrubber.exe
    FirewallRules: [{766B7823-C017-46DF-A857-94BCA97A5F39}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\DriveScrubber\DriveScrubber.exe
    FirewallRules: [{775E4DB3-3314-4E95-94BD-E5CDF9C40657}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
    FirewallRules: [{76CA3DBD-705B-444F-A87A-0B0AF78A6832}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
    FirewallRules: [{1EADDAA2-32EF-4D9E-83F2-60BF3F8668C7}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
    FirewallRules: [{596A7415-5936-4989-86F1-D2C0FC3767A9}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
    FirewallRules: [{FB37588A-BC31-43D9-A8C6-E0D85F7DB88F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8B3C4337-BDFA-4961-9FF5-AD6404997DA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{30B0A4F1-42B9-4C5E-9D21-D732743D4B51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{8A6B5ADB-BB39-4E96-866F-4631D5B8659D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9A07B295-B3B9-4331-B34C-9D65AAF1A5CD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{0F513122-8E7A-46BA-A4CA-0BC2AD3636D4}] => (Allow) C:\Users\Owner\Desktop\msert.exe
    FirewallRules: [{47D9C8A6-BD2F-4490-A18E-5FC4F1E112D8}] => (Allow) C:\Users\Owner\Desktop\msert.exe
    FirewallRules: [{7F6231E1-2ED7-412D-AE49-5D38469605CE}] => (Allow) C:\Users\Owner\Desktop\msert.exe
    FirewallRules: [{A7116A3D-B867-4682-A33B-C1482334AD62}] => (Allow) C:\Users\Owner\Desktop\msert.exe
    ==================== Faulty Device Manager Devices =============
    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (12/02/2015 09:23:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: b74
    Start Time: 01d12d711eec40e8
    Termination Time: 30
    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Report Id:
    Error: (11/30/2015 10:08:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 8c0
    Start Time: 01d12b9b1da75d80
    Termination Time: 187
    Application Path: C:\Windows\Explorer.EXE
    Report Id: ae4d5d41-97d8-11e5-a57d-001e4f55c6ae
    Error: (11/30/2015 02:35:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
    System Error:
    The system cannot find the file specified.
    .
    Error: (11/29/2015 00:57:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (11/29/2015 00:57:16 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (11/29/2015 00:57:16 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.
    Context: Windows Application
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (11/29/2015 00:57:16 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.
    Context: Windows Application, SystemIndex Catalog
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (11/29/2015 00:57:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
    Context: Windows Application, SystemIndex Catalog
    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)
    Error: (11/29/2015 00:57:15 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.
    Context: Windows Application, SystemIndex Catalog
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (11/29/2015 00:57:15 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
    Description: The Windows Search Service cannot load the property store information.
    Context: Windows Application, SystemIndex Catalog
    Details:
    The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

    System errors:
    =============
    Error: (12/03/2015 07:25:07 PM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!
    Error: (12/02/2015 11:09:29 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.
    Error: (12/02/2015 03:45:43 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.
    Error: (12/02/2015 03:41:15 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    Error: (12/01/2015 10:21:41 AM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!
    Error: (11/30/2015 01:05:24 PM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!
    Error: (11/30/2015 00:29:46 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.
    Error: (11/29/2015 02:43:56 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    Error: (11/29/2015 00:57:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    Error: (11/29/2015 00:57:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Search service terminated with service-specific error %%-1073473535.

    ==================== Memory info ===========================
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
    Percentage of memory in use: 46%
    Total physical RAM: 4030.49 MB
    Available physical RAM: 2137.49 MB
    Total Virtual: 9028.7 MB
    Available Virtual: 7399.76 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:232.73 GB) (Free:153.5 GB) NTFS
    Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:174.56 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 232.8 GB) (Disk ID: 6B871B23)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 465.8 GB) (Disk ID: F8ED0721)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================

  5. #4
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Default

    I don't have two antivirus programs. I have "Webroot SecureAnywhere" (only) installed. The reason I ran the other scans, including Microsoft Security Essentials, is because they were recommended by the Microsoft MSDT Tool. (MSERT, Hitman pro, surfer pro, ESET online scanner and Kapersky online scanner was recommended but could not download).

    I have run the Farbar Recovery Scan Tool and posted the results.

    Any action I should take regarding the Hijack This results?

