Post by scomar on Oct 1, 2015 15:31:49 GMT -8
Hello,
I have a Windows 7 Pro, 64 bit system and typically use Chrome as my web browser. Over the last few days I have noticed when clicking on a link in highly reliable websites it is redirecting me to site with ads for whatever. I always exit out of them with out clicking on anything on the webpage. I have ran 5 different malware detection/removal software. I have Malwarebytes Anti-Malware (paid software), which gives me real time malware protection, at least it has since June 2015 when it was installed. I have seen it block malware attacks. I also have Norton 360 for anti-virus and firewall. As a matter of fact when I clicked on the link to register for this site I was taken to a webpage saying I was infected and needed to use their scan to get rid of a virus. Of course I exited out. So as I said this was happening without any warnings from Norton for the last few days, but now I am getting warnings from Norton saying "Web Attack: Fake Scan Webpage 29" is the message I got when I clicked on the link to register on this site. The one before that said "Web Attack: Fake Scan Webpage 16" while researching this virus a few minutes ago. I was not getting these messages a few days ago when this started.
So I have followed your instruction and below you will find the log I received after running FRST64 on my computer.
From the TXT file named FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Marcos (administrator) on HP-DESKTOP (01-10-2015 17:56:41)
Running from C:\Users\Marcos\Downloads
Loaded Profiles: Marcos (Available Profiles: Marcos & Kim)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Marcos\AppData\Roaming\Dashlane\Dashlane.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\PlayOn.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Marcos\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Users\Marcos\Desktop\Utilities\RBTray\RBTray-4_3\64bit\RBTray.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-11] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-11] (Hewlett-Packard )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-11-07] (Intel Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [Dashlane] => C:\Users\Marcos\AppData\Roaming\Dashlane\Dashlane.exe [228024 2015-08-27] ()
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [PlayOn] => C:\Program Files (x86)\MediaMall\PlayOn.exe [67904 2015-09-18] (MediaMall Technologies, Inc.)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [Google Update] => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [49152 2015-07-02] ()
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [Dropbox Update] => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [DashlanePlugin] => C:\Users\Marcos\AppData\Roaming\Dashlane\DashlanePlugin.exe [285880 2015-08-27] ()
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe -update activex
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InternetConnectivityMonitor.exe - Shortcut.lnk [2015-07-30]
ShortcutTarget: InternetConnectivityMonitor.exe - Shortcut.lnk -> C:\Users\Marcos\Desktop\Utilities\Internet Connection Mointor\InternetConnectivityMonitor.exe (Genc Alikaj)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-10-13]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe - Shortcut.lnk [2015-07-25]
ShortcutTarget: RBTray.exe - Shortcut.lnk -> C:\Users\Marcos\Desktop\Utilities\RBTray\RBTray-4_3\64bit\RBTray.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{29C52F78-EE48-44A1-B11B-4A5037D29961}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7B3F37DB-79E9-41BE-B5B8-09B789865402}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BE30523C-265D-4A32-BA9F-FB3EF8105812}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {F62BD256-3999-4D3A-B266-61B0E01E9CDE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000 -> {8F89F10E-4487-4C7D-B9A9-97DD124FE238} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Marcos\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2015-08-27] (Dashlane)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Marcos\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-08-27] (Dashlane)
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {809A6301-7B40-4436-A02C-87B8D3D7D9E3} hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File
FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\gwge9d7z.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://99.74.111.33/login
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-08-13] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3740367901-1813877255-2116710245-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3740367901-1813877255-2116710245-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-09-30]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.yahoo.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR Profile: C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Fixer for Java) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakbbfplfhjmmheafiipemmmjjlgcolo [2015-06-25]
CHR Extension: (MEGA) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-06-28]
CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Google Cast) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-06-25]
CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Share link via email) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2015-05-26]
CHR Extension: (Google Play Music) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-09-12]
CHR Extension: (Dashlane) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-10-13]
CHR Extension: (Google Sheets) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Save to Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-04-19]
CHR Extension: (New Tab Redirect) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-10-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (PlayOn) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2014-10-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-19]
CHR Extension: (Flashcontrol) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Hover Zoom) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-10-13]
CHR Extension: (Adblock Pro) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-05-28]
CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5933872 2015-09-18] (MediaMall Technologies, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe [282016 2015-09-24] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-11-06] (CyberLink)
R2 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [339456 2013-11-11] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)
S2 ClickToRunSvc; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-02] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150928.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [30360 2015-03-13] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150930.001\IDSvia64.sys [767216 2015-09-22] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151001.002\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151001.002\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-10-13] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-10-13] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-10-13] (Acronis International GmbH)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [109432 2015-09-30] (Zemana Ltd.)
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-01 17:56 - 2015-10-01 17:57 - 00040061 _____ C:\Users\Marcos\Downloads\FRST.txt
2015-10-01 17:56 - 2015-10-01 17:56 - 02192384 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2015-10-01 17:56 - 2015-10-01 17:56 - 00000000 ____D C:\FRST
2015-09-30 19:54 - 2015-09-30 19:54 - 00000000 ___SH C:\DkHyperbootSync
2015-09-30 19:15 - 2015-09-30 19:17 - 00000000 ____D C:\AdwCleaner
2015-09-30 19:14 - 2015-09-30 19:14 - 01670656 _____ C:\Users\Marcos\Downloads\adwcleaner_5.009.exe
2015-09-30 19:13 - 2015-09-30 19:13 - 00109432 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2015-09-30 19:13 - 2015-09-30 19:13 - 00000000 ____D C:\Users\Marcos\AppData\Local\Zemana
2015-09-30 19:12 - 2015-09-30 19:12 - 05078968 _____ ( ) C:\Users\Marcos\Downloads\Zemana.AntiMalware.Setup.exe
2015-09-30 19:10 - 2015-09-30 19:10 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-09-30 19:03 - 2015-09-30 19:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-30 19:02 - 2015-09-30 19:03 - 11350472 _____ (SurfRight B.V.) C:\Users\Marcos\Downloads\HitmanPro_x64.exe
2015-09-30 18:47 - 2015-09-30 18:48 - 00002956 _____ C:\Users\Marcos\Desktop\Rkill.txt
2015-09-30 18:46 - 2015-09-30 18:46 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Marcos\Downloads\iExplore.exe
2015-09-30 18:46 - 2015-09-30 18:46 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Marcos\Downloads\iExplore (1).exe
2015-09-30 18:43 - 2015-09-30 18:44 - 04383777 _____ C:\Users\Marcos\Downloads\tdsskiller.zip
2015-09-30 18:19 - 2015-09-30 18:19 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Marcos\Downloads\tdsskiller.exe
2015-09-30 12:20 - 2015-09-30 12:20 - 00139108 _____ C:\Users\Marcos\Downloads\notesfortheweekof8162015 (1).zip
2015-09-30 12:20 - 2015-09-30 12:20 - 00128106 _____ C:\Users\Marcos\Downloads\notesforweekof8242015 (1).zip
2015-09-29 13:31 - 2015-09-29 13:31 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2015-09-29 07:58 - 2015-09-29 07:58 - 00000000 ____D C:\windows\System32\Tasks\Norton 360
2015-09-26 19:57 - 2015-09-26 19:57 - 03587883 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-26-15
2015-09-26 16:50 - 2015-09-26 16:50 - 01201328 _____ (Symantec Corporation) C:\Users\Marcos\Downloads\AutoDetectPkg.exe
2015-09-19 02:40 - 2015-09-19 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-16 19:56 - 2015-09-16 19:56 - 00011319 _____ C:\Users\Marcos\Downloads\Bill Kimberly Marcos 9-14-2015.xlsx
2015-09-16 19:54 - 2015-09-16 19:54 - 00128106 _____ C:\Users\Marcos\Downloads\notesforweekof8242015.zip
2015-09-16 19:54 - 2015-09-16 19:54 - 00011346 _____ C:\Users\Marcos\Downloads\Bill Kimberly Marcos 9-15-2015.xlsx
2015-09-16 19:53 - 2015-09-16 19:53 - 00139108 _____ C:\Users\Marcos\Downloads\notesfortheweekof8162015.zip
2015-09-15 02:59 - 2015-09-15 02:59 - 00082617 _____ C:\Users\Marcos\Downloads\rehithere (1).zip
2015-09-14 18:54 - 2015-09-14 18:54 - 00001294 _____ C:\Users\Marcos\Downloads\Untitled
2015-09-14 02:04 - 2015-09-14 02:04 - 00000000 ____D C:\Users\Marcos\Desktop\Your Donated iPod’s Journey through MUSIC & MEMORY℠_files
2015-09-13 13:46 - 2015-09-13 14:02 - 00024064 ___SH C:\Users\Marcos\Documents\Thumbs.db
2015-09-12 14:38 - 2015-09-28 14:54 - 00010062 _____ C:\Users\Marcos\Desktop\bp for robb..xlsx
2015-09-12 11:31 - 2015-09-12 11:31 - 00863552 _____ (Amazon) C:\Users\Marcos\Downloads\AmazonCloudDriveSetup (1).exe
2015-09-12 06:00 - 2015-09-12 06:00 - 00344041 _____ C:\Users\Marcos\Downloads\Attachments_2015912.zip
2015-09-12 06:00 - 2015-09-12 06:00 - 00000062 _____ C:\Users\Marcos\Downloads\ATT00001.txt
2015-09-10 23:12 - 2015-09-10 23:12 - 00110501 _____ C:\Users\Marcos\Downloads\payreport.zip
2015-09-10 18:12 - 2015-09-30 18:30 - 00072328 _____ C:\windows\PFRO.log
2015-09-10 18:09 - 2015-09-10 18:09 - 00528930 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-10-15
