Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

chrome.exe *32 in Processes - Numerous Entries - HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 25th, 2016, 9:59 am

Appears I have some malware - internet connection is slow and there are many (10+) entries of chrom.exe*32 in my processes in task manager.

Ran the FRST and did not get an additions.txt file - here is the the frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by Serum Office (administrator) on SERUMOFFICE-PC (25-01-2016 07:53:36)
Running from C:\Users\Serum Office\Downloads
Loaded Profiles: Serum Office (Available Profiles: Serum Office)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformstatus.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(BitTorrent Inc.) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
() C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Dropbox, Inc.) C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(BitTorrent Inc.) C:\Users\Serum Office\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Serum Office\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformcontrib.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformsync.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformupdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Serum Office\Downloads\FRST64 (1).exe
(SoftThinks) C:\Program Files (x86)\Dell Backup and Recovery\Components\OnlineCDP\backup.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-08-27] (Qualcomm®Atheros®)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [Symform Status] => C:\Program Files\Symform\Node Service\symformstatus.exe [412600 2014-11-19] (Symform, Inc.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [Dropbox Update] => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-25] (Dropbox, Inc.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-13] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [uTorrent] => C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\MountPoints2: {f5a87f98-38c3-11e4-b616-142d27a2f006} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-01-24]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-01-24]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-01-24]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk [2015-02-16]
ShortcutTarget: TVMOBiLiArtworkManager.lnk -> C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe ()
Startup: C:\Users\Serum Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6C8F3E9F-687E-4073-A2A5-B842FDF7E3FE}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{90F18143-C777-44D7-99D1-ED3D6FB22876}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={3E03AEFA-FC61-4D57-9A7E-D407F8197E12}&mid=df39672316c447d29a7fc564614619f5-9d507bd3056e0843dcd66eade72857388cb929ae&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-01 06:07:37&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
BHO-x32: IeWebtoptimumPlugin.BHO -> {314cc13e-2027-44ca-838b-546591a01fda} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Serum Office\AppData\Roaming\Mozilla\Firefox\Profiles\xusd85ou.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3131991204-3860928008-3871616040-1000: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Serum Office\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF user.js: detected! => C:\Users\Serum Office\AppData\Roaming\Mozilla\Firefox\Profiles\xusd85ou.default\user.js [2015-12-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Serum Office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-11-11] (Cisco WebEx LLC)
FF Extension: Web Optimum - C:\Users\Serum Office\AppData\Roaming\Mozilla\Firefox\Profiles\xusd85ou.default\Extensions\weboptimum@bscodecs.com [2015-12-19] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\73655B7AD9ED759B7A6B0CBCAA75D9E87365 [2015-12-19] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (PlayOn Plug-in) - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (AVG Secure Search) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-12-26]
CHR Extension: (Google Search) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-12-26]
CHR Extension: (PlayOn) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2015-09-17]
CHR Extension: (SearchLock) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2015-08-20]
CHR Extension: (Gmail) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-08-27] (Windows (R) Win 7 DDK provider) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [802832 2016-01-13] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5933872 2015-09-18] (MediaMall Technologies, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
S4 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 symformcontrib; C:\Program Files\Symform\Node Service\symformcontrib.exe [18872 2014-11-19] (Symform, Inc.)
R2 symformsync; C:\Program Files\Symform\Node Service\symformsync.exe [21944 2014-11-19] (Symform, Inc.)
R2 symformupdater; C:\Program Files\Symform\Node Service\symformupdater.exe [29112 2014-11-19] (Symform, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4377000 2015-12-11] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-16] ()
S3 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]
S2 vToolbarUpdater40.2.4; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-01] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-08-27] (Qualcomm Atheros)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-13] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-04-16] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-07-02] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [60808 2015-07-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-10] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-14] (Elex do Brasil Participações Ltda)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-12-11] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-25 07:53 - 2016-01-25 07:53 - 00029772 _____ C:\Users\Serum Office\Downloads\FRST.txt
2016-01-25 07:49 - 2016-01-25 07:49 - 02370560 _____ (Farbar) C:\Users\Serum Office\Downloads\FRST64 (1).exe
2016-01-25 06:47 - 2016-01-25 06:47 - 01290470 _____ C:\Users\Serum Office\Downloads\f1098eDirect.pdf
2016-01-25 06:15 - 2016-01-25 06:15 - 00000000 ___RD C:\Users\Serum Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-24 13:02 - 2016-01-24 13:02 - 00074240 _____ C:\Users\Serum Office\Downloads\Lesson__1_-_Excel_Intro_-_NAME.xls
2016-01-24 07:14 - 2016-01-24 17:05 - 00000000 ____D C:\Users\Serum Office\Desktop\Laura school 2016
2016-01-24 07:13 - 2016-01-24 07:13 - 00008292 _____ C:\Users\Serum Office\Downloads\Lesson__0_-_Getting__Started.xlsx
2016-01-24 05:30 - 2016-01-24 05:30 - 01077366 _____ C:\Users\Serum Office\Downloads\TaxDocument (2).pdf
2016-01-23 05:13 - 2016-01-23 05:13 - 00235457 _____ C:\Users\Serum Office\Documents\CZP0y4EUYAAVAGB (1).jpg-large
2016-01-22 13:05 - 2016-01-22 13:06 - 07870026 _____ C:\Users\Serum Office\Downloads\hahahahaa.pdf
2016-01-22 07:03 - 2016-01-22 07:03 - 01195141 _____ C:\Users\Serum Office\Downloads\Michael Serum_Signed.pdf
2016-01-22 07:01 - 2016-01-22 07:01 - 01195141 _____ C:\Users\Serum Office\Documents\Michael Serum_Signed.pdf
2016-01-22 06:55 - 2016-01-22 06:55 - 00094107 _____ C:\Users\Serum Office\Downloads\Mike Serum (4).pdf
2016-01-22 05:33 - 2016-01-22 05:33 - 00094107 _____ C:\Users\Serum Office\Downloads\Mike Serum (3).pdf
2016-01-21 15:40 - 2016-01-21 15:40 - 00000516 _____ C:\Users\Serum Office\Downloads\appointment623718122.vcs
2016-01-21 15:39 - 2016-01-21 15:39 - 00094107 _____ C:\Users\Serum Office\Downloads\Mike Serum (2).pdf
2016-01-21 15:16 - 2016-01-21 15:16 - 00094105 _____ C:\Users\Serum Office\Downloads\Mike Serum (1).pdf
2016-01-21 06:52 - 2016-01-21 06:52 - 05719494 _____ C:\Users\Serum Office\Downloads\St Lukes IVR Proposal_012116.pptx
2016-01-21 06:16 - 2016-01-21 06:17 - 84475352 _____ (Sling Media) C:\Users\Serum Office\Downloads\DishAnywhere-Desktop (1).exe
2016-01-20 06:18 - 2016-01-20 06:18 - 00241404 _____ C:\Users\Serum Office\Downloads\ZM Background Check Auth.pdf
2016-01-20 06:18 - 2016-01-20 06:18 - 00123938 _____ C:\Users\Serum Office\Downloads\ZM Application 2015.pdf
2016-01-20 06:16 - 2016-01-20 06:16 - 00094400 _____ C:\Users\Serum Office\Downloads\Mike Serum.pdf
2016-01-19 14:27 - 2016-01-19 14:27 - 00093470 _____ C:\Users\Serum Office\Downloads\%5BExxxtraSmall%5D+Piper+Perri+-+Pipers+Prison+Pen+Pal+%5B720p%5D.torrent
2016-01-19 14:27 - 2016-01-19 14:27 - 00052385 _____ C:\Users\Serum Office\Downloads\%5BNubiles-Porn%5D+Piper+Perri+-+School+Girl+Flogging.torrent
2016-01-19 09:38 - 2016-01-19 11:10 - 00736006 _____ C:\Users\Serum Office\Downloads\St Lukes IVR Proposal_012116 DRAFT.pptx
2016-01-19 09:28 - 2016-01-19 09:28 - 05747491 _____ C:\Users\Serum Office\Downloads\St Lukes_110215_v2 JMR Additions (002).pptx
2016-01-19 08:52 - 2016-01-19 08:52 - 00032298 ____H C:\Users\Serum Office\Downloads\~WRL0004.tmp
2016-01-17 18:49 - 2016-01-17 18:50 - 00000000 ____D C:\Users\Serum Office\AppData\Local\Garmin_Ltd._or_its_subsid
2016-01-17 18:49 - 2016-01-17 18:49 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-01-17 18:49 - 2016-01-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-17 18:47 - 2016-01-17 18:48 - 43871968 _____ (Garmin Ltd or its subsidiaries) C:\Users\Serum Office\Downloads\GarminExpressInstaller.exe
2016-01-17 13:45 - 2016-01-17 13:45 - 06475572 _____ C:\Users\Serum Office\Downloads\The+Millionaire+Maker.pdf
2016-01-17 10:47 - 2016-01-17 10:47 - 00000806 _____ C:\Users\Public\Desktop\YacWifi.lnk
2016-01-17 10:44 - 2016-01-17 10:44 - 00001899 _____ C:\Users\Public\Desktop\YAC Desktop.lnk
2016-01-17 10:44 - 2016-01-17 10:44 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\eCyber
2016-01-17 10:17 - 2016-01-17 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2016-01-17 10:17 - 2016-01-17 10:17 - 01258432 _____ (AVG Technologies CZ) C:\Users\Serum Office\Downloads\avg_remover_poweliks.exe
2016-01-17 10:17 - 2016-01-17 10:17 - 00001908 _____ C:\Users\Public\Desktop\YAC.lnk
2016-01-17 10:17 - 2016-01-17 10:17 - 00000000 ____D C:\Windows\system32\log
2016-01-17 10:17 - 2015-04-16 02:55 - 00053568 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2016-01-17 10:17 - 2015-04-14 03:01 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2016-01-17 10:15 - 2016-01-17 10:15 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Elex-tech
2016-01-17 10:15 - 2016-01-17 10:15 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-01-17 10:14 - 2016-01-17 10:15 - 27249352 _____ (Elex do Brasil Participações Ltda) C:\Users\Serum Office\Downloads\yet_another_cleaner_cnet (1).exe
2016-01-17 10:03 - 2016-01-17 10:03 - 27249352 _____ (Elex do Brasil Participações Ltda) C:\Users\Serum Office\Downloads\yet_another_cleaner_cnet.exe
2016-01-17 09:59 - 2016-01-17 09:59 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-17 09:59 - 2016-01-17 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-17 09:58 - 2016-01-17 09:58 - 02895480 _____ (AVG Technologies) C:\Users\Serum Office\Downloads\AVG_Performance_1129.exe
2016-01-15 15:27 - 2016-01-15 15:27 - 00646151 _____ C:\Users\Serum Office\Downloads\Statement_Dec 2015 (2).pdf
2016-01-15 15:24 - 2016-01-15 15:24 - 00646150 _____ C:\Users\Serum Office\Downloads\Statement_Dec 2015 (1).pdf
2016-01-15 11:57 - 2016-01-15 12:00 - 00019455 _____ C:\Users\Serum Office\Downloads\AHA-Leads-2015.xlsx
2016-01-15 11:56 - 2016-01-15 11:56 - 00234939 _____ C:\Users\Serum Office\Downloads\message (10).html
2016-01-15 11:42 - 2016-01-15 11:42 - 00234074 _____ C:\Users\Serum Office\Downloads\message.html
2016-01-15 08:54 - 2016-01-15 08:54 - 00095728 _____ C:\Users\Serum Office\Downloads\Serum - PC Cancelation Form 1-13-2016 (1).pdf
2016-01-15 06:47 - 2016-01-15 06:47 - 00015141 _____ C:\Users\Serum Office\Downloads\Brooklyn.2015.DVDScr.XviD-ETRG.torrent
2016-01-15 06:45 - 2016-01-15 06:45 - 00079902 _____ C:\Users\Serum Office\Downloads\Selma+2014+DVDRip+XviD+EVO.torrent
2016-01-15 06:43 - 2016-01-15 06:43 - 00015282 _____ C:\Users\Serum Office\Downloads\The.Hateful.Eight.2015.DVDSCR.XviD.AC3-ETRG.torrent
2016-01-15 06:42 - 2016-01-15 06:42 - 00118540 _____ C:\Users\Serum Office\Downloads\The.Intern.2015.HDRip.XviD.AC3-EVO.torrent
2016-01-15 06:41 - 2016-01-15 06:41 - 00144041 _____ C:\Users\Serum Office\Downloads\Creed.2015.DVDScr.XVID.AC3.HQ.Hive-CM8.torrent
2016-01-15 06:16 - 2016-01-15 06:16 - 00032025 _____ C:\Users\Serum Office\Downloads\In+The+Heart+of+the+Sea+2015+DVDscr+x264-OmiTube.mkv.torrent
2016-01-15 05:58 - 2016-01-15 05:58 - 00015247 _____ C:\Users\Serum Office\Downloads\The.Revenant.2015.DVDScr.XviD.AC3-ETRG.torrent
2016-01-14 20:24 - 2016-01-14 20:24 - 00015733 _____ C:\Users\Serum Office\Downloads\Marvin+Gaye+%26lrm%3B%26ndash%3B+The+Very+Best+Of+Marvin+Gaye+2-CD+Set.torrent
2016-01-14 20:21 - 2016-01-14 20:21 - 00015315 _____ C:\Users\Serum Office\Downloads\Marvin+Gaye+-+Motown%27s+Greatest+Hits+%40320.torrent
2016-01-14 12:25 - 2016-01-14 12:25 - 00095728 _____ C:\Users\Serum Office\Downloads\Serum - PC Cancelation Form 1-13-2016.pdf
2016-01-13 19:30 - 2016-01-13 19:30 - 00014969 _____ C:\Users\Serum Office\Downloads\Experimenter+2015+HDRip+XviD+AC3-EVO.torrent
2016-01-13 16:26 - 2016-01-13 16:26 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Atheros
2016-01-13 16:26 - 2016-01-13 16:26 - 00000000 ____D C:\ProgramData\Atheros