    Thanks,
    ST

  6. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Please run Combofix

    You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

    1. Close any open browsers or any other programs that are open.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer



    Please post the Log from Combofix

  7. The Following User Says Thank You to zep516 For This Useful Post:


  8. #6
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Default

    Hi zep516, I'm glad I came back and checked this site today; as I have been waiting for an email notification (but may have gotten placed in spam folder by accident)- thus the reason for my "just now" responding to you. Thank you for the reply (above). I will perform the recommended steps today, and I will then post them. Thanks, ST

  9. #7
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Combo Fix log report (posted below)

    ComboFix 15-12-07.01 - Owner 12/06/2015 15:16:34.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2764 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
    SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\AppData\Local\assembly\tmp
    c:\users\Owner\AppData\Roaming\Local
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\af_ZA\af_ZA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ar_EG\ar_EG.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ar_SA\ar_SA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\az_AZ\az_AZ.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\be_BY\be_BY.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\bg_BG\bg_BG.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\bn_BD\bn_BD.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\bs_BA\bs_BA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ca_ES\ca_ES.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\cs_CZ\cs_CZ.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\da_DK\da_DK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\de_DE\de_DE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\de_DE\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\de_DE\wxstd.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\el_GR\el_GR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\en_AU\en_AU.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\en_GB\en_GB.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\en_US\en_US.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\eo_US\eo_US.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\es_ES\es_ES.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\es_MX\es_MX.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\et_EE\et_EE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\fa_IR\fa_IR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\fa_IR\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\fi_FI\fi_FI.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\fr_CA\fr_CA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\fr_FR\fr_FR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\fr_FR\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ga_IE\ga_IE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\gl_ES\gl_ES.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\gu_IN\gu_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\he_IL\he_IL.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\he_IL\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\hi_IN\hi_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\hr_HR\hr_HR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\hu_HU\hu_HU.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\id_ID\id_ID.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\is_IS\is_IS.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\it_IT\it_IT.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ja_JP\ja_JP.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ka_GE\ka_GE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\kn_IN\kn_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ko_KR\ko_KR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\lt_LT\lt_LT.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\lv_LV\lv_LV.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\mg_MG\mg_MG.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\mk_MK\mk_MK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ml_IN\ml_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\mr_IN\mr_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ms_MY\ms_MY.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\nb_NO\nb_NO.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\nl_NL\junk.html
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\nl_NL\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\nl_NL\nl_NL.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\nn_NO\nn_NO.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\pa_IN\pa_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\pl_PL\pl_PL.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\pt_BR\pt_BR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\pt_PT\pt_PT.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ro_RO\ro_RO.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ru_RU\ru_RU.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\si_LK\si_LK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\sk_SK\sk_SK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\sl_SI\sl_SI.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\sq_AL\sq_AL.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\sr_RS\sr_RS.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\sv_SE\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\sv_SE\sv_SE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ta_IN\ta_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\th_TH\th_TH.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\tl_PH\tl_PH.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\tr_TR\tr_TR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\uk_UA\uk_UA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\ur_PK\ur_PK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\vi_VN\vi_VN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\zh_CN\zh_CN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\languages\zh_TW\zh_TW.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1272659552\lp_languages.zip