2015-09-08 23:53 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-08 23:53 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-08 23:53 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-09-08 23:53 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-08 23:53 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-09-08 23:53 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-09-08 23:53 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-09-08 23:53 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-09-08 23:53 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-09-08 23:53 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-09-08 23:52 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-09-08 23:52 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-08 23:52 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-09-08 23:52 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-09-08 23:52 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-09-08 23:52 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-08 23:52 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-09-08 23:52 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-09-08 23:52 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-08 23:52 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-08 23:52 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-08 23:52 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-08 23:52 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-08 23:52 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-09-08 23:52 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-09-08 23:52 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-08 23:52 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-08 23:52 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-09-08 23:52 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-09-08 23:52 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-08 23:52 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-09-08 23:52 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-08 23:52 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-09-08 23:52 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-08 23:52 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-08 23:52 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-08 23:52 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-09-08 23:52 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-08 23:52 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-08 23:52 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-08 23:52 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-08 23:52 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-09-08 23:52 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-09-08 23:52 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-09-08 23:52 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-09-08 23:52 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-08 23:52 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-08 23:52 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-09-08 23:52 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-09-08 23:52 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-09-08 23:52 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-09-08 23:52 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-08 23:52 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-09-08 23:52 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-08 23:52 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-09-08 23:52 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-09-08 23:52 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-09-08 23:52 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-08 23:52 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-09-08 23:52 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-09-08 23:52 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-09-08 23:52 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 23:52 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-09-08 23:52 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-09-08 23:52 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-08 23:52 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-09-08 23:52 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-09-08 23:52 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-09-08 23:52 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-09-08 23:52 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-09-08 23:52 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-08 23:52 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-09-08 23:52 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-09-08 23:52 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-09-08 23:52 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-08 23:52 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-09-08 23:52 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-09-08 23:52 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-08 23:52 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-08 23:52 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-08 23:52 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-09-08 23:52 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-09-08 23:52 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-08 23:52 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-08 23:52 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-09-08 23:52 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-09-08 23:52 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-09-08 23:52 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-08 23:52 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-08 23:52 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-08 23:52 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-08 23:52 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-08 23:52 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-09-08 23:52 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-08 23:52 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-08 23:52 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-08 23:52 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-08 23:52 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-08 23:52 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-09-08 23:52 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-09-08 23:52 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-09-08 23:52 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-08 23:52 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-08 23:52 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-09-08 23:52 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-09-08 23:52 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-08 23:52 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-09-08 23:52 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-09-08 23:52 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-09-08 23:52 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-09-08 23:52 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-09-08 23:52 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-09-08 23:52 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-09-08 23:52 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-09-08 23:52 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-09-08 23:52 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-09-08 23:52 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-09-08 23:52 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-09-08 23:52 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-09-08 23:52 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-09-08 23:52 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-09-08 23:52 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-09-08 23:52 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-09-08 23:52 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-09-08 23:52 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-09-08 23:52 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-09-08 23:52 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-09-08 23:52 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-09-08 23:52 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-08 23:52 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-09-08 23:52 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-09-08 23:52 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-09-08 23:52 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-09-08 23:52 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-09-08 23:52 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:52 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-08 23:52 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-08 23:52 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-09-08 23:52 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-08 22:50 - 2015-09-08 22:50 - 00082617 _____ C:\Users\Marcos\Downloads\rehithere.zip
2015-09-08 21:56 - 2015-09-08 21:56 - 00128465 _____ C:\Users\Marcos\Downloads\notesforweekof8102015.zip
2015-09-08 17:44 - 2015-09-08 17:44 - 00572650 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-8-15
2015-09-07 09:51 - 2015-09-07 09:51 - 00333008 _____ C:\Users\Marcos\Downloads\Attachments_201597.zip
2015-09-06 13:19 - 2015-09-06 13:19 - 00742729 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-6-15
2015-09-05 19:02 - 2015-09-05 19:02 - 00000132 _____ C:\Users\Marcos\AppData\Roaming\Adobe GIF Format CC Prefs
2015-09-05 18:52 - 2015-09-05 18:52 - 00158610 _____ C:\Users\Marcos\Downloads\ICOFormat-2.1f1-win64 (2).zip
2015-09-05 18:52 - 2015-09-05 18:52 - 00158610 _____ C:\Users\Marcos\Downloads\ICOFormat-2.1f1-win64 (1).zip
2015-09-05 18:51 - 2015-09-05 18:51 - 00158610 _____ C:\Users\Marcos\Downloads\ICOFormat-2.1f1-win64.zip
2015-09-05 18:40 - 2015-09-05 18:40 - 00001456 _____ C:\Users\Marcos\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-09-05 18:23 - 2015-09-05 19:15 - 00000135 _____ C:\Users\Marcos\Desktop\Google.url
2015-09-03 20:58 - 2015-09-03 20:58 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-03 17:23 - 2015-09-03 17:23 - 00261361 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-3-15
2015-09-02 17:28 - 2015-09-02 17:28 - 00522159 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-2-15
2015-09-01 17:51 - 2015-09-01 17:51 - 00117940 _____ C:\Users\Marcos\Downloads\notesforweekof852015 (1).zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-01 17:52 - 2014-10-13 14:13 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-01 17:39 - 2015-06-23 21:28 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA.job
2015-10-01 17:31 - 2014-12-09 17:57 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA.job
2015-10-01 17:01 - 2009-07-13 23:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-01 17:01 - 2009-07-13 23:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-01 16:39 - 2015-06-23 21:28 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core.job
2015-10-01 16:11 - 2014-10-11 18:55 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E9CF7435-EDB7-491D-B6E4-8EEBC1C8A1ED}
2015-10-01 14:33 - 2014-10-18 17:09 - 00000000 ____D C:\ProgramData\MediaMall
2015-10-01 12:31 - 2014-10-18 17:09 - 00000000 ____D C:\Program Files (x86)\MediaMall
2015-10-01 11:07 - 2014-10-11 18:50 - 01868886 _____ C:\windows\WindowsUpdate.log
2015-10-01 04:54 - 2014-10-13 12:24 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-01 02:00 - 2014-10-13 12:20 - 00000000 ____D C:\Users\Marcos\AppData\Local\Adobe
2015-09-30 21:51 - 2014-10-13 14:13 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-30 20:31 - 2014-12-09 17:57 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core.job
2015-09-30 19:27 - 2014-10-13 15:11 - 00000000 ___RD C:\Users\Marcos\Sync
2015-09-30 19:24 - 2015-08-23 01:00 - 00001176 _____ C:\windows\setupact.log
2015-09-30 19:24 - 2015-04-19 10:14 - 00000000 ___RD C:\Users\Marcos\Google Drive
2015-09-30 19:24 - 2014-10-13 14:39 - 00000000 ___RD C:\Users\Marcos\Dropbox
2015-09-30 19:24 - 2014-10-13 14:37 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Dropbox
2015-09-30 19:23 - 2014-10-07 01:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-30 19:23 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-30 18:31 - 2014-10-26 05:45 - 00000336 _____ C:\windows\Tasks\HPCeeScheduleForMarcos.job
2015-09-30 17:32 - 2014-10-13 16:25 - 00000000 ____D C:\Users\Marcos\Documents\Outlook Files
2015-09-29 13:31 - 2014-10-13 14:13 - 00000000 ____D C:\Users\Marcos\AppData\Local\Google
2015-09-29 07:58 - 2014-10-13 11:10 - 00003206 _____ C:\windows\System32\Tasks\Norton WSC Integration
2015-09-29 07:58 - 2014-10-13 11:10 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2015-09-29 07:57 - 2015-06-25 16:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-09-29 07:57 - 2014-10-13 11:10 - 00002234 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-09-27 05:47 - 2014-10-19 10:49 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-09-26 16:51 - 2014-10-13 11:04 - 00000000 ____D C:\ProgramData\Norton
2015-09-21 16:53 - 2014-10-07 02:10 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 16:53 - 2014-10-07 02:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-20 05:48 - 2014-10-26 05:45 - 00003192 _____ C:\windows\System32\Tasks\HPCeeScheduleForMarcos
2015-09-19 02:41 - 2014-10-26 08:41 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-19 02:41 - 2013-12-03 15:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-19 02:40 - 2014-10-26 08:41 - 00003554 _____ C:\windows\System32\Tasks\GarminUpdaterTask
2015-09-18 15:16 - 2015-04-11 10:58 - 00000000 ____D C:\Users\Marcos\AppData\Local\Garmin_Ltd._or_its_subsid
2015-09-18 15:13 - 2009-07-14 00:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-18 15:12 - 2014-10-26 08:42 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Garmin
2015-09-18 15:12 - 2014-10-26 08:41 - 00000000 ____D C:\ProgramData\Garmin