2016-01-13 16:14 - 2016-01-13 16:14 - 00000938 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-01-13 14:43 - 2016-01-13 14:45 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2016-01-13 14:43 - 2016-01-13 14:43 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-13 14:43 - 2016-01-13 14:43 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-13 14:43 - 2016-01-13 14:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2016-01-13 14:41 - 2014-05-13 21:06 - 00440320 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-01-12 22:56 - 2015-12-23 17:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-12 22:56 - 2015-12-23 16:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-12 22:56 - 2015-12-12 12:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 22:56 - 2015-12-12 12:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 22:56 - 2015-12-12 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-12 22:56 - 2015-12-12 12:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-12 22:56 - 2015-12-12 12:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 22:56 - 2015-12-12 12:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 22:56 - 2015-12-12 12:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 22:56 - 2015-12-12 12:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-12 22:56 - 2015-12-12 12:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-12 22:56 - 2015-12-12 12:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 22:56 - 2015-12-12 12:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 22:56 - 2015-12-12 12:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-12 22:56 - 2015-12-12 12:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 22:56 - 2015-12-12 12:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 22:56 - 2015-12-12 12:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 22:56 - 2015-12-12 12:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-12 22:56 - 2015-12-12 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 22:56 - 2015-12-12 12:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-12 22:56 - 2015-12-12 11:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-12 22:56 - 2015-12-12 11:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 22:56 - 2015-12-12 11:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-12 22:56 - 2015-12-12 11:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 22:56 - 2015-12-12 11:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-12 22:56 - 2015-12-12 11:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 22:56 - 2015-12-12 11:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 22:56 - 2015-12-12 11:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 22:56 - 2015-12-12 11:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-12 22:56 - 2015-12-12 11:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-12 22:56 - 2015-12-12 11:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-12 22:56 - 2015-12-12 11:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-12 22:56 - 2015-12-12 11:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-12 22:56 - 2015-12-12 11:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-12 22:56 - 2015-12-12 11:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-12 22:56 - 2015-12-12 11:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-12 22:56 - 2015-12-12 11:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-12 22:56 - 2015-12-12 11:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 22:56 - 2015-12-12 11:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-12 22:56 - 2015-12-12 11:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-12 22:56 - 2015-12-12 11:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-12 22:56 - 2015-12-12 11:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 22:56 - 2015-12-12 11:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-12 22:56 - 2015-12-12 11:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-12 22:56 - 2015-12-12 11:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 22:56 - 2015-12-12 11:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-12 22:56 - 2015-12-12 11:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 22:56 - 2015-12-12 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 22:56 - 2015-12-12 11:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-12 22:56 - 2015-12-12 11:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-12 22:56 - 2015-12-12 11:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-12 22:56 - 2015-12-12 11:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 22:56 - 2015-12-12 11:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-12 22:56 - 2015-12-12 11:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 22:56 - 2015-12-12 11:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-12 22:56 - 2015-12-12 11:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 22:56 - 2015-12-12 11:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-12 22:56 - 2015-12-12 11:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-12 22:56 - 2015-12-12 11:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 22:56 - 2015-12-12 10:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 22:56 - 2015-12-12 10:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 22:56 - 2015-12-12 10:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 22:56 - 2015-12-12 10:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 22:56 - 2015-12-12 10:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 22:56 - 2015-12-11 12:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 22:56 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 22:56 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-12 22:56 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 22:56 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-12 22:56 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-12 22:56 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-12 22:56 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-12 22:56 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-12 22:56 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 22:56 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-12 22:56 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-12 22:56 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-12 22:56 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-12 22:56 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-12 22:56 - 2015-12-08 11:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-12 22:56 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-12 22:56 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-12 22:56 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-12 22:56 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-12 22:56 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-12 22:56 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-12 22:54 - 2015-12-30 13:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 22:54 - 2015-12-30 13:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 22:54 - 2015-12-30 13:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-12 22:54 - 2015-12-30 13:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-12 22:54 - 2015-12-30 13:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-12 22:54 - 2015-12-30 12:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-12 22:54 - 2015-12-30 12:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 22:54 - 2015-12-30 12:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-12 22:54 - 2015-12-30 12:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 22:54 - 2015-12-30 12:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-12 22:54 - 2015-12-30 12:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-12 22:54 - 2015-12-30 12:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-12 22:54 - 2015-12-30 12:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-12 22:54 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-12 22:54 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-12 22:54 - 2015-12-30 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-12 22:54 - 2015-12-30 12:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-12 22:54 - 2015-12-30 12:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-12 22:54 - 2015-12-30 12:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 22:54 - 2015-12-30 12:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-12 22:54 - 2015-12-30 12:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-12 22:54 - 2015-12-30 12:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 22:54 - 2015-12-30 12:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-12 22:54 - 2015-12-30 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-12 22:54 - 2015-12-30 12:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-12 22:54 - 2015-12-30 12:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 11:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-12 22:54 - 2015-12-30 11:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-12 22:54 - 2015-12-30 11:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-12 22:54 - 2015-12-30 11:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-12 22:54 - 2015-12-30 11:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 22:54 - 2015-12-30 11:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-12 22:54 - 2015-12-30 11:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 22:54 - 2015-12-30 11:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-12 22:54 - 2015-12-30 11:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-12 22:54 - 2015-12-30 11:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-12 22:54 - 2015-12-30 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-12 22:54 - 2015-12-30 11:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-12 22:54 - 2015-12-30 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 22:54 - 2015-12-30 11:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-12 22:54 - 2015-12-30 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-12 22:54 - 2015-12-08 15:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 22:54 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 22:54 - 2015-12-08 13:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 22:54 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 22:54 - 2015-11-16 19:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 22:54 - 2015-11-16 19:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 22:54 - 2015-11-16 19:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 22:54 - 2015-11-16 19:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 22:54 - 2015-11-16 19:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 22:54 - 2015-11-16 19:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 22:54 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-11 16:26 - 2016-01-11 16:26 - 00215125 _____ C:\Users\Serum Office\Downloads\470005870039728.pdf
2016-01-11 06:18 - 2016-01-11 15:03 - 00272896 _____ C:\Users\Serum Office\Documents\2016_A.xlsx
2016-01-05 10:27 - 2016-01-05 10:27 - 00007032 _____ C:\Users\Serum Office\Downloads\Holmquist
2016-01-04 15:13 - 2016-01-04 15:13 - 00016295 _____ C:\Users\Serum Office\Downloads\Bridge.of.Spies.2015.HDRip.XviD.AC3-EVO.torrent
2016-01-04 15:11 - 2016-01-04 15:11 - 00019431 _____ C:\Users\Serum Office\Downloads\Black+Mass+%282015%29+720p+HC+HDRip+900MB+-+MkvCage.torrent
2016-01-02 18:16 - 2016-01-02 18:16 - 06905461 _____ C:\Users\Serum Office\Downloads\Quick Start Guide.pdf
2015-12-31 15:21 - 2016-01-25 06:14 - 00000000 ____D C:\Users\Serum Office\AppData\LocalLow\uTorrent
2015-12-31 09:53 - 2015-12-31 09:53 - 00046472 _____ C:\Users\Serum Office\Downloads\The Plantation Golf and Country Club Info.pdf
2015-12-30 13:22 - 2015-12-30 13:22 - 00748738 _____ C:\Users\Serum Office\Downloads\Attachments_20151230.zip
2015-12-30 09:58 - 2015-12-30 09:58 - 00014785 _____ C:\Users\Serum Office\Downloads\MMM_Men.xlsx
2015-12-29 06:34 - 2015-12-29 06:34 - 00646158 _____ C:\Users\Serum Office\Downloads\Statement_Dec 2015.pdf
2015-12-28 11:34 - 2015-12-28 11:34 - 16187038 _____ C:\Users\Serum Office\Downloads\MostWired_2015 (3).pdf
2015-12-28 11:34 - 2015-12-28 11:34 - 00113432 _____ C:\Users\Serum Office\Downloads\2015MostWiredSurvey.pdf
2015-12-28 11:33 - 2015-12-28 11:34 - 16187038 _____ C:\Users\Serum Office\Downloads\MostWired_2015 (2).pdf
2015-12-28 11:33 - 2015-12-28 11:33 - 00213402 _____ C:\Users\Serum Office\Downloads\MostWiredWinnersbyState2015.pdf
2015-12-28 11:14 - 2015-12-28 11:14 - 00308376 _____ C:\Users\Serum Office\Downloads\84991_MICHAEL_SERUM_Sep-30-2015.pdf
2015-12-28 10:42 - 2015-12-28 10:42 - 00207344 _____ C:\Users\Serum Office\Downloads\Attachments_20151228.zip
2015-12-28 10:42 - 2015-12-28 10:42 - 00207344 _____ C:\Users\Serum Office\Downloads\Attachments_20151228 (1).zip
2015-12-28 06:03 - 2015-12-28 06:03 - 04522972 _____ C:\Users\Serum Office\Documents\garmin fenix manual sapphire fenix3_OM_EN.pdf
2015-12-28 05:45 - 2015-12-28 05:45 - 00019484 _____ C:\Users\Serum Office\Downloads\SecureMessageAtt (2).html
2015-12-27 15:22 - 2015-12-27 15:22 - 00279355 _____ C:\Users\Serum Office\Documents\Brendan Serum Garmin.pdf
2015-12-26 06:02 - 2015-12-26 06:02 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\SlingMedia
2015-12-26 06:02 - 2015-12-26 06:02 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DISH Anywhere Video Player
2015-12-26 06:02 - 2015-12-26 06:02 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\DISH Anywhere
2015-12-26 06:02 - 2015-12-26 06:02 - 00000000 ____D C:\Users\Serum Office\AppData\LocalLow\DISH Anywhere
2015-12-26 06:02 - 2015-12-26 06:02 - 00000000 ____D C:\Program Files (x86)\DishAnywhereDesktop
2015-12-26 06:00 - 2015-12-26 06:01 - 83112048 _____ (Sling Media) C:\Users\Serum Office\Downloads\DishAnywhere-Desktop.exe
2015-12-26 05:52 - 2015-12-26 05:52 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Sling Media
2015-12-26 05:51 - 2015-12-26 05:51 - 00000000 ____D C:\Program Files (x86)\Sling Media