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\af_ZA\af_ZA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ar_EG\ar_EG.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ar_SA\ar_SA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\az_AZ\az_AZ.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\be_BY\be_BY.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\bg_BG\bg_BG.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\bn_BD\bn_BD.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\bs_BA\bs_BA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ca_ES\ca_ES.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\cs_CZ\cs_CZ.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\da_DK\da_DK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\de_DE\de_DE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\de_DE\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\de_DE\wxstd.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\el_GR\el_GR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\en_AU\en_AU.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\en_GB\en_GB.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\en_US\en_US.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\eo_US\eo_US.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\es_ES\es_ES.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\es_MX\es_MX.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\et_EE\et_EE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\fa_IR\fa_IR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\fa_IR\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\fi_FI\fi_FI.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\fr_CA\fr_CA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\fr_FR\fr_FR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\fr_FR\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ga_IE\ga_IE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\gl_ES\gl_ES.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\gu_IN\gu_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\he_IL\he_IL.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\he_IL\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\hi_IN\hi_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\hr_HR\hr_HR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\hu_HU\hu_HU.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\id_ID\id_ID.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\is_IS\is_IS.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\it_IT\it_IT.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ja_JP\ja_JP.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ka_GE\ka_GE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\kn_IN\kn_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ko_KR\ko_KR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\lt_LT\lt_LT.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\lv_LV\lv_LV.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\mg_MG\mg_MG.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\mk_MK\mk_MK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ml_IN\ml_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\mr_IN\mr_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ms_MY\ms_MY.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\nb_NO\nb_NO.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\nl_NL\junk.html
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\nl_NL\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\nl_NL\nl_NL.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\nn_NO\nn_NO.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\pa_IN\pa_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\pl_PL\pl_PL.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\pt_BR\pt_BR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\pt_PT\pt_PT.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ro_RO\ro_RO.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ru_RU\ru_RU.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\si_LK\si_LK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\sk_SK\sk_SK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\sl_SI\sl_SI.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\sq_AL\sq_AL.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\sr_RS\sr_RS.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\sv_SE\messages.mo
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\sv_SE\sv_SE.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ta_IN\ta_IN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\th_TH\th_TH.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\tl_PH\tl_PH.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\tr_TR\tr_TR.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\uk_UA\uk_UA.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\ur_PK\ur_PK.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\vi_VN\vi_VN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\zh_CN\zh_CN.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\languages\zh_TW\zh_TW.xpm
    c:\users\Owner\AppData\Roaming\Local\Temp\lptmp1670522141\lp_languages.zip
    c:\users\Owner\Desktop\Adware_Removal_Tool_by_TSA (1).exe
    c:\users\Owner\Documents\Readiris.DUS
    E:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-11-06 to 2015-12-06 )))))))))))))))))))))))))))))))
    .
    .