2015-09-17 19:17 - 2014-10-18 10:15 - 00000000 ___RD C:\Users\Marcos\Travel stuff
2015-09-14 21:47 - 2014-10-13 14:13 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-14 21:46 - 2014-10-13 14:13 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 20:26 - 2014-12-09 17:57 - 00003884 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA
2015-09-14 20:26 - 2014-12-09 17:57 - 00003488 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core
2015-09-14 12:55 - 2014-10-18 10:33 - 00000000 ___RD C:\SHARED FOLDER
2015-09-13 13:49 - 2014-10-18 09:37 - 00000000 ____D C:\Users\Marcos\Documents\Mom
2015-09-13 11:54 - 2014-10-13 10:48 - 00000000 ___RD C:\Users\Marcos\Desktop\Utilities
2015-09-12 07:42 - 2014-10-18 09:41 - 00019555 _____ C:\Users\Marcos\Documents\passwords.xlsx
2015-09-12 06:01 - 2015-03-07 12:11 - 00002464 _____ C:\Users\Marcos\Desktop\Staniel Cay - Exuma Bahamas.lnk
2015-09-10 18:51 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-09-10 18:12 - 2009-07-13 23:45 - 00465952 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-10 18:10 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 18:10 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-09 03:14 - 2014-10-13 13:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 03:13 - 2014-10-11 19:10 - 00000000 ____D C:\windows\system32\MRT
2015-09-08 18:54 - 2014-10-18 09:41 - 00011333 _____ C:\Users\Marcos\Documents\Passwords for bill paying.xlsx
2015-09-05 18:40 - 2014-10-11 18:55 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Adobe
2015-09-01 18:16 - 2014-10-13 14:49 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Dashlane
==================== Files in the root of some directories =======
2015-03-01 08:50 - 2015-03-01 08:50 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\0D7F941.html
2015-01-04 14:53 - 2015-01-04 14:53 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\2C3C94D.html
2015-07-04 17:38 - 2015-07-04 17:38 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\2E2664D.html
2015-03-01 09:02 - 2015-03-01 09:02 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\38D6611.html
2015-07-06 19:07 - 2015-07-06 19:07 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\3E38103.html
2015-06-08 18:49 - 2015-06-08 18:49 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\973CEB3.html
2015-09-05 19:02 - 2015-09-05 19:02 - 0000132 _____ () C:\Users\Marcos\AppData\Roaming\Adobe GIF Format CC Prefs
2015-03-01 08:52 - 2015-03-01 08:52 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\AF94ABA.html
2015-03-28 10:30 - 2015-03-28 10:30 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\C2A17A9.html
2015-06-08 18:51 - 2015-06-08 18:51 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\CF9F2E0.html
2014-11-01 11:13 - 2014-11-01 11:13 - 0038441 _____ () C:\Users\Marcos\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-09-05 18:40 - 2015-09-05 18:40 - 0001456 _____ () C:\Users\Marcos\AppData\Local\Adobe Save for Web 13.0 Prefs
Some files in TEMP:
====================
C:\Users\Marcos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnhmoe.dll
C:\Users\Marcos\AppData\Local\Temp\HitmanPro.exe
C:\Users\Marcos\AppData\Local\Temp\sqlite3.dll
C:\Users\Marcos\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-01 00:15
==================== End of FRST.txt ============================
From the TXT file named Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Marcos (2015-10-01 17:57:18)
Running from C:\Users\Marcos\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-10-11 23:50:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3740367901-1813877255-2116710245-500 - Administrator - Disabled)
Guest (S-1-5-21-3740367901-1813877255-2116710245-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3740367901-1813877255-2116710245-1005 - Limited - Enabled)
Kim (S-1-5-21-3740367901-1813877255-2116710245-1004 - Administrator - Enabled) => C:\Users\Kim
Kimberly (S-1-5-21-3740367901-1813877255-2116710245-1003 - Limited - Enabled)
Marcos (S-1-5-21-3740367901-1813877255-2116710245-1000 - Administrator - Enabled) => C:\Users\Marcos
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.15 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
Amazon Cloud Drive (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Amazon Cloud Drive) (Version: 2.4.2.25 - Amazon Digital Services, LLC.)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.1.0 - Amazon Services LLC) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter Ultimate 5.7.6 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Any Video Recorder version 1.0.4 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.4 - anvsoft, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.201 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5000 - Broadcom Corporation)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ChromecastApp (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
CyberLink AudioDirector 5 (HKLM-x32\...\{78D01FB2-57B6-4612-89EC-5B19A93E5F43}) (Version: 5.0.4712.3 - CyberLink Corp.)
CyberLink Holiday Pack vol 5 (HKLM-x32\...\InstallShield_{56534024-7852-4F49-A27E-02CF3F2CD540}) (Version: Holiday Pack 5 - CyberLink Corp.)
CyberLink Holiday Pack vol 6 (HKLM-x32\...\InstallShield_{E33E83D2-5B7E-447E-9B02-BBBD47B86389}) (Version: Holiday Pack 6 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.3130.0 - CyberLink Corp.)
CyberLink PowerDirector 13 Content Pack Essential (HKLM-x32\...\InstallShield_{749B310F-A489-439D-9AEF-1332222F2E04}) (Version: 13 Essential - CyberLink Corp.)
CyberLink PowerDirector 13 Content Pack Premium (HKLM-x32\...\InstallShield_{9B866025-5082-4B88-8A62-F6FBBFCBBBA1}) (Version: 13 Premium - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
CyberLink Wedding Pack (HKLM-x32\...\InstallShield_{741635DB-36DA-4BCF-BB52-0F4C1C4E0DFB}) (Version: Wedding Pack - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Dashlane) (Version: 3.5.2.91147 - Dashlane SAS)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
ExpressCache (HKLM\...\{6E55C9F8-138E-4128-8A9F-6464725BE98A}) (Version: 1.0.102.0 - Condusiv Technologies)
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
Free YouTube to MP3 Converter Studio 8.4 (HKLM-x32\...\Free YouTube to MP3 Converter Studio_is1) (Version: - mediaprolab.com)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{C869E3D3-23D3-4102-A5C5-3D33448FC613}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
Icecream PDF Split and Merge version 1.03 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.03 - Icecream Apps)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Image Composite Editor (HKLM\...\{380B7D01-4411-4D5D-AB9A-2A12FA315481}) (Version: 2.0.2 - Microsoft Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Picture It! Photo Premium 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MP3 Splitter & Joiner (HKLM-x32\...\MP3 Splitter & Joiner_is1) (Version: - )
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.4.24 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.0.0.18 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PlayLater (HKLM-x32\...\{132FA3A5-4645-4E5E-BC66-4055F5D1C44C}) (Version: 1.6.9 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{332917AC-ACF7-4619-B5A4-AB722FB6B2F8}) (Version: 3.10.9 - MediaMall Technologies, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6704 - CyberLink Corp.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Special Uninstaller version 3.0 (HKLM-x32\...\{46744C87-EE41-4BA3-A444-C2DECC145FC0}_is1) (Version: 3.0 - www.specialuninstaller.com/)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wise Registry Cleaner 8.65 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.65 - WiseCleaner.com, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-09-2015 00:00:01 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06CF176D-97C2-4530-A453-A74700ED11DC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {1513CCF0-1D91-443E-B2C1-0992C6232C5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {25309BE1-5150-42D4-BD89-47403FB4D6D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2533D23A-64D1-48A7-A056-1868EB15A558} - System32\Tasks\{14503ABA-CAFB-49E7-BEA7-0A3C36A765BE} => pcalua.exe -a "C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXMH86GV\JavaSetup8u45.exe" -d C:\Users\Marcos\Desktop
Task: {2579E4E3-9018-4BFE-89EA-CDD7CBBF64FA} - System32\Tasks\{4C7EED3A-FE59-4144-A917-B6282C5AAC73} => pcalua.exe -a C:\Users\Marcos\Downloads\sp59291.exe -d C:\Users\Marcos\Downloads
Task: {3E6F6506-6279-4779-B0BD-DDD42175B865} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {4D2593ED-BCED-4962-8C65-AAA6409EFD8B} - System32\Tasks\AdobeAAMUpdater-1.0-HP-DESKTOP-Marcos => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-08-27] (Adobe Systems Incorporated)
Task: {4F532792-B65B-4EB2-BA30-507A8F3BEA98} - System32\Tasks\HPCeeScheduleForMarcos => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {633C0331-3AB6-4E70-8AFD-FB2F1DCBCE03} - System32\Tasks\{D9BE26BC-F1CC-4039-9958-257EDE8614E3} => pcalua.exe -a "C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard\Engine\7.0.0.18\Gear\GEARDIFx.exe" -d C:\Users\Marcos\Downloads -c INSTALL "NBRTWizard" "{A4274214-B468-482e-B2AC-24FCD2365C4B}"
Task: {7F285E3D-3335-4208-BD23-BF8FE8D33676} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2015-07-27] (WiseCleaner.com)
Task: {87D0A9E4-BAAC-4000-9307-AD4456E7D140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {8863804C-62B0-4502-AAB3-E1EEB0B90986} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8E04929B-F057-4A9D-B8B5-299A32C1B2C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8F74098D-F6DB-49C7-A04C-1C66A4937DAB} - System32\Tasks\{6E8E2A7C-02BD-42C1-9064-0BAE3858A687} => pcalua.exe -a C:\Users\Marcos\AppData\Local\Temp\jre-8u51-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau-m FAMILYUPGRADE=1
Task: {9CDD350F-0053-4E4C-827D-F234F802173F} - System32\Tasks\Record Last Comic Standing Starts 7-22
Task: {A0917073-7A65-46A7-9433-5C024D1A69FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {B6403718-753B-4CC8-B9F7-4B30A6CDAB7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B85854AB-F394-4224-B981-6887D64C07F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B9F94D8D-E0EF-46CA-8B77-27743B86FB79} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C8C5D9C2-59EA-47A2-AFF1-998968DAF4FB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {CEC4D15F-09C8-4705-B5BE-5C9BC1EC176D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {D374E73A-5614-4671-8FA7-F274C0C1827F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {D6252A83-3948-44C8-9240-B731C5EA433C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {D7D8F130-F45E-47CC-BE35-351D98461559} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DAC2F22C-4C8C-4716-A31D-964E088CD3EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FF011C1C-1490-412C-9D15-055B0DBC689C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core.job => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA.job => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core.job => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA.job => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMarcos.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2014-10-07 01:53 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-19 13:12 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-25 11:18 - 2011-10-30 15:02 - 00038912 _____ () C:\Users\Marcos\Desktop\Utilities\RBTray\RBTray-4_3\64bit\RBHook.dll
2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2014-10-13 14:49 - 2015-08-27 09:53 - 00228024 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\Dashlane.exe
2015-07-02 18:37 - 2015-07-02 18:37 - 00049152 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2015-07-02 18:37 - 2015-07-02 18:37 - 01158656 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2015-07-02 18:37 - 2015-07-02 18:37 - 00263680 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2015-07-02 18:37 - 2015-07-02 18:37 - 00111616 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2014-10-13 14:49 - 2015-08-27 09:53 - 00285880 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\DashlanePlugin.exe
2015-07-25 11:18 - 2011-10-30 15:02 - 00045568 _____ () C:\Users\Marcos\Desktop\Utilities\RBTray\RBTray-4_3\64bit\RBTray.exe