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-25 07:53 - 2015-12-19 16:59 - 00000000 ____D C:\FRST
2016-01-25 07:51 - 2014-08-10 12:45 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\uTorrent
2016-01-25 07:51 - 2014-04-26 17:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-25 07:50 - 2015-06-25 19:39 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000UA.job
2016-01-25 07:49 - 2009-07-13 23:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-25 07:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-01-25 07:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-25 07:09 - 2014-08-10 12:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-25 06:23 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-25 06:23 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-25 06:22 - 2014-08-10 12:16 - 00000000 ____D C:\ProgramData\softthinks
2016-01-25 06:22 - 2014-04-26 17:36 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-01-25 06:17 - 2015-02-17 17:48 - 00000000 ____D C:\ProgramData\MediaMall
2016-01-25 06:17 - 2014-10-28 17:44 - 00000000 ___RD C:\Users\Serum Office\Dropbox
2016-01-25 06:17 - 2014-10-28 15:21 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Dropbox
2016-01-25 06:17 - 2014-08-10 12:38 - 00000000 ____D C:\ProgramData\MFAData
2016-01-25 06:13 - 2014-08-10 12:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-25 06:13 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-25 06:08 - 2015-10-05 06:49 - 00273408 _____ C:\Users\Serum Office\Documents\2016.xlsx
2016-01-24 17:13 - 2014-12-31 05:17 - 00000000 ____H C:\Users\Serum Office\Documents\FD5ED0B4E896BE9E.dat
2016-01-24 13:57 - 2015-06-25 19:39 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000Core.job
2016-01-24 10:53 - 2015-11-12 09:24 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-01-24 09:32 - 2014-08-10 12:20 - 00000000 ____D C:\Users\Serum Office\AppData\Local\Microsoft Help
2016-01-21 16:51 - 2014-04-26 17:17 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-21 16:51 - 2014-04-26 17:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-21 16:51 - 2014-04-26 17:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-21 15:14 - 2014-08-12 03:40 - 00000000 ____D C:\Users\Serum Office\AppData\Local\CrashDumps
2016-01-21 08:19 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-21 08:17 - 2014-10-29 03:57 - 00000000 ____D C:\Users\Serum Office\Documents\INcome Tax
2016-01-21 06:20 - 2014-09-08 17:53 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-20 06:07 - 2015-06-16 06:02 - 00000000 ____D C:\Users\Serum Office\Documents\AMC
2016-01-19 14:46 - 2014-08-10 18:09 - 00000000 ____D C:\Users\Serum Office\Desktop\Torrent
2016-01-19 06:43 - 2014-07-28 06:55 - 00000000 ____D C:\Users\Serum Office\Desktop\Steve Kopech
2016-01-18 16:39 - 2014-08-10 12:14 - 00000000 ____D C:\Users\Serum Office\Documents\Bluetooth Folder
2016-01-18 15:11 - 2014-08-10 13:09 - 00000000 ____D C:\Users\Serum Office\AppData\Local\ElevatedDiagnostics
2016-01-17 18:49 - 2014-09-08 17:54 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-17 18:48 - 2014-09-08 17:54 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-01-17 10:43 - 2015-10-15 17:17 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\tixati
2016-01-17 10:43 - 2011-02-10 08:25 - 00000000 ____D C:\dell
2016-01-17 10:28 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-17 10:17 - 2015-12-19 16:38 - 00001489 _____ C:\Users\Serum Office\Desktop\Google Chrome.lnk
2016-01-17 10:06 - 2014-08-10 13:15 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\HpUpdate
2016-01-17 10:06 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-01-17 10:00 - 2015-12-02 13:03 - 00000000 ____D C:\Users\Serum Office\AppData\Local\AvgSetupLog
2016-01-17 09:59 - 2015-12-19 06:36 - 00000000 ____D C:\ProgramData\Avg
2016-01-17 09:59 - 2014-09-01 05:08 - 00000000 ____D C:\Users\Serum Office\AppData\Local\AVG Web TuneUp
2016-01-17 09:59 - 2014-08-10 12:40 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-15 08:22 - 2015-01-13 20:44 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Anvsoft
2016-01-13 16:27 - 2015-06-02 07:48 - 00000000 ____D C:\Users\Serum Office\AppData\Local\Avg
2016-01-13 16:24 - 2014-09-30 13:03 - 00000000 ____D C:\ProgramData\AVG2015
2016-01-13 16:24 - 2014-04-26 17:23 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2016-01-13 16:15 - 2015-12-19 06:38 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\AVG
2016-01-13 16:15 - 2015-06-29 08:01 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-13 16:15 - 2014-08-10 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-13 16:15 - 2014-08-10 12:41 - 00000000 ___HD C:\$AVG
2016-01-13 14:41 - 2014-04-26 17:23 - 00000000 ____D C:\Windows\system32\nn-NO
2016-01-13 14:40 - 2014-04-26 17:22 - 00000000 ____D C:\ProgramData\Dell
2016-01-13 04:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 03:30 - 2009-07-13 22:45 - 00327184 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 03:29 - 2015-02-18 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 03:29 - 2015-02-18 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 03:27 - 2014-12-10 03:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 03:27 - 2014-08-11 17:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 03:11 - 2015-02-18 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 03:11 - 2014-08-10 12:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 03:10 - 2015-03-27 13:00 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 03:03 - 2015-03-27 13:00 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-04 15:28 - 2014-08-10 12:37 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\vlc
2015-12-31 21:13 - 2014-10-04 17:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-30 08:27 - 2015-06-16 05:39 - 00294912 _____ C:\Users\Serum Office\Documents\Copy of 2015.xlsx