    2015-12-06 20:03 . 2015-12-06 20:03 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-12-04 01:32 . 2015-12-04 01:36 -------- d-----w- C:\FRST
    2015-11-20 21:30 . 2015-08-27 11:31 40584 ----a-w- c:\windows\system32\drivers\gfiark.sys
    2015-11-20 21:30 . 2013-09-04 18:57 31264 ----a-w- c:\windows\system32\drivers\gfiutil.sys
    2015-11-20 21:29 . 2015-11-20 22:40 -------- d-----w- C:\VIPRERESCUE
    2015-11-20 20:55 . 2015-11-20 20:55 -------- d-----w- c:\program files\HitmanPro
    2015-11-20 09:49 . 2015-11-17 12:43 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB7D24FC-F402-40AF-856B-A3067720A233}\mpengine.dll
    2015-11-20 09:46 . 2015-11-20 09:46 -------- d-----w- c:\users\Owner\AppData\Local\Apps
    2015-11-19 02:12 . 2015-11-19 02:12 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
    2015-11-18 03:32 . 2015-08-16 04:42 2142520 ----a-w- c:\windows\system32\Incinerator64.dll
    2015-11-18 03:32 . 2015-08-16 04:42 2084664 ----a-w- c:\windows\SysWow64\Incinerator32.dll
    2015-11-18 03:32 . 2015-08-16 04:50 57144 ----a-w- c:\windows\system32\iolobtdfg.exe
    2015-11-18 03:32 . 2015-08-16 04:50 25912 ----a-w- c:\windows\system32\smrgdf.exe
    2015-11-18 03:32 . 2015-08-16 04:35 83224 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
    2015-11-18 03:32 . 2015-08-16 04:35 69000 ----a-w- c:\windows\system32\offreg.dll
    2015-11-18 03:32 . 2015-08-16 04:35 56200 ----a-w- c:\windows\SysWow64\offreg.dll
    2015-11-18 03:32 . 2015-11-18 03:32 -------- d-----w- c:\program files (x86)\iolo
    2015-11-18 03:30 . 2015-11-19 05:03 -------- d-----w- c:\users\Owner\AppData\Roaming\iolo
    2015-11-18 03:30 . 2015-11-18 03:50 -------- d-----w- c:\programdata\iolo
    2015-11-16 21:29 . 2015-11-19 04:46 -------- d-----w- c:\windows\Patches
    2015-11-13 23:36 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2015-11-13 23:36 . 2015-11-13 23:36 -------- d-----w- c:\program files\VS Revo Group
    2015-11-13 00:51 . 2015-11-13 00:53 -------- d-----w- C:\AdwCleaner
    2015-11-13 00:43 . 2015-11-13 00:51 -------- d-----w- c:\programdata\HitmanPro
    2015-11-12 23:56 . 2015-11-12 23:56 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
    2015-11-12 23:56 . 2015-11-12 23:56 -------- d-----w- c:\program files (x86)\Adware Removal Tool by TSA
    2015-11-12 22:21 . 2015-11-19 02:16 -------- d-----w- c:\users\Owner\AppData\Local\LogMeIn Rescue Applet
    2015-11-12 18:49 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys
    2015-11-12 18:19 . 2015-11-12 18:19 -------- d-----w- C:\OneDriveTemp
    2015-11-11 04:13 . 2015-11-11 04:13 -------- d-----w- c:\users\Owner\vNetWebEMRInstall5.2.26
    2015-11-11 01:18 . 2015-10-20 01:12 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-11-11 00:47 . 2015-11-11 00:47 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-11-11 00:47 . 2015-11-11 00:47 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-11-11 00:47 . 2015-11-11 00:47 4699336 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-12-06 20:03 . 2015-05-21 18:58 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-11-20 17:22 . 2015-05-05 22:21 170760 ----a-w- c:\windows\SysWow64\WRusr.dll
    2015-11-20 17:22 . 2015-05-05 22:21 105888 ----a-w- c:\windows\system32\WRusr.dll
    2015-11-11 03:54 . 2015-04-23 16:26 145617392 ----a-w- c:\windows\system32\MRT.exe
    2015-11-04 19:09 . 2015-05-05 22:21 43600 ----atw- c:\windows\system32\drivers\wrUrlFlt.sys
    2015-10-29 17:50 . 2015-11-11 01:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2015-10-29 17:50 . 2015-11-11 01:18 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2015-10-29 17:50 . 2015-11-11 01:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2015-10-29 17:50 . 2015-11-11 01:18 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2015-10-29 17:49 . 2015-11-11 01:18 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
    2015-10-29 17:49 . 2015-11-11 01:18 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2015-10-29 17:49 . 2015-11-11 01:18 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
    2015-10-29 17:49 . 2015-11-11 01:18 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2015-10-29 17:39 . 2015-11-11 01:18 2560 ----a-w- c:\windows\apppatch\AcRes.dll
    2015-10-20 00:45 . 2015-11-11 01:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-10-14 19:20 . 2015-05-05 22:21 117728 ----a-w- c:\windows\system32\drivers\WRkrn.sys
    2015-10-13 10:43 . 2015-05-24 23:24 630992 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2015-10-13 06:29 . 2015-10-13 06:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2015-10-13 06:22 . 2015-10-13 06:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2015-10-01 18:06 . 2015-10-19 03:34 692672 ----a-w- c:\windows\system32\winload.efi
    2015-10-01 18:04 . 2015-10-19 03:34 616360 ----a-w- c:\windows\system32\winresume.efi
    2015-10-01 18:00 . 2015-10-19 03:34 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
    2015-10-01 18:00 . 2015-10-19 03:34 59392 ----a-w- c:\windows\system32\appidapi.dll
    2015-10-01 18:00 . 2015-10-19 03:34 32768 ----a-w- c:\windows\system32\appidsvc.dll
    2015-10-01 18:00 . 2015-10-19 03:34 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
    2015-10-01 18:00 . 2015-10-19 03:34 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
    2015-10-01 17:50 . 2015-10-19 03:34 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
    2015-10-01 17:00 . 2015-10-19 03:34 61440 ----a-w- c:\windows\system32\drivers\appid.sys
    2015-09-18 19:22 . 2015-10-09 18:13 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
    2015-09-18 19:19 . 2015-10-09 18:13 700416 ----a-w- c:\windows\system32\invagent.dll
    2015-09-18 19:19 . 2015-10-09 18:13 766464 ----a-w- c:\windows\system32\generaltel.dll
    2015-09-18 19:19 . 2015-10-09 18:13 503808 ----a-w- c:\windows\system32\devinv.dll