2014-10-07 02:05 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2013-12-17 04:42 - 2013-12-17 04:42 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00338104 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00422072 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00443576 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 31364792 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00276664 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 05763768 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 06980280 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 13231800 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 02073272 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00338616 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.5.2.91147.dll
2015-09-30 19:24 - 2015-09-30 19:24 - 00071168 _____ () c:\users\marcos\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnhmoe.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00012800 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00779776 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 00:40 - 2015-08-05 00:26 - 00056320 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00012288 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-09-30 19:24 - 2015-09-30 19:24 - 00098816 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32api.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00110080 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\pywintypes27.dll
2015-09-30 19:24 - 2015-09-30 19:24 - 00364544 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\pythoncom27.dll
2015-09-30 19:24 - 2015-09-30 19:24 - 00045568 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_socket.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 01161216 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_ssl.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00320512 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32com.shell.shell.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00713216 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_hashlib.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 01176576 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._core_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00806400 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._gdi_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00816128 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._windows_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 01067008 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._controls_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00733184 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._misc_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00682496 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\pysqlite2._sqlite.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00087552 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_ctypes.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00119808 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32file.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00108544 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32security.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00007168 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\hashobjs_ext.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00068096 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\usb_ext.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00167936 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32gui.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00018432 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32event.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00128512 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_elementtree.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00127488 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\pyexpat.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00013824 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\common.time34.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00036864 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_psutil_windows.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00038912 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32inet.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00011264 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32crypt.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00077312 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._html2.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00027136 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_multiprocessing.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00020480 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_yappi.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00035840 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32process.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00686080 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\unicodedata.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00123392 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._wizard.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00024064 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32pipe.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00010240 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\select.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00025600 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32pdh.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00525640 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\windows._lib_cacheinvalidation.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00017408 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32profile.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00022528 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32ts.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00078848 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._animate.pyd
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-09-25 21:54 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 21:54 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Marcos\Documents\White Box.jpg:SummaryInformation
AlternateDataStreams: C:\Users\Marcos\Documents\White Box.jpg:Updt_SummaryInformation
AlternateDataStreams: C:\Users\Marcos\Documents\White Box.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Marcos\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{213BB2B8-22E3-4BC1-B4E3-88BAB9D6D5BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83235570-6BFF-4A02-BC8F-A192ECC83670}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5C537B69-7FAC-426F-81DC-CB4EA52562E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E3EBC9C-1080-46E6-A8AE-794C0B40028E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CDBDB02-E821-4E75-B51C-0635944EF7DA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{41EBC84D-A0A7-4FD3-B368-C8FEC4FE8DCB}] => (Allow) LPort=2869
FirewallRules: [{9A586F2C-1862-4DC6-8A58-7456FB294938}] => (Allow) LPort=1900
FirewallRules: [{ECBE780D-89D1-47BC-9F06-3A1AD46E4215}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{15500223-4763-4D49-BD29-903E60A40C53}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A54072A4-47D6-46D3-BD0F-F491EE11CE79}] => (Allow) C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3113F523-4DEE-4806-8F8F-1054B325443B}] => (Allow) C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F284E1B5-E82B-4041-953A-4601B253278D}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{9BB86FD0-ADF3-4941-81C3-AAD606B9B01B}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{A1EB600A-B2A1-423E-9673-2065FD213655}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{F31B66F8-02CB-487B-93C3-352385DC2179}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [{4C49B3D7-13A2-41DD-A14F-B837651F92A1}] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe
FirewallRules: [TCP Query User{D4BD612C-AF43-4AC6-80D4-77B138950A5C}C:\users\marcos\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marcos\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{23B3A6B1-C1EB-40AE-9CA0-41B317C90BCE}C:\users\marcos\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marcos\appdata\local\akamai\netsession_win.exe
FirewallRules: [{98E5B442-1B52-44D2-93E9-5DE117EED17F}] => (Block) C:\users\marcos\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0625507C-FA35-4FBD-9560-FDF1359BAC1C}] => (Block) C:\users\marcos\appdata\local\akamai\netsession_win.exe
FirewallRules: [{550E3C38-12A6-4C95-BFD0-2A06BD031A48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6AA594F7-9595-487E-93C2-9352AE765F82}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2EE6A96E-1CEF-48FF-BE16-F1E0196811ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9F605597-DE56-45CA-84B7-BF47386DF91D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{860E7129-0635-4A4A-A0ED-17000EA38AAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B8B0506F-4C81-4DC6-9CD1-47AA9B8FDBC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9CA0E664-A8C7-4F3D-A556-FE8A5B07F4AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA4708EE-351B-4D3E-9F75-E776952ECE6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15B90582-0845-4817-8417-F2C0AEF142C0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFA7C7BB-2568-4A0D-A282-96303646E8C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8EF804F8-066F-42E8-ABAD-76A3446FE54E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
==================== Faulty Device Manager Devices =============
Name: Broadcom BCM943228HMB 802.11abgn 2x2 Wi-Fi Adapter
Description: Broadcom BCM943228HMB 802.11abgn 2x2 Wi-Fi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/01/2015 03:19:45 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
Error: (10/01/2015 03:19:45 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
Error: (10/01/2015 03:19:45 AM) (Source: Application) (EventID: 0) (User: )
Description: Object reference not set to an instance of an object.
Error: (09/30/2015 07:10:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marcos\Downloads\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
Error: (09/30/2015 07:10:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marcos\Downloads\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
Error: (09/30/2015 06:35:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1204
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Error: (09/27/2015 01:38:16 PM) (Source: Application) (EventID: 0) (User: )
Description: Object reference not set to an instance of an object.
Error: (09/27/2015 01:38:16 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
Error: (09/27/2015 01:38:16 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
Error: (09/25/2015 07:19:41 PM) (Source: Application) (EventID: 0) (User: )
Description: Object reference not set to an instance of an object.
System errors:
=============
Error: (09/30/2015 09:31:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (09/30/2015 07:24:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ExpressCache service.
Error: (09/30/2015 07:23:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office ClickToRun Service service failed to start due to the following error:
%%3
Error: (09/30/2015 07:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068
Error: (09/30/2015 07:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (09/30/2015 07:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (09/30/2015 07:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (09/30/2015 07:19:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/30/2015 07:19:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (09/30/2015 07:19:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2014-12-21 09:55:40.586
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:55:40.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:55:40.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.037
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:42:45.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 52%
Total physical RAM: 8131.2 MB
Available physical RAM: 3825.87 MB
Total Virtual: 16260.61 MB
Available Virtual: 11249.97 MB
==================== Drives ================================
Drive c: (HP-Marcos) (Fixed) (Total:921.3 GB) (Free:686.95 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9.89 GB) (Free:1.2 GB) NTFS
Drive j: (External Backup) (Fixed) (Total:684.44 GB) (Free:264.88 GB) NTFS
Drive k: (External Saved Files) (Fixed) (Total:247.07 GB) (Free:155.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E94DD82F)
Partition: GPT.
Could not read MBR for disk 1.
========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=684.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Thank you in advance for your help.