==================== Files in the root of some directories =======

2015-02-21 12:00 - 2015-02-21 12:00 - 0003471 _____ () C:\Users\Serum Office\AppData\Roaming\QBFileDrTool.log
2015-10-26 05:48 - 2015-10-26 05:48 - 0000787 _____ () C:\Users\Serum Office\AppData\Local\recently-used.xbel
2014-08-10 13:14 - 2014-08-10 13:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-04-26 17:28 - 2014-04-26 17:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-30 12:18 - 2015-01-30 12:30 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-06-19 11:09 - 2015-06-19 11:09 - 0005038 _____ () C:\ProgramData\wmzddnmb.cix

Some files in TEMP:
====================
C:\Users\Serum Office\AppData\Local\Temp\avg-b5094b59-99f0-4451-885e-857dfeb0be66.exe
C:\Users\Serum Office\AppData\Local\Temp\avguirn_08492822995.exe
C:\Users\Serum Office\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-21 16:39
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am
Advertisement
Register to Remove

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 25th, 2016, 6:40 pm

Hi mbserum,

Computer Usage
Please tell me what you primarily use this computer for.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 25th, 2016, 8:46 pm

This is a home PC that I use for email, spreadhseets and internet browsing.

Thank you!

Mike3
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 25th, 2016, 9:27 pm

C:\FRST
Go to this folder and post the additions.txt file that was ran on the 19th of December, 2015. This is why one was not generated today.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 25th, 2016, 9:46 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-12-2015
Ran by Serum Office (2015-12-19 17:00:32)
Running from C:\Users\Serum Office\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-08-10 18:09:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3131991204-3860928008-3871616040-500 - Administrator - Disabled)
Guest (S-1-5-21-3131991204-3860928008-3871616040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3131991204-3860928008-3871616040-1002 - Limited - Enabled)
Serum Office (S-1-5-21-3131991204-3860928008-3871616040-1000 - Administrator - Enabled) => C:\Users\Serum Office

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Amazon Cloud Drive) (Version: 2.5.2.40 - Amazon Digital Services, LLC.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.4 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AnySend (HKLM-x32\...\ASPackage) (Version: - CMI Limited) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4489 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.13.1.47453 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.13.3 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.4.155 - AVG Technologies)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2907.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
Dropbox (HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Eraser 6.2.0.2969 (HKLM\...\{66AB13EA-E7D2-4CFC-9B66-8E9EE44C89EE}) (Version: 6.2.2969 - The Eraser Project)
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
GamesDesktop 025.021010181 (HKLM-x32\...\gmsd_us_021010181_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Instagram Downloader (HKLM-x32\...\{9DFA525A-6D12-444B-8F5A-63E2947FFC5D}) (Version: 2.3.0.0 - iWesoft)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{928EE567-49F9-4082-A7B3-9BB82CD3C0FE}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyMedia (HKLM-x32\...\{083D6ABD-49D9-4664-A0DC-887A66A1A0FD}) (Version: 3.10.21 - MediaMall Technologies, Inc.)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
Port Forward Network Utilities 2.0.1 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.1 - Portforward.com)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2014 (HKLM-x32\...\{48DCE40F-BD78-4EEA-B810-6F371716A5DD}) (Version: 24.0.4008.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.1.11 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD)
SpyHunter (HKLM-x32\...\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}) (Version: 4.15.1.4270 - Enigma Software Group USA, LLC)
Streamline Your Debt (HKLM-x32\...\{0E63A3B1-F4C2-4D26-9B50-C3C07C525DB6}) (Version: 1.0.0 - StreamLine Your Debt)
Symform (HKLM\...\{73EDDF5E-CE9E-4A77-917F-58BBA5110300}) (Version: 4.24.0.0 - Symform, Inc.)
Tixati (HKLM-x32\...\tixati) (Version: - )
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TVMOBiLi (HKLM-x32\...\TVMOBiLi) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
ViewSonic Windows 7 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebOptimum (x32 Version: 1.0.0.0 - bscodecs.com) Hidden
WebOptimum 1.0 (HKLM-x32\...\WebOptimum) (Version: 1.0 - WebOptimum)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File