    2015-09-18 19:19 . 2015-10-09 18:13 1291264 ----a-w- c:\windows\system32\appraiser.dll
    2015-09-18 19:19 . 2015-10-09 18:13 73216 ----a-w- c:\windows\system32\acmigration.dll
    2015-09-18 19:09 . 2015-10-09 18:13 1163776 ----a-w- c:\windows\system32\aeinv.dll
    2015-05-05 22:22 . 2015-05-05 22:22 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2015-11-03 19:47 1587400 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
    @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
    [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
    2015-11-03 19:47 1587400 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
    @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
    [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
    2015-11-03 19:47 1587400 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2015-11-03 19:47 1587400 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2015-11-03 19:47 1587400 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "WRSVC"="c:\program files\Webroot\WRSA.exe" [2015-11-20 839208]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
    "SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]
    "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2015-08-16 4538680]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2015-5-5 10395072]
    Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2015-5-5 10395072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "DisableLocalMachineRun"= 0 (0x0)
    "DisableLocalMachineRunOnce"= 0 (0x0)
    "DisableCurrentUserRun"= 0 (0x0)
    "DisableCurrentUserRunOnce"= 0 (0x0)
    "NoFile"= 0 (0x0)
    "HideClock"= 0 (0x0)
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    3;4 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
    R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
    R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
    R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 wrUrlFlt;Webroot UrlFilter;c:\windows\system32\DRIVERS\wrUrlFlt.sys;c:\windows\SYSNATIVE\DRIVERS\wrUrlFlt.sys [x]
    R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    R4 LMIRescue_bd5ca620-fd31-4cb9-90a4-d9634885160f;LogMeIn Rescue (bd5ca620-fd31-4cb9-90a4-d9634885160f);c:\users\Owner\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe;c:\users\Owner\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
    S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
    S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11 00:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2015-11-03 19:47 1639112 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
    @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
    [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
    2015-11-03 19:47 1639112 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
    @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
    [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
    2015-11-03 19:47 1639112 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2015-11-03 19:47 1639112 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2015-11-03 19:47 1639112 ----a-w- c:\users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-10-13 12:51 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-10-13 12:51 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-10-13 12:51 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {0B1D471A-2882-4EEC-AF6E-4E340F8D06A8} - hxxps://webemr.spheris.com/Includes/CabFiles/vNOffice.cab
    DPF: {72E3BD4F-F820-4C80-AED5-7184AC0942EB} - hxxps://webemr.spheris.com/Includes/CabFiles/vNetEditControl.CAB
    DPF: {90228B40-B6BE-4B60-B068-39D4A3D6CEAA} - hxxps://webemr.spheris.com/Includes/CabFiles/ClientPrint.CAB
    DPF: {AB7A19FB-B64F-468D-B8CC-93F8837B7A26} - hxxps://webemr.spheris.com/Includes/CabFiles/vNWEBMRVUE.cab
    DPF: {BC8A08E6-18E6-4AE6-B18F-831C1B928C1F} - hxxps://webemr.spheris.com/Includes/CabFiles/vNetPrintMgr.CAB
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    JSEFile=NOTEPAD.EXE "%1"
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
    Wow6432Node-HKU-Default-RunOnce-iCloud - c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe
    SafeBoot-MBAMSwissArmy
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1333571199-921795633-1016984107-1000_Classes\Wow6432Node\CLSID\{26e8b312-e7a2-44a7-82f9-3542587e82d4}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000123
    "Therad"=dword:0000000b
    "MData"=hex(0):38,7f,aa,88,c9,2f,57,07,18,24,d2,ac,41,c6,ec,6c,45,00,55,71,9b,
    14,5c,81,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-1333571199-921795633-1016984107-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):d6,1f,e2,0c,bd,56,0f,24,af,52,87,17,de,f7,56,f2,03,a2,32,7f,7e,
    24,f6,5d,87,38,57,ee,b2,ce,3e,19,d4,47,47,3a,0f,7b,42,10,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.19"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-12-06 15:27:19
    ComboFix-quarantined-files.txt 2015-12-06 20:27
    .
    Pre-Run: 167,464,771,584 bytes free
    Post-Run: 167,301,906,432 bytes free
    .
    - - End Of File - - 3E7F7C5FC6F2A930E82CCEBFE6CF6FAC
    70E5166D34B10A7DC59A755EFA40D0B1

  10. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    This scan could take a long time, please run it when time permits..

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)

  11. The Following User Says Thank You to zep516 For This Useful Post:


  12. #9
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Default

    Hi zep516, I made the same mistake again (Ie. waiting for an email notice of a reply), then it dawned on me today, I should check this webpage. Bottom Line: Sorry for the delay.

    ST

  13. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Not to worry, take your time,

    Joe

Page 1 of 2 12 LastLast