Scott
I have a Windows 7 Pro, 64 bit system and typically use Chrome as my web browser. Over the last few days I have noticed when clicking on a link in highly reliable websites it is redirecting me to site with ads for whatever. I always exit out of them with out clicking on anything on the webpage. I have ran 5 different malware detection/removal software. I have Malwarebytes Anti-Malware (paid software), which gives me real time malware protection, at least it has since June 2015 when it was installed. I have seen it block malware attacks. I also have Norton 360 for anti-virus and firewall. As a matter of fact when I clicked on the link to register for this site I was taken to a webpage saying I was infected and needed to use their scan to get rid of a virus. Of course I exited out. So as I said this was happening without any warnings from Norton for the last few days, but now I am getting warnings from Norton saying "Web Attack: Fake Scan Webpage 29" is the message I got when I clicked on the link to register on this site. The one before that said "Web Attack: Fake Scan Webpage 16" while researching this virus a few minutes ago. I was not getting these messages a few days ago when this started.
So I have followed your instruction and below you will find the log I received after running FRST64 on my computer.
From the TXT file named FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Marcos (administrator) on HP-DESKTOP (01-10-2015 17:56:41)
Running from C:\Users\Marcos\Downloads
Loaded Profiles: Marcos (Available Profiles: Marcos & Kim)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Marcos\AppData\Roaming\Dashlane\Dashlane.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\PlayOn.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Marcos\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Users\Marcos\Desktop\Utilities\RBTray\RBTray-4_3\64bit\RBTray.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-11] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-11] (Hewlett-Packard )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-11-07] (Intel Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [Dashlane] => C:\Users\Marcos\AppData\Roaming\Dashlane\Dashlane.exe [228024 2015-08-27] ()
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [PlayOn] => C:\Program Files (x86)\MediaMall\PlayOn.exe [67904 2015-09-18] (MediaMall Technologies, Inc.)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [Google Update] => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [49152 2015-07-02] ()
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [Dropbox Update] => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [DashlanePlugin] => C:\Users\Marcos\AppData\Roaming\Dashlane\DashlanePlugin.exe [285880 2015-08-27] ()
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe -update activex
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InternetConnectivityMonitor.exe - Shortcut.lnk [2015-07-30]
ShortcutTarget: InternetConnectivityMonitor.exe - Shortcut.lnk -> C:\Users\Marcos\Desktop\Utilities\Internet Connection Mointor\InternetConnectivityMonitor.exe (Genc Alikaj)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-10-13]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe - Shortcut.lnk [2015-07-25]
ShortcutTarget: RBTray.exe - Shortcut.lnk -> C:\Users\Marcos\Desktop\Utilities\RBTray\RBTray-4_3\64bit\RBTray.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{29C52F78-EE48-44A1-B11B-4A5037D29961}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7B3F37DB-79E9-41BE-B5B8-09B789865402}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BE30523C-265D-4A32-BA9F-FB3EF8105812}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {F62BD256-3999-4D3A-B266-61B0E01E9CDE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000 -> {8F89F10E-4487-4C7D-B9A9-97DD124FE238} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Marcos\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2015-08-27] (Dashlane)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Marcos\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-08-27] (Dashlane)
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {809A6301-7B40-4436-A02C-87B8D3D7D9E3} hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File
FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\gwge9d7z.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://99.74.111.33/login
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-08-13] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3740367901-1813877255-2116710245-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3740367901-1813877255-2116710245-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-09-30]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.yahoo.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR Profile: C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Fixer for Java) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakbbfplfhjmmheafiipemmmjjlgcolo [2015-06-25]
CHR Extension: (MEGA) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-06-28]
CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Google Cast) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-06-25]
CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Share link via email) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2015-05-26]
CHR Extension: (Google Play Music) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-09-12]
CHR Extension: (Dashlane) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-10-13]
CHR Extension: (Google Sheets) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Save to Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-04-19]
CHR Extension: (New Tab Redirect) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-10-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (PlayOn) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2014-10-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-19]
CHR Extension: (Flashcontrol) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Hover Zoom) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-10-13]
CHR Extension: (Adblock Pro) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-05-28]
CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5933872 2015-09-18] (MediaMall Technologies, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe [282016 2015-09-24] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-11-06] (CyberLink)
R2 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [339456 2013-11-11] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)
S2 ClickToRunSvc; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-02] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150928.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [30360 2015-03-13] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150930.001\IDSvia64.sys [767216 2015-09-22] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151001.002\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151001.002\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-10-13] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-10-13] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-10-13] (Acronis International GmbH)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [109432 2015-09-30] (Zemana Ltd.)
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-01 17:56 - 2015-10-01 17:57 - 00040061 _____ C:\Users\Marcos\Downloads\FRST.txt
2015-10-01 17:56 - 2015-10-01 17:56 - 02192384 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2015-10-01 17:56 - 2015-10-01 17:56 - 00000000 ____D C:\FRST
2015-09-30 19:54 - 2015-09-30 19:54 - 00000000 ___SH C:\DkHyperbootSync
2015-09-30 19:15 - 2015-09-30 19:17 - 00000000 ____D C:\AdwCleaner
2015-09-30 19:14 - 2015-09-30 19:14 - 01670656 _____ C:\Users\Marcos\Downloads\adwcleaner_5.009.exe
2015-09-30 19:13 - 2015-09-30 19:13 - 00109432 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2015-09-30 19:13 - 2015-09-30 19:13 - 00000000 ____D C:\Users\Marcos\AppData\Local\Zemana
2015-09-30 19:12 - 2015-09-30 19:12 - 05078968 _____ ( ) C:\Users\Marcos\Downloads\Zemana.AntiMalware.Setup.exe
2015-09-30 19:10 - 2015-09-30 19:10 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-09-30 19:03 - 2015-09-30 19:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-30 19:02 - 2015-09-30 19:03 - 11350472 _____ (SurfRight B.V.) C:\Users\Marcos\Downloads\HitmanPro_x64.exe
2015-09-30 18:47 - 2015-09-30 18:48 - 00002956 _____ C:\Users\Marcos\Desktop\Rkill.txt
2015-09-30 18:46 - 2015-09-30 18:46 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Marcos\Downloads\iExplore.exe
2015-09-30 18:46 - 2015-09-30 18:46 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Marcos\Downloads\iExplore (1).exe
2015-09-30 18:43 - 2015-09-30 18:44 - 04383777 _____ C:\Users\Marcos\Downloads\tdsskiller.zip
2015-09-30 18:19 - 2015-09-30 18:19 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Marcos\Downloads\tdsskiller.exe
2015-09-30 12:20 - 2015-09-30 12:20 - 00139108 _____ C:\Users\Marcos\Downloads\notesfortheweekof8162015 (1).zip
2015-09-30 12:20 - 2015-09-30 12:20 - 00128106 _____ C:\Users\Marcos\Downloads\notesforweekof8242015 (1).zip
2015-09-29 13:31 - 2015-09-29 13:31 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2015-09-29 07:58 - 2015-09-29 07:58 - 00000000 ____D C:\windows\System32\Tasks\Norton 360
2015-09-26 19:57 - 2015-09-26 19:57 - 03587883 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-26-15
2015-09-26 16:50 - 2015-09-26 16:50 - 01201328 _____ (Symantec Corporation) C:\Users\Marcos\Downloads\AutoDetectPkg.exe
2015-09-19 02:40 - 2015-09-19 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-16 19:56 - 2015-09-16 19:56 - 00011319 _____ C:\Users\Marcos\Downloads\Bill Kimberly Marcos 9-14-2015.xlsx
2015-09-16 19:54 - 2015-09-16 19:54 - 00128106 _____ C:\Users\Marcos\Downloads\notesforweekof8242015.zip
2015-09-16 19:54 - 2015-09-16 19:54 - 00011346 _____ C:\Users\Marcos\Downloads\Bill Kimberly Marcos 9-15-2015.xlsx
2015-09-16 19:53 - 2015-09-16 19:53 - 00139108 _____ C:\Users\Marcos\Downloads\notesfortheweekof8162015.zip
2015-09-15 02:59 - 2015-09-15 02:59 - 00082617 _____ C:\Users\Marcos\Downloads\rehithere (1).zip
2015-09-14 18:54 - 2015-09-14 18:54 - 00001294 _____ C:\Users\Marcos\Downloads\Untitled
2015-09-14 02:04 - 2015-09-14 02:04 - 00000000 ____D C:\Users\Marcos\Desktop\Your Donated iPod’s Journey through MUSIC & MEMORY℠_files
2015-09-13 13:46 - 2015-09-13 14:02 - 00024064 ___SH C:\Users\Marcos\Documents\Thumbs.db
2015-09-12 14:38 - 2015-09-28 14:54 - 00010062 _____ C:\Users\Marcos\Desktop\bp for robb..xlsx
2015-09-12 11:31 - 2015-09-12 11:31 - 00863552 _____ (Amazon) C:\Users\Marcos\Downloads\AmazonCloudDriveSetup (1).exe
2015-09-12 06:00 - 2015-09-12 06:00 - 00344041 _____ C:\Users\Marcos\Downloads\Attachments_2015912.zip
2015-09-12 06:00 - 2015-09-12 06:00 - 00000062 _____ C:\Users\Marcos\Downloads\ATT00001.txt
2015-09-10 23:12 - 2015-09-10 23:12 - 00110501 _____ C:\Users\Marcos\Downloads\payreport.zip
2015-09-10 18:12 - 2015-09-30 18:30 - 00072328 _____ C:\windows\PFRO.log
2015-09-10 18:09 - 2015-09-10 18:09 - 00528930 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-10-15