==================== Restore Points =========================

16-12-2015 18:22:11 Scheduled Checkpoint
18-12-2015 03:00:10 Windows Update
19-12-2015 16:26:47 Removed iSEEK AnswerWorks English Runtime
19-12-2015 16:42:59 Installed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-12-19 16:49 - 00000931 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {128C22E5-B0E4-42C0-BD74-82B2BF8C4F20} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {307BE6EF-04DA-4E90-B182-BFD6DC5D2BB6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {380DF6C1-3FC5-40E2-B43A-B4029FE9BA61} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {43CD070B-3F36-4AA2-95D6-A770D74D8529} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {547A0D5A-29DB-4CCB-A108-15316AEAB457} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {6187E8BC-0094-4369-BF6D-C2960B00EDFF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {62966042-AF2B-4B0A-94E5-0404C9428496} - System32\Tasks\{9F8768BB-724E-4CFB-B2AF-F25CA21B85E3} => pcalua.exe -a "C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {8024CB1D-A3AB-4FC7-8917-38B2689615B7} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {83626D15-90D9-4416-8270-F93C6DEDACF0} - System32\Tasks\Form Camera2 => Rundll32.exe "C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\kevsod.dll",#1 <==== ATTENTION
Task: {8737045B-8BD0-42E6-B8B5-4A394AE45C8B} - System32\Tasks\WOUP => C:\Program Files (x86)\WebOptimum\opt.exe
Task: {96B11535-49D1-4882-8BE7-6DAD4CC8913F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000UA => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {98CA0071-D43B-4527-8342-D87CF79A903B} - System32\Tasks\Form Camera => Rundll32.exe "C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\FormCamera.dll",#1 <==== ATTENTION
Task: {99BC8774-F47D-4AD0-9A29-DF34F76A1AC4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {A13C3458-297C-45C0-A971-D9C03895D465} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-12-19] ()
Task: {AD65894F-E7CD-4EC4-B100-AC1A51F7A6F7} - System32\Tasks\SymformServicesRestart => C:\Program Files\Symform\Node Service\symform.restart.cmd [2014-10-08] ()
Task: {B4CE8B38-8EAE-42A9-83AD-EF722A9A5165} - System32\Tasks\SymformLogUploader => C:\Program Files\Symform\Node Service\LogUploader.exe [2014-11-19] (Symform, Inc.)
Task: {BAD5CAA8-045F-48D6-8A0D-26A1D01EC238} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C217A95D-72CA-4D78-9434-92B5B2C2FCF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {E27C6336-7E92-429C-B6CA-BDBDF571F41B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000Core => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {ECB9C1D0-45B6-41B9-89E2-4D300A5E6556} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F41F011B-8BF9-4105-BBD9-AD2744F25DD0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000Core.job => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000UA.job => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-16 11:53 - 2015-12-16 08:32 - 01164688 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-02 08:51 - 2013-07-02 08:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-12-16 08:32 - 2015-12-16 08:32 - 00192912 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe
2014-12-01 13:39 - 2014-12-01 13:39 - 00069120 _____ () C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
2014-09-01 05:07 - 2015-12-16 08:32 - 02814864 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-09-18 12:37 - 2014-07-02 20:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-11-12 09:23 - 2015-10-27 23:40 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2015-11-12 09:23 - 2015-10-27 23:40 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2015-12-19 16:50 - 2015-12-19 16:49 - 00612870 _____ () C:\Program Files (x86)\4C4C4544-1450565426-5A10-8057-B2C04F563032\vnsv5F9E.tmp
2015-12-19 15:17 - 2015-12-19 15:17 - 00599552 _____ () C:\Program Files (x86)\4C4C4544-1450565426-5A10-8057-B2C04F563032\knsf89CD.tmpfs
2015-12-19 15:33 - 2015-12-19 15:33 - 00153392 _____ () C:\Users\Serum Office\AppData\Local\Temp\nsoA43A.tmp
2015-12-16 08:32 - 2015-12-16 08:32 - 00533904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\log4cplusU.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-12-11 20:35 - 2015-10-30 18:59 - 00034768 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00019408 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00022848 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00023352 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00042296 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00116688 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 20:35 - 2015-10-30 18:59 - 00093640 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00018376 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00019760 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00105928 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00392144 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 20:35 - 2015-12-08 15:36 - 00381752 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00692688 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00020816 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00109520 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 01737032 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00020808 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00020800 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00021840 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00038696 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00024528 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00020936 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00114640 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00021320 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00124880 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00030160 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00043472 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00175560 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00028616 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00024016 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00048592 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00024392 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00036296 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 20:35 - 2015-10-30 19:00 - 00024016 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00117056 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00023376 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00134608 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00134088 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00240584 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00020280 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00052024 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00021304 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00350152 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00084792 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 20:35 - 2015-12-08 15:36 - 01826608 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00083912 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 03891504 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 01950000 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00519984 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00133936 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00225080 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00207672 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00024904 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00486704 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00357680 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 15:45 - 2015-10-30 19:01 - 00019920 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 15:45 - 2015-10-30 19:00 - 00786904 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 23:51 - 2015-10-30 19:00 - 00063448 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 15:45 - 2015-10-30 19:00 - 00019408 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-04-26 17:20 - 2013-12-09 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-18 12:37 - 2014-07-30 16:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-04-26 17:36 - 2012-11-25 08:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 12:37 - 2012-11-25 22:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-12-19 06:36 - 2015-12-19 06:35 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-01-13 20:44 - 2015-04-24 19:50 - 00011264 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\avcstats.dll
2015-01-13 20:44 - 2015-04-24 19:48 - 00196622 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\avdevice-55.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 12445710 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\avcodec-55.dll
2015-01-13 20:44 - 2015-04-24 19:48 - 02518899 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\libfreetype-6.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00304654 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\avutil-52.dll
2015-01-13 20:44 - 2015-04-24 19:48 - 01224206 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\avfilter-3.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00768416 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\libfontconfig-1.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00441369 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\libexpat-1.dll
2015-01-13 20:44 - 2015-04-24 19:48 - 01824270 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\avformat-55.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00186382 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\postproc-52.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00098318 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\swresample-0.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00407054 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\swscale-2.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00303616 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\SDL.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00027136 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\SDL_ttf.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00051200 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\SDL_image.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00174080 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\libpng15-15.dll
2015-07-10 09:07 - 2015-04-24 19:49 - 00117760 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\findSector.dll
2015-07-10 09:07 - 2015-04-24 19:49 - 00084992 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\ParseDVD.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00362029 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\sqlite3.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 01507328 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\interFunc.dll
2015-01-13 20:44 - 2015-04-24 19:49 - 00478720 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\tag.dll
2015-01-13 20:44 - 2015-09-18 14:20 - 00434688 _____ () C:\Program Files (x86)\Anvsoft\Any Video Converter\DuiLib_u.dll
2015-12-16 16:11 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 16:11 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-19 16:42 - 2015-12-19 16:42 - 00028160 _____ () C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\FormCamera.dll
2015-12-19 16:50 - 2015-12-19 16:50 - 00011264 _____ () C:\Users\Serum Office\AppData\Local\Temp\nsa8035.tmp\System.dll
2015-12-19 16:50 - 2015-12-19 16:50 - 00117248 _____ () C:\Users\Serum Office\AppData\Local\Temp\nsa8035.tmp\IpConfig.dll
2015-12-19 16:59 - 2015-12-19 16:59 - 00022016 _____ () C:\Users\Serum Office\AppData\Local\Temp\nstA5DC.tmp\inetc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\95641836.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\95641836.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Serum Office\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A2C4E96D-8484-40E4-B361-F4921BA2C973}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2ADD17A0-CA5C-4F4B-920B-0C4741092941}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C71C53E4-6EFC-48B5-AA8D-436958609E64}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{452A21EF-3F29-4B26-8DE7-5924F7C4DB69}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{DB80741D-B0DB-4745-9A07-4B521C85D9BD}] => (Allow) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13DF95E5-4ED9-41B9-9CDF-F2986E921A58}] => (Allow) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C545D861-7538-4BC3-A97C-99ED5128F98C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{B4FCB652-247F-4513-85B7-BFBD7D1968A8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{85F7D2F1-6E53-4E55-A020-8EB6825CE4A6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{6BB73B1A-7C94-45C1-A623-F67772907880}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{F7225CE1-77F3-4FD8-BB61-7DC469B567BF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{40AE8EF1-FAED-4B11-85AE-FE685C8ACA54}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B8799829-7A95-4ADB-AF2B-AFFEDD882FC2}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{E6505E20-D3E0-45CC-BFB3-8D91BAA2619A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{127BDD42-C0EA-4C89-85DF-0DF858314E02}] => (Allow) C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BC74AC10-FA16-4890-B334-57C2C5F5E9E9}] => (Allow) C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{046E476F-FBC0-4906-8A93-E4D02D0A6BED}] => (Allow) C:\Program Files\Symform\Node Service\symformconfig.exe
FirewallRules: [{156A7FD0-4078-448B-BCBA-A662C11B2374}] => (Allow) C:\Program Files\Symform\Node Service\symformcontrib.exe
FirewallRules: [TCP Query User{443D2645-E9B3-4211-86C2-A32AE3601628}C:\users\serum office\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\serum office\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2B8A057A-FE1E-4246-A51C-390A4803C85C}C:\users\serum office\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\serum office\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{6A94BF51-35AA-4CA2-A08B-A65093F6166A}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{775C5518-170B-4CFC-AA64-B8974AD1D385}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{DB6CAB3B-856A-44A7-8DC9-74FC8F8D0F5C}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{731824B2-AEDD-4577-95FF-57C98308AAA2}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [{76E0B2CD-A058-4E54-9B61-21EB8D824173}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{E1D0D32F-9AD7-49CD-8D7B-D8E01F663E8C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{4CFC5B29-1C79-4654-8169-0EE158FCFE18}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{6276EC1D-2608-414F-A298-E9851E06817A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22B8135E-4EC6-417F-97A7-DE71A3299DA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB6955EC-784A-419E-AB50-19EAE8263845}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C913EB6D-18D6-46DF-89D6-F380B76035AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF592010-6CAF-4B6E-8BAB-3FABF66C214F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3BC37CFF-1FBC-415C-955F-E692320898A6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{F9BD95A2-4050-4A64-988A-570041D6B292}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CD748585-D949-4DC7-B5AC-57E939997D04}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C8F4A666-2553-4654-8F38-C3EB8FA78D58}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F6013EB4-6545-4CF8-8CF7-760776A020C4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D675A64A-12FC-4048-9230-DB6980C319C4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{85AECBC5-AECB-4BCB-9696-E7D481AFC0C2}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{AB4E219E-667A-45C1-B0ED-1A07A19E6988}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{F1594D87-35C4-4E73-A682-440B960F16B2}] => (Allow) C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
FirewallRules: [{A9C148F3-4D9F-45E3-9C56-B33B27EB21BC}] => (Allow) C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
FirewallRules: [TCP Query User{2C9F5772-6CDF-42AF-A528-1ACF26EFCBDE}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{3F5DF82B-6594-4BBA-90C6-01A5E8894B39}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{13AAAB1A-E197-497A-AEDF-03146876395D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DEC312E-6639-4015-BBF1-BB0C4579DDE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5329E4D2-1F64-4BE0-B2E1-8E92E30CC8CA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FACDD4A8-9CE3-4BE1-8AEE-815EAEF255C9}] => (Allow) LPort=2869
FirewallRules: [{7FD4D30B-1FE3-4050-B412-D1DB9179A8BB}] => (Allow) LPort=1900
FirewallRules: [{17FD560F-168B-4E04-A1AD-57E3F86083CA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{1AD29A8E-1DE2-42E6-9AD3-0C0CF7CE0D65}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{FBF94D26-A216-4927-A082-F8DCE173D709}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{59CCA823-3308-4D59-A914-ACF4F75B4492}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{FBDB7CB4-4999-407A-BD5B-CF343D1E76E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{43D552B3-FB03-47C6-9C3E-C4E6DF96ABCF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D6935321-6C1E-4AB0-98B3-235068A89A56}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{40844F38-E3B5-43F2-A21B-BAFDAF31D446}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{3AD97A73-238D-4A82-BE83-54E27800D022}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{A7139583-0E52-4F06-B6E9-7A1260B3D00F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2015 06:29:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2015 06:24:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname SerumOffice-PC.local already in use; will try SerumOffice-PC-2.local instead

Error: (12/19/2015 06:24:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 SerumOffice-PC.local. Addr 192.168.1.75

Error: (12/19/2015 06:24:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.75:5353 16 SerumOffice-PC.local. AAAA 2602:0304:CE85:D1B0:D5DF:4C92:7BC6:13C9

Error: (12/19/2015 06:24:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname SerumOffice-PC.local already in use; will try SerumOffice-PC-2.local instead

Error: (12/19/2015 06:24:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 SerumOffice-PC.local. Addr 192.168.1.75

Error: (12/19/2015 06:24:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.75:5353 16 SerumOffice-PC.local. AAAA 2602:0304:CE85:D1B0:D5DF:4C92:7BC6:13C9

Error: (12/14/2015 03:46:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9158

Error: (12/14/2015 03:46:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9158

Error: (12/14/2015 03:46:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/19/2015 06:26:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/17/2015 12:38:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/14/2015 03:48:27 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (12/08/2015 12:50:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/08/2015 12:49:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (12/08/2015 12:49:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (12/08/2015 12:49:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:44:38 PM on ‎12/‎8/‎2015 was unexpected.

Error: (12/07/2015 07:50:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (12/07/2015 07:50:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (12/07/2015 07:48:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


CodeIntegrity:
===================================
Date: 2014-09-10 03:58:23.808
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:58:23.806
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:58:12.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:36:21.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:36:21.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:35:32.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-15 05:26:33.350
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-15 05:26:33.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-15 05:25:50.355
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 12204.95 MB
Available physical RAM: 7731.8 MB
Total Virtual: 24408.11 MB
Available Virtual: 19592.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:141.16 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.75 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 8FB48BB7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 26th, 2016, 10:06 pm

mbserum wrote:This is a home PC that I use for email, spreadsheets and internet browsing.

Thank you!

Mike3


Hi Mike/mbserum,

It is rather obvious that you use this computer for more than what you listed. The fact that you have tax information on this machine speaks volumes. Also, by using Torrent programs you have possibly/probably exposed all that information to whomever may have infected your computer via the torrent downloads. Now I can help clean your computer, but I cannot guarantee that it will be safe and secure for internet commerce or any other persona data use. Only a complete format and reinstall of the Operating System can do that.
If you have clientele, are you willing to risk their information and not just your own?


P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent
Deluge


As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate the following program:
    µTorrent
    Deluge
    Coupon Printer for Windows
  3. Click on the Change/Remove button to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

The "Coupon Printer for Windows" program causes issues with unwanted popups and browser redirects.


Step 2.
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


What I need back from you:
Post each separately.
  1. Contents of CKFiles.txt
  2. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 26th, 2016, 10:49 pm

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\serviceinfo.plist
c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\url\crackle\servicecode.pys
c:\users\serum office\desktop\torrent\completed\ynab 4 + crack\install instructions.txt
c:\users\serum office\desktop\torrent\completed\ynab 4 + crack\ynab 4_4.0.911_setup.exe
c:\users\serum office\desktop\torrent\completed\ynab 4 + crack\ynab.swf
scanner sequence 3.EM.11.UDNALZ
----- EOF -----

The only trouble I had with the instructions is the coupon printer was not inthe lsit of installed programs (I may have uninstalled it previously) - however I did search the the exe and delted the install file. Also, the first time I ran ckscanner it froze (not responding message) - I closed it and ran it again and it completed successfully.