2015-09-08 23:53 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-08 23:53 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-08 23:53 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-09-08 23:53 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-08 23:53 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-09-08 23:53 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-09-08 23:53 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-09-08 23:53 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-09-08 23:53 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-09-08 23:53 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-09-08 23:52 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-09-08 23:52 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-08 23:52 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-09-08 23:52 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-09-08 23:52 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-09-08 23:52 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-08 23:52 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-09-08 23:52 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-09-08 23:52 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-08 23:52 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-08 23:52 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-08 23:52 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-08 23:52 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-08 23:52 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-09-08 23:52 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-09-08 23:52 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-08 23:52 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-08 23:52 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-09-08 23:52 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-09-08 23:52 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-09-08 23:52 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-08 23:52 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-09-08 23:52 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-08 23:52 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-09-08 23:52 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-08 23:52 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-08 23:52 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-08 23:52 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-09-08 23:52 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-08 23:52 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-08 23:52 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-08 23:52 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-08 23:52 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-09-08 23:52 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-09-08 23:52 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-09-08 23:52 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-09-08 23:52 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-08 23:52 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-08 23:52 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-09-08 23:52 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-09-08 23:52 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-09-08 23:52 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-09-08 23:52 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-08 23:52 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-09-08 23:52 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-08 23:52 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-09-08 23:52 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-09-08 23:52 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-09-08 23:52 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-08 23:52 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-09-08 23:52 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-09-08 23:52 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-09-08 23:52 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 23:52 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-09-08 23:52 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-09-08 23:52 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-08 23:52 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-09-08 23:52 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-09-08 23:52 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-09-08 23:52 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-09-08 23:52 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-09-08 23:52 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-08 23:52 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-09-08 23:52 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-09-08 23:52 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-09-08 23:52 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-08 23:52 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-09-08 23:52 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-09-08 23:52 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-08 23:52 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-08 23:52 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-08 23:52 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-09-08 23:52 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-09-08 23:52 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-08 23:52 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-08 23:52 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-09-08 23:52 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-09-08 23:52 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-09-08 23:52 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-08 23:52 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-08 23:52 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-08 23:52 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-08 23:52 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-08 23:52 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-09-08 23:52 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-08 23:52 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-08 23:52 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-08 23:52 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-08 23:52 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-08 23:52 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-09-08 23:52 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-09-08 23:52 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-09-08 23:52 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-08 23:52 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-08 23:52 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-09-08 23:52 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-09-08 23:52 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-08 23:52 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-09-08 23:52 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-09-08 23:52 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-09-08 23:52 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-09-08 23:52 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-09-08 23:52 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-09-08 23:52 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-09-08 23:52 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-09-08 23:52 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-09-08 23:52 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-09-08 23:52 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-09-08 23:52 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-09-08 23:52 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-09-08 23:52 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-09-08 23:52 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-09-08 23:52 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-09-08 23:52 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-09-08 23:52 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-09-08 23:52 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-09-08 23:52 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-09-08 23:52 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-09-08 23:52 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-09-08 23:52 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-09-08 23:52 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-09-08 23:52 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-09-08 23:52 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-08 23:52 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-09-08 23:52 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-09-08 23:52 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-09-08 23:52 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-09-08 23:52 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-09-08 23:52 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:52 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:52 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-08 23:52 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-08 23:52 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-09-08 23:52 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-08 22:50 - 2015-09-08 22:50 - 00082617 _____ C:\Users\Marcos\Downloads\rehithere.zip
2015-09-08 21:56 - 2015-09-08 21:56 - 00128465 _____ C:\Users\Marcos\Downloads\notesforweekof8102015.zip
2015-09-08 17:44 - 2015-09-08 17:44 - 00572650 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-8-15
2015-09-07 09:51 - 2015-09-07 09:51 - 00333008 _____ C:\Users\Marcos\Downloads\Attachments_201597.zip
2015-09-06 13:19 - 2015-09-06 13:19 - 00742729 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-6-15
2015-09-05 19:02 - 2015-09-05 19:02 - 00000132 _____ C:\Users\Marcos\AppData\Roaming\Adobe GIF Format CC Prefs
2015-09-05 18:52 - 2015-09-05 18:52 - 00158610 _____ C:\Users\Marcos\Downloads\ICOFormat-2.1f1-win64 (2).zip
2015-09-05 18:52 - 2015-09-05 18:52 - 00158610 _____ C:\Users\Marcos\Downloads\ICOFormat-2.1f1-win64 (1).zip
2015-09-05 18:51 - 2015-09-05 18:51 - 00158610 _____ C:\Users\Marcos\Downloads\ICOFormat-2.1f1-win64.zip
2015-09-05 18:40 - 2015-09-05 18:40 - 00001456 _____ C:\Users\Marcos\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-09-05 18:23 - 2015-09-05 19:15 - 00000135 _____ C:\Users\Marcos\Desktop\Google.url
2015-09-03 20:58 - 2015-09-03 20:58 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-03 17:23 - 2015-09-03 17:23 - 00261361 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-3-15
2015-09-02 17:28 - 2015-09-02 17:28 - 00522159 _____ C:\Users\Marcos\Documents\ATT Connection Log 9-2-15
2015-09-01 17:51 - 2015-09-01 17:51 - 00117940 _____ C:\Users\Marcos\Downloads\notesforweekof852015 (1).zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-01 17:52 - 2014-10-13 14:13 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-01 17:39 - 2015-06-23 21:28 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA.job
2015-10-01 17:31 - 2014-12-09 17:57 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA.job
2015-10-01 17:01 - 2009-07-13 23:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-01 17:01 - 2009-07-13 23:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-01 16:39 - 2015-06-23 21:28 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core.job
2015-10-01 16:11 - 2014-10-11 18:55 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E9CF7435-EDB7-491D-B6E4-8EEBC1C8A1ED}
2015-10-01 14:33 - 2014-10-18 17:09 - 00000000 ____D C:\ProgramData\MediaMall
2015-10-01 12:31 - 2014-10-18 17:09 - 00000000 ____D C:\Program Files (x86)\MediaMall
2015-10-01 11:07 - 2014-10-11 18:50 - 01868886 _____ C:\windows\WindowsUpdate.log
2015-10-01 04:54 - 2014-10-13 12:24 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-01 02:00 - 2014-10-13 12:20 - 00000000 ____D C:\Users\Marcos\AppData\Local\Adobe
2015-09-30 21:51 - 2014-10-13 14:13 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-30 20:31 - 2014-12-09 17:57 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core.job
2015-09-30 19:27 - 2014-10-13 15:11 - 00000000 ___RD C:\Users\Marcos\Sync
2015-09-30 19:24 - 2015-08-23 01:00 - 00001176 _____ C:\windows\setupact.log
2015-09-30 19:24 - 2015-04-19 10:14 - 00000000 ___RD C:\Users\Marcos\Google Drive
2015-09-30 19:24 - 2014-10-13 14:39 - 00000000 ___RD C:\Users\Marcos\Dropbox
2015-09-30 19:24 - 2014-10-13 14:37 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Dropbox
2015-09-30 19:23 - 2014-10-07 01:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-30 19:23 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-30 18:31 - 2014-10-26 05:45 - 00000336 _____ C:\windows\Tasks\HPCeeScheduleForMarcos.job
2015-09-30 17:32 - 2014-10-13 16:25 - 00000000 ____D C:\Users\Marcos\Documents\Outlook Files
2015-09-29 13:31 - 2014-10-13 14:13 - 00000000 ____D C:\Users\Marcos\AppData\Local\Google
2015-09-29 07:58 - 2014-10-13 11:10 - 00003206 _____ C:\windows\System32\Tasks\Norton WSC Integration
2015-09-29 07:58 - 2014-10-13 11:10 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2015-09-29 07:57 - 2015-06-25 16:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-09-29 07:57 - 2014-10-13 11:10 - 00002234 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-09-27 05:47 - 2014-10-19 10:49 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-09-26 16:51 - 2014-10-13 11:04 - 00000000 ____D C:\ProgramData\Norton
2015-09-21 16:53 - 2014-10-07 02:10 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 16:53 - 2014-10-07 02:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-20 05:48 - 2014-10-26 05:45 - 00003192 _____ C:\windows\System32\Tasks\HPCeeScheduleForMarcos
2015-09-19 02:41 - 2014-10-26 08:41 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-19 02:41 - 2013-12-03 15:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-19 02:40 - 2014-10-26 08:41 - 00003554 _____ C:\windows\System32\Tasks\GarminUpdaterTask
2015-09-18 15:16 - 2015-04-11 10:58 - 00000000 ____D C:\Users\Marcos\AppData\Local\Garmin_Ltd._or_its_subsid
2015-09-18 15:13 - 2009-07-14 00:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-18 15:12 - 2014-10-26 08:42 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Garmin
2015-09-18 15:12 - 2014-10-26 08:41 - 00000000 ____D C:\ProgramData\Garmin
2015-09-17 19:17 - 2014-10-18 10:15 - 00000000 ___RD C:\Users\Marcos\Travel stuff
2015-09-14 21:47 - 2014-10-13 14:13 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-14 21:46 - 2014-10-13 14:13 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 20:26 - 2014-12-09 17:57 - 00003884 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA
2015-09-14 20:26 - 2014-12-09 17:57 - 00003488 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core
2015-09-14 12:55 - 2014-10-18 10:33 - 00000000 ___RD C:\SHARED FOLDER
2015-09-13 13:49 - 2014-10-18 09:37 - 00000000 ____D C:\Users\Marcos\Documents\Mom
2015-09-13 11:54 - 2014-10-13 10:48 - 00000000 ___RD C:\Users\Marcos\Desktop\Utilities
2015-09-12 07:42 - 2014-10-18 09:41 - 00019555 _____ C:\Users\Marcos\Documents\passwords.xlsx
2015-09-12 06:01 - 2015-03-07 12:11 - 00002464 _____ C:\Users\Marcos\Desktop\Staniel Cay - Exuma Bahamas.lnk
2015-09-10 18:51 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-09-10 18:12 - 2009-07-13 23:45 - 00465952 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-10 18:10 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 18:10 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-09 03:14 - 2014-10-13 13:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 03:13 - 2014-10-11 19:10 - 00000000 ____D C:\windows\system32\MRT
2015-09-08 18:54 - 2014-10-18 09:41 - 00011333 _____ C:\Users\Marcos\Documents\Passwords for bill paying.xlsx
2015-09-05 18:40 - 2014-10-11 18:55 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Adobe
2015-09-01 18:16 - 2014-10-13 14:49 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Dashlane
==================== Files in the root of some directories =======
2015-03-01 08:50 - 2015-03-01 08:50 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\0D7F941.html
2015-01-04 14:53 - 2015-01-04 14:53 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\2C3C94D.html
2015-07-04 17:38 - 2015-07-04 17:38 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\2E2664D.html
2015-03-01 09:02 - 2015-03-01 09:02 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\38D6611.html
2015-07-06 19:07 - 2015-07-06 19:07 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\3E38103.html
2015-06-08 18:49 - 2015-06-08 18:49 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\973CEB3.html
2015-09-05 19:02 - 2015-09-05 19:02 - 0000132 _____ () C:\Users\Marcos\AppData\Roaming\Adobe GIF Format CC Prefs
2015-03-01 08:52 - 2015-03-01 08:52 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\AF94ABA.html
2015-03-28 10:30 - 2015-03-28 10:30 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\C2A17A9.html
2015-06-08 18:51 - 2015-06-08 18:51 - 0000070 _____ () C:\Users\Marcos\AppData\Roaming\CF9F2E0.html
2014-11-01 11:13 - 2014-11-01 11:13 - 0038441 _____ () C:\Users\Marcos\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-09-05 18:40 - 2015-09-05 18:40 - 0001456 _____ () C:\Users\Marcos\AppData\Local\Adobe Save for Web 13.0 Prefs
Some files in TEMP:
====================
C:\Users\Marcos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnhmoe.dll
C:\Users\Marcos\AppData\Local\Temp\HitmanPro.exe
C:\Users\Marcos\AppData\Local\Temp\sqlite3.dll
C:\Users\Marcos\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-01 00:15
==================== End of FRST.txt ============================
From the TXT file named Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Marcos (2015-10-01 17:57:18)
Running from C:\Users\Marcos\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-10-11 23:50:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3740367901-1813877255-2116710245-500 - Administrator - Disabled)
Guest (S-1-5-21-3740367901-1813877255-2116710245-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3740367901-1813877255-2116710245-1005 - Limited - Enabled)
Kim (S-1-5-21-3740367901-1813877255-2116710245-1004 - Administrator - Enabled) => C:\Users\Kim
Kimberly (S-1-5-21-3740367901-1813877255-2116710245-1003 - Limited - Enabled)
Marcos (S-1-5-21-3740367901-1813877255-2116710245-1000 - Administrator - Enabled) => C:\Users\Marcos
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.15 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
Amazon Cloud Drive (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Amazon Cloud Drive) (Version: 2.4.2.25 - Amazon Digital Services, LLC.)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.1.0 - Amazon Services LLC) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter Ultimate 5.7.6 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Any Video Recorder version 1.0.4 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.4 - anvsoft, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.201 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5000 - Broadcom Corporation)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ChromecastApp (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
CyberLink AudioDirector 5 (HKLM-x32\...\{78D01FB2-57B6-4612-89EC-5B19A93E5F43}) (Version: 5.0.4712.3 - CyberLink Corp.)
CyberLink Holiday Pack vol 5 (HKLM-x32\...\InstallShield_{56534024-7852-4F49-A27E-02CF3F2CD540}) (Version: Holiday Pack 5 - CyberLink Corp.)
CyberLink Holiday Pack vol 6 (HKLM-x32\...\InstallShield_{E33E83D2-5B7E-447E-9B02-BBBD47B86389}) (Version: Holiday Pack 6 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.3130.0 - CyberLink Corp.)
CyberLink PowerDirector 13 Content Pack Essential (HKLM-x32\...\InstallShield_{749B310F-A489-439D-9AEF-1332222F2E04}) (Version: 13 Essential - CyberLink Corp.)
CyberLink PowerDirector 13 Content Pack Premium (HKLM-x32\...\InstallShield_{9B866025-5082-4B88-8A62-F6FBBFCBBBA1}) (Version: 13 Premium - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
CyberLink Wedding Pack (HKLM-x32\...\InstallShield_{741635DB-36DA-4BCF-BB52-0F4C1C4E0DFB}) (Version: Wedding Pack - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Dashlane) (Version: 3.5.2.91147 - Dashlane SAS)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
ExpressCache (HKLM\...\{6E55C9F8-138E-4128-8A9F-6464725BE98A}) (Version: 1.0.102.0 - Condusiv Technologies)
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
Free YouTube to MP3 Converter Studio 8.4 (HKLM-x32\...\Free YouTube to MP3 Converter Studio_is1) (Version: - mediaprolab.com)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{C869E3D3-23D3-4102-A5C5-3D33448FC613}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
Icecream PDF Split and Merge version 1.03 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.03 - Icecream Apps)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Image Composite Editor (HKLM\...\{380B7D01-4411-4D5D-AB9A-2A12FA315481}) (Version: 2.0.2 - Microsoft Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Picture It! Photo Premium 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MP3 Splitter & Joiner (HKLM-x32\...\MP3 Splitter & Joiner_is1) (Version: - )
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.4.24 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.0.0.18 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PlayLater (HKLM-x32\...\{132FA3A5-4645-4E5E-BC66-4055F5D1C44C}) (Version: 1.6.9 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{332917AC-ACF7-4619-B5A4-AB722FB6B2F8}) (Version: 3.10.9 - MediaMall Technologies, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6704 - CyberLink Corp.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Special Uninstaller version 3.0 (HKLM-x32\...\{46744C87-EE41-4BA3-A444-C2DECC145FC0}_is1) (Version: 3.0 - www.specialuninstaller.com/)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wise Registry Cleaner 8.65 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.65 - WiseCleaner.com, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3740367901-1813877255-2116710245-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Marcos\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-09-2015 00:00:01 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06CF176D-97C2-4530-A453-A74700ED11DC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {1513CCF0-1D91-443E-B2C1-0992C6232C5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {25309BE1-5150-42D4-BD89-47403FB4D6D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2533D23A-64D1-48A7-A056-1868EB15A558} - System32\Tasks\{14503ABA-CAFB-49E7-BEA7-0A3C36A765BE} => pcalua.exe -a "C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXMH86GV\JavaSetup8u45.exe" -d C:\Users\Marcos\Desktop
Task: {2579E4E3-9018-4BFE-89EA-CDD7CBBF64FA} - System32\Tasks\{4C7EED3A-FE59-4144-A917-B6282C5AAC73} => pcalua.exe -a C:\Users\Marcos\Downloads\sp59291.exe -d C:\Users\Marcos\Downloads
Task: {3E6F6506-6279-4779-B0BD-DDD42175B865} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {4D2593ED-BCED-4962-8C65-AAA6409EFD8B} - System32\Tasks\AdobeAAMUpdater-1.0-HP-DESKTOP-Marcos => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-08-27] (Adobe Systems Incorporated)
Task: {4F532792-B65B-4EB2-BA30-507A8F3BEA98} - System32\Tasks\HPCeeScheduleForMarcos => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {633C0331-3AB6-4E70-8AFD-FB2F1DCBCE03} - System32\Tasks\{D9BE26BC-F1CC-4039-9958-257EDE8614E3} => pcalua.exe -a "C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard\Engine\7.0.0.18\Gear\GEARDIFx.exe" -d C:\Users\Marcos\Downloads -c INSTALL "NBRTWizard" "{A4274214-B468-482e-B2AC-24FCD2365C4B}"
Task: {7F285E3D-3335-4208-BD23-BF8FE8D33676} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2015-07-27] (WiseCleaner.com)
Task: {87D0A9E4-BAAC-4000-9307-AD4456E7D140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {8863804C-62B0-4502-AAB3-E1EEB0B90986} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8E04929B-F057-4A9D-B8B5-299A32C1B2C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8F74098D-F6DB-49C7-A04C-1C66A4937DAB} - System32\Tasks\{6E8E2A7C-02BD-42C1-9064-0BAE3858A687} => pcalua.exe -a C:\Users\Marcos\AppData\Local\Temp\jre-8u51-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau-m FAMILYUPGRADE=1
Task: {9CDD350F-0053-4E4C-827D-F234F802173F} - System32\Tasks\Record Last Comic Standing Starts 7-22
Task: {A0917073-7A65-46A7-9433-5C024D1A69FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {B6403718-753B-4CC8-B9F7-4B30A6CDAB7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B85854AB-F394-4224-B981-6887D64C07F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B9F94D8D-E0EF-46CA-8B77-27743B86FB79} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C8C5D9C2-59EA-47A2-AFF1-998968DAF4FB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {CEC4D15F-09C8-4705-B5BE-5C9BC1EC176D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {D374E73A-5614-4671-8FA7-F274C0C1827F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {D6252A83-3948-44C8-9240-B731C5EA433C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {D7D8F130-F45E-47CC-BE35-351D98461559} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DAC2F22C-4C8C-4716-A31D-964E088CD3EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FF011C1C-1490-412C-9D15-055B0DBC689C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core.job => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA.job => C:\Users\Marcos\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000Core.job => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3740367901-1813877255-2116710245-1000UA.job => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMarcos.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2014-10-07 01:53 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-19 13:12 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-25 11:18 - 2011-10-30 15:02 - 00038912 _____ () C:\Users\Marcos\Desktop\Utilities\RBTray\RBTray-4_3\64bit\RBHook.dll
2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2014-10-13 14:49 - 2015-08-27 09:53 - 00228024 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\Dashlane.exe
2015-07-02 18:37 - 2015-07-02 18:37 - 00049152 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2015-07-02 18:37 - 2015-07-02 18:37 - 01158656 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2015-07-02 18:37 - 2015-07-02 18:37 - 00263680 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2015-07-02 18:37 - 2015-07-02 18:37 - 00111616 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2014-10-13 14:49 - 2015-08-27 09:53 - 00285880 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\DashlanePlugin.exe
2015-07-25 11:18 - 2011-10-30 15:02 - 00045568 _____ () C:\Users\Marcos\Desktop\Utilities\RBTray\RBTray-4_3\64bit\RBTray.exe
2014-10-07 02:05 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2013-12-17 04:42 - 2013-12-17 04:42 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00338104 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00422072 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00443576 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 31364792 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00276664 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 05763768 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 06980280 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 13231800 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 02073272 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.5.2.91147.dll