Thank You for all of the help - the tx files are personal and not for anyone outside of my family.
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 27th, 2016, 12:39 am

Let me explain how you infected your computer and where we stand. You infected it by downloading illegal software via the torrents or deluge. The greater percentage of these programs/files contains malicious code of some sort. This forum as all the other malware removal forums do not support the use of illegal software. If this software infected your computer and I continued to help you remove the infection it could be construed in the eyes of the law as aiding and abetting a crime.

If you want to continue cleaning up your system than I have to ask you to uninstall all the illegal stuff first.
After you do run CKScanner and FRST and post new logs.
When running FRST, under the Optional Scan block be sure that the box for Addition.txt has a check mark in it.

If you care not to uninstall any of those programs/files than its your call and this thread will be closed.
Let me know what you decide.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 27th, 2016, 10:02 am

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\serviceinfo.plist
c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\url\crackle\servicecode.pys
scanner sequence 3.AA.11.NELBVA
----- EOF -----

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Serum Office (administrator) on SERUMOFFICE-PC (27-01-2016 07:50:14)
Running from C:\Users\Serum Office\Downloads\FRST-OlderVersion
Loaded Profiles: Serum Office (Available Profiles: Serum Office)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Windows\System32\efsui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformstatus.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
(Dropbox, Inc.) C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformcontrib.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformsync.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformupdater.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Serum Office\Desktop\CKScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-08-27] (Qualcomm®Atheros®)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [Symform Status] => C:\Program Files\Symform\Node Service\symformstatus.exe [412600 2014-11-19] (Symform, Inc.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [Dropbox Update] => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-25] (Dropbox, Inc.)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-13] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\MountPoints2: {f5a87f98-38c3-11e4-b616-142d27a2f006} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-01-24]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-01-24]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-01-24]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk [2015-02-16]
ShortcutTarget: TVMOBiLiArtworkManager.lnk -> C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe ()
Startup: C:\Users\Serum Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DishAnywherePlayerShortcut.lnk [2016-01-25]
ShortcutTarget: DishAnywherePlayerShortcut.lnk -> C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (No File)
Startup: C:\Users\Serum Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6C8F3E9F-687E-4073-A2A5-B842FDF7E3FE}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{90F18143-C777-44D7-99D1-ED3D6FB22876}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={3E03AEFA-FC61-4D57-9A7E-D407F8197E12}&mid=df39672316c447d29a7fc564614619f5-9d507bd3056e0843dcd66eade72857388cb929ae&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-01 06:07:37&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
BHO-x32: IeWebtoptimumPlugin.BHO -> {314cc13e-2027-44ca-838b-546591a01fda} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.)
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Serum Office\AppData\Roaming\Mozilla\Firefox\Profiles\xusd85ou.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Serum Office\AppData\Roaming\Mozilla\Firefox\Profiles\xusd85ou.default\user.js [2015-12-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Serum Office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-11-11] (Cisco WebEx LLC)
FF Extension: Web Optimum - C:\Users\Serum Office\AppData\Roaming\Mozilla\Firefox\Profiles\xusd85ou.default\Extensions\weboptimum@bscodecs.com [2015-12-19] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\73655B7AD9ED759B7A6B0CBCAA75D9E87365 [2015-12-19] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (PlayOn Plug-in) - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (AVG Secure Search) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-12-26]
CHR Extension: (Google Search) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (PlayOn) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2015-09-17]
CHR Extension: (SearchLock) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2015-08-20]
CHR Extension: (Gmail) - C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-08-27] (Windows (R) Win 7 DDK provider) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [802832 2016-01-13] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5933872 2015-09-18] (MediaMall Technologies, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
S4 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 symformcontrib; C:\Program Files\Symform\Node Service\symformcontrib.exe [18872 2014-11-19] (Symform, Inc.)
R2 symformsync; C:\Program Files\Symform\Node Service\symformsync.exe [21944 2014-11-19] (Symform, Inc.)
R2 symformupdater; C:\Program Files\Symform\Node Service\symformupdater.exe [29112 2014-11-19] (Symform, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4377000 2015-12-11] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-16] ()
S3 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]
S2 vToolbarUpdater40.2.4; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-01] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-08-27] (Qualcomm Atheros)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-12-11] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 07:49 - 2016-01-27 07:50 - 00000000 ____D C:\Users\Serum Office\Downloads\FRST-OlderVersion
2016-01-27 06:48 - 2016-01-27 06:48 - 00000000 ___RD C:\Users\Serum Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-26 20:46 - 2016-01-27 07:46 - 00000437 _____ C:\Users\Serum Office\Desktop\ckfiles.txt
2016-01-26 20:42 - 2016-01-26 20:42 - 00468480 _____ () C:\Users\Serum Office\Desktop\CKScanner.exe
2016-01-26 19:10 - 2016-01-26 19:10 - 00074240 _____ C:\Users\Serum Office\Downloads\Lesson__1_-_Excel_Intro_-_NAME (1).xls
2016-01-26 10:01 - 2016-01-26 10:01 - 00022649 _____ C:\Users\Serum Office\Downloads\X-Files+season+1 (1).torrent
2016-01-26 09:58 - 2016-01-26 09:58 - 00022649 _____ C:\Users\Serum Office\Downloads\X-Files+season+1.torrent
2016-01-26 09:48 - 2016-01-26 09:48 - 00697416 _____ C:\Users\Serum Office\Downloads\THE+X-FILES+-+SEASON+1+FULL+-+DVD+RIP.torrent
2016-01-26 09:43 - 2016-01-26 09:43 - 00026768 _____ C:\Users\Serum Office\Downloads\Sicario.2015.1080p.Bluray.DTS.x264-ETRG.torrent
2016-01-26 06:52 - 2016-01-26 06:52 - 00123938 _____ C:\Users\Serum Office\Downloads\ZM Application 2015 (1).pdf
2016-01-25 18:47 - 2016-01-25 18:47 - 00014878 _____ C:\Users\Serum Office\Downloads\2015W2.pdf
2016-01-25 14:19 - 2016-01-25 14:19 - 00097343 _____ C:\Users\Serum Office\Downloads\Bang+Casting+-+Holly+Hendrix+in+Casting+with+Holly+Hendrix%21.torrent
2016-01-25 14:18 - 2016-01-25 14:18 - 00050207 _____ C:\Users\Serum Office\Downloads\%5BPunishTeens%5D+Holly+Hendrix+-+Making+a+Groupie+His+Bitch.torrent
2016-01-25 14:14 - 2016-01-25 14:14 - 00037054 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall.Elsa.Dream.Daddys.Little.Princess (1).torrent
2016-01-25 14:13 - 2016-01-25 14:13 - 00014165 _____ C:\Users\Serum Office\Downloads\%5BEroticaX%5D+Elsa+Jean+%28Coming+of+Age+2%2C+Elsa+%2C+Logan%29.torrent