2015-08-27 09:52 - 2015-08-27 09:52 - 00338616 _____ () C:\Users\Marcos\AppData\Roaming\Dashlane\3.5.2.91147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.5.2.91147.dll
2015-09-30 19:24 - 2015-09-30 19:24 - 00071168 _____ () c:\users\marcos\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnhmoe.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00012800 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00779776 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 00:40 - 2015-08-05 00:26 - 00056320 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00012288 _____ () C:\Users\Marcos\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-09-30 19:24 - 2015-09-30 19:24 - 00098816 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32api.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00110080 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\pywintypes27.dll
2015-09-30 19:24 - 2015-09-30 19:24 - 00364544 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\pythoncom27.dll
2015-09-30 19:24 - 2015-09-30 19:24 - 00045568 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_socket.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 01161216 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_ssl.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00320512 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32com.shell.shell.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00713216 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_hashlib.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 01176576 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._core_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00806400 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._gdi_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00816128 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._windows_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 01067008 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._controls_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00733184 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._misc_.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00682496 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\pysqlite2._sqlite.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00087552 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_ctypes.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00119808 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32file.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00108544 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32security.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00007168 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\hashobjs_ext.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00068096 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\usb_ext.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00167936 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32gui.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00018432 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32event.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00128512 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_elementtree.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00127488 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\pyexpat.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00013824 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\common.time34.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00036864 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_psutil_windows.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00038912 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32inet.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00011264 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32crypt.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00077312 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._html2.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00027136 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_multiprocessing.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00020480 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\_yappi.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00035840 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32process.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00686080 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\unicodedata.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00123392 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._wizard.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00024064 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32pipe.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00010240 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\select.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00025600 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32pdh.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00525640 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\windows._lib_cacheinvalidation.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00017408 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32profile.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00022528 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\win32ts.pyd
2015-09-30 19:24 - 2015-09-30 19:24 - 00078848 _____ () C:\Users\Marcos\AppData\Local\Temp\_MEI40162\wx._animate.pyd
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-09-25 21:54 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 21:54 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Marcos\Documents\White Box.jpg:SummaryInformation
AlternateDataStreams: C:\Users\Marcos\Documents\White Box.jpg:Updt_SummaryInformation
AlternateDataStreams: C:\Users\Marcos\Documents\White Box.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3740367901-1813877255-2116710245-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Marcos\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{213BB2B8-22E3-4BC1-B4E3-88BAB9D6D5BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83235570-6BFF-4A02-BC8F-A192ECC83670}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5C537B69-7FAC-426F-81DC-CB4EA52562E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E3EBC9C-1080-46E6-A8AE-794C0B40028E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CDBDB02-E821-4E75-B51C-0635944EF7DA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{41EBC84D-A0A7-4FD3-B368-C8FEC4FE8DCB}] => (Allow) LPort=2869
FirewallRules: [{9A586F2C-1862-4DC6-8A58-7456FB294938}] => (Allow) LPort=1900
FirewallRules: [{ECBE780D-89D1-47BC-9F06-3A1AD46E4215}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{15500223-4763-4D49-BD29-903E60A40C53}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A54072A4-47D6-46D3-BD0F-F491EE11CE79}] => (Allow) C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3113F523-4DEE-4806-8F8F-1054B325443B}] => (Allow) C:\Users\Marcos\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F284E1B5-E82B-4041-953A-4601B253278D}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{9BB86FD0-ADF3-4941-81C3-AAD606B9B01B}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{A1EB600A-B2A1-423E-9673-2065FD213655}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{F31B66F8-02CB-487B-93C3-352385DC2179}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [{4C49B3D7-13A2-41DD-A14F-B837651F92A1}] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe
FirewallRules: [TCP Query User{D4BD612C-AF43-4AC6-80D4-77B138950A5C}C:\users\marcos\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marcos\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{23B3A6B1-C1EB-40AE-9CA0-41B317C90BCE}C:\users\marcos\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marcos\appdata\local\akamai\netsession_win.exe
FirewallRules: [{98E5B442-1B52-44D2-93E9-5DE117EED17F}] => (Block) C:\users\marcos\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0625507C-FA35-4FBD-9560-FDF1359BAC1C}] => (Block) C:\users\marcos\appdata\local\akamai\netsession_win.exe
FirewallRules: [{550E3C38-12A6-4C95-BFD0-2A06BD031A48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6AA594F7-9595-487E-93C2-9352AE765F82}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2EE6A96E-1CEF-48FF-BE16-F1E0196811ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9F605597-DE56-45CA-84B7-BF47386DF91D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{860E7129-0635-4A4A-A0ED-17000EA38AAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B8B0506F-4C81-4DC6-9CD1-47AA9B8FDBC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9CA0E664-A8C7-4F3D-A556-FE8A5B07F4AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA4708EE-351B-4D3E-9F75-E776952ECE6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15B90582-0845-4817-8417-F2C0AEF142C0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFA7C7BB-2568-4A0D-A282-96303646E8C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8EF804F8-066F-42E8-ABAD-76A3446FE54E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
==================== Faulty Device Manager Devices =============
Name: Broadcom BCM943228HMB 802.11abgn 2x2 Wi-Fi Adapter
Description: Broadcom BCM943228HMB 802.11abgn 2x2 Wi-Fi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/01/2015 03:19:45 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
Error: (10/01/2015 03:19:45 AM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
Error: (10/01/2015 03:19:45 AM) (Source: Application) (EventID: 0) (User: )
Description: Object reference not set to an instance of an object.
Error: (09/30/2015 07:10:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marcos\Downloads\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
Error: (09/30/2015 07:10:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Marcos\Downloads\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
Error: (09/30/2015 06:35:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1204
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Error: (09/27/2015 01:38:16 PM) (Source: Application) (EventID: 0) (User: )
Description: Object reference not set to an instance of an object.
Error: (09/27/2015 01:38:16 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
Error: (09/27/2015 01:38:16 PM) (Source: Application) (EventID: 0) (User: )
Description: Value cannot be null.
Parameter name: key
Error: (09/25/2015 07:19:41 PM) (Source: Application) (EventID: 0) (User: )
Description: Object reference not set to an instance of an object.
System errors:
=============
Error: (09/30/2015 09:31:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (09/30/2015 07:24:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ExpressCache service.
Error: (09/30/2015 07:23:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office ClickToRun Service service failed to start due to the following error:
%%3
Error: (09/30/2015 07:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068
Error: (09/30/2015 07:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (09/30/2015 07:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (09/30/2015 07:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (09/30/2015 07:19:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/30/2015 07:19:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (09/30/2015 07:19:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2014-12-21 09:55:40.586
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:55:40.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:55:40.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.037
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:50:18.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-21 09:42:45.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 52%
Total physical RAM: 8131.2 MB
Available physical RAM: 3825.87 MB
Total Virtual: 16260.61 MB
Available Virtual: 11249.97 MB
==================== Drives ================================
Drive c: (HP-Marcos) (Fixed) (Total:921.3 GB) (Free:686.95 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9.89 GB) (Free:1.2 GB) NTFS
Drive j: (External Backup) (Fixed) (Total:684.44 GB) (Free:264.88 GB) NTFS
Drive k: (External Saved Files) (Fixed) (Total:247.07 GB) (Free:155.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E94DD82F)
Partition: GPT.
Could not read MBR for disk 1.
========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=684.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Thank you in advance for your help.
Scott