2016-01-25 13:29 - 2016-01-25 13:29 - 00037054 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall.Elsa.Dream.Daddys.Little.Princess.torrent
2016-01-25 13:27 - 2016-01-25 13:27 - 00023672 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall+-+Renee+Roulette+-+Tiny+Business+Proposal+-+TeamSke.torrent
2016-01-25 13:26 - 2016-01-25 13:26 - 00042698 _____ C:\Users\Serum Office\Downloads\%5BExxxtraSmall%5D+Holly+Hendrix+%28Stranded+Teen+Gets+Picked+Up+and+F.torrent
2016-01-25 13:26 - 2016-01-25 13:26 - 00030877 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall+-+Uma+Jolie+%28Extra+Small+Elf+on+The+Shelf%29.torrent
2016-01-25 13:01 - 2016-01-25 13:01 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-01-25 13:00 - 2016-01-25 13:00 - 14984296 _____ (PlotSoft LLC) C:\Users\Serum Office\Downloads\PDFill.exe
2016-01-25 12:45 - 2016-01-25 12:45 - 00189934 _____ C:\Users\Serum Office\Downloads\Non Disclosure Form.pdf
2016-01-25 12:40 - 2016-01-25 12:40 - 01202835 _____ C:\Users\Serum Office\Documents\Mike Serumn.pdf
2016-01-25 12:26 - 2016-01-25 12:26 - 00241404 _____ C:\Users\Serum Office\Downloads\ZM Background Check Auth (1).pdf
2016-01-25 10:20 - 2016-01-25 10:20 - 00215125 _____ C:\Users\Serum Office\Downloads\470005870039728 (1).pdf
2016-01-25 09:51 - 2016-01-25 09:51 - 27713778 _____ C:\Users\Serum Office\Downloads\wetransfer-07b1fa.zip
2016-01-25 09:06 - 2016-01-25 09:06 - 00087313 _____ C:\Users\Serum Office\Downloads\Mike Serum (3).7z
2016-01-25 09:05 - 2016-01-27 07:41 - 00000000 ____D C:\Program Files\7-Zip
2016-01-25 09:05 - 2016-01-25 09:05 - 01371668 _____ (Igor Pavlov) C:\Users\Serum Office\Downloads\7z1514-x64.exe
2016-01-25 07:53 - 2016-01-25 07:53 - 00083207 _____ C:\Users\Serum Office\Downloads\FRST.txt
2016-01-25 06:47 - 2016-01-25 06:47 - 01290470 _____ C:\Users\Serum Office\Downloads\f1098eDirect.pdf
2016-01-24 13:02 - 2016-01-24 13:02 - 00074240 _____ C:\Users\Serum Office\Downloads\Lesson__1_-_Excel_Intro_-_NAME.xls
2016-01-24 07:14 - 2016-01-26 20:19 - 00000000 ____D C:\Users\Serum Office\Desktop\Laura school 2016
2016-01-24 07:13 - 2016-01-24 07:13 - 00008292 _____ C:\Users\Serum Office\Downloads\Lesson__0_-_Getting__Started.xlsx
2016-01-24 05:30 - 2016-01-24 05:30 - 01077366 _____ C:\Users\Serum Office\Downloads\TaxDocument (2).pdf
2016-01-23 05:13 - 2016-01-23 05:13 - 00235457 _____ C:\Users\Serum Office\Documents\CZP0y4EUYAAVAGB (1).jpg-large
2016-01-22 13:05 - 2016-01-22 13:06 - 07870026 _____ C:\Users\Serum Office\Downloads\hahahahaa.pdf
2016-01-22 07:03 - 2016-01-22 07:03 - 01195141 _____ C:\Users\Serum Office\Downloads\Michael Serum_Signed.pdf
2016-01-22 07:01 - 2016-01-22 07:01 - 01195141 _____ C:\Users\Serum Office\Documents\Michael Serum_Signed.pdf
2016-01-22 06:55 - 2016-01-22 06:55 - 00094107 _____ C:\Users\Serum Office\Downloads\Mike Serum (4).pdf
2016-01-22 05:33 - 2016-01-22 05:33 - 00094107 _____ C:\Users\Serum Office\Downloads\Mike Serum (3).pdf
2016-01-21 15:40 - 2016-01-21 15:40 - 00000516 _____ C:\Users\Serum Office\Downloads\appointment623718122.vcs
2016-01-21 15:39 - 2016-01-21 15:39 - 00094107 _____ C:\Users\Serum Office\Downloads\Mike Serum (2).pdf
2016-01-21 15:16 - 2016-01-21 15:16 - 00094105 _____ C:\Users\Serum Office\Downloads\Mike Serum (1).pdf
2016-01-21 06:52 - 2016-01-21 06:52 - 05719494 _____ C:\Users\Serum Office\Downloads\St Lukes IVR Proposal_012116.pptx
2016-01-20 06:18 - 2016-01-20 06:18 - 00241404 _____ C:\Users\Serum Office\Downloads\ZM Background Check Auth.pdf
2016-01-20 06:18 - 2016-01-20 06:18 - 00123938 _____ C:\Users\Serum Office\Downloads\ZM Application 2015.pdf
2016-01-20 06:16 - 2016-01-20 06:16 - 00094400 _____ C:\Users\Serum Office\Downloads\Mike Serum.pdf
2016-01-19 09:38 - 2016-01-19 11:10 - 00736006 _____ C:\Users\Serum Office\Downloads\St Lukes IVR Proposal_012116 DRAFT.pptx
2016-01-19 09:28 - 2016-01-19 09:28 - 05747491 _____ C:\Users\Serum Office\Downloads\St Lukes_110215_v2 JMR Additions (002).pptx
2016-01-19 08:52 - 2016-01-19 08:52 - 00032298 ____H C:\Users\Serum Office\Downloads\~WRL0004.tmp
2016-01-17 18:49 - 2016-01-17 18:50 - 00000000 ____D C:\Users\Serum Office\AppData\Local\Garmin_Ltd._or_its_subsid
2016-01-17 18:49 - 2016-01-17 18:49 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-01-17 18:49 - 2016-01-17 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-17 13:45 - 2016-01-17 13:45 - 06475572 _____ C:\Users\Serum Office\Downloads\The+Millionaire+Maker.pdf
2016-01-17 10:17 - 2016-01-17 10:17 - 01258432 _____ (AVG Technologies CZ) C:\Users\Serum Office\Downloads\avg_remover_poweliks.exe
2016-01-17 10:17 - 2016-01-17 10:17 - 00000000 ____D C:\Windows\system32\log
2016-01-17 10:15 - 2016-01-17 10:15 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Elex-tech
2016-01-17 10:14 - 2016-01-17 10:15 - 27249352 _____ (Elex do Brasil Participações Ltda) C:\Users\Serum Office\Downloads\yet_another_cleaner_cnet (1).exe
2016-01-17 10:03 - 2016-01-17 10:03 - 27249352 _____ (Elex do Brasil Participações Ltda) C:\Users\Serum Office\Downloads\yet_another_cleaner_cnet.exe
2016-01-17 09:59 - 2016-01-17 09:59 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-17 09:59 - 2016-01-17 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-17 09:58 - 2016-01-17 09:58 - 02895480 _____ (AVG Technologies) C:\Users\Serum Office\Downloads\AVG_Performance_1129.exe
2016-01-15 15:27 - 2016-01-15 15:27 - 00646151 _____ C:\Users\Serum Office\Downloads\Statement_Dec 2015 (2).pdf
2016-01-15 15:24 - 2016-01-15 15:24 - 00646150 _____ C:\Users\Serum Office\Downloads\Statement_Dec 2015 (1).pdf
2016-01-15 11:57 - 2016-01-15 12:00 - 00019455 _____ C:\Users\Serum Office\Downloads\AHA-Leads-2015.xlsx
2016-01-15 11:56 - 2016-01-15 11:56 - 00234939 _____ C:\Users\Serum Office\Downloads\message (10).html
2016-01-15 11:42 - 2016-01-15 11:42 - 00234074 _____ C:\Users\Serum Office\Downloads\message.html
2016-01-15 08:54 - 2016-01-15 08:54 - 00095728 _____ C:\Users\Serum Office\Downloads\Serum - PC Cancelation Form 1-13-2016 (1).pdf
2016-01-14 12:25 - 2016-01-14 12:25 - 00095728 _____ C:\Users\Serum Office\Downloads\Serum - PC Cancelation Form 1-13-2016.pdf
2016-01-13 16:26 - 2016-01-13 16:26 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Atheros
2016-01-13 16:26 - 2016-01-13 16:26 - 00000000 ____D C:\ProgramData\Atheros
2016-01-13 16:14 - 2016-01-13 16:14 - 00000938 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-01-13 14:43 - 2016-01-13 14:45 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2016-01-13 14:43 - 2016-01-13 14:43 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-13 14:43 - 2016-01-13 14:43 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-13 14:43 - 2016-01-13 14:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2016-01-13 14:41 - 2014-05-13 21:06 - 00440320 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-01-12 22:56 - 2015-12-23 17:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-12 22:56 - 2015-12-23 16:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-12 22:56 - 2015-12-12 12:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 22:56 - 2015-12-12 12:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 22:56 - 2015-12-12 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-12 22:56 - 2015-12-12 12:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-12 22:56 - 2015-12-12 12:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 22:56 - 2015-12-12 12:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 22:56 - 2015-12-12 12:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 22:56 - 2015-12-12 12:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-12 22:56 - 2015-12-12 12:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-12 22:56 - 2015-12-12 12:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 22:56 - 2015-12-12 12:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 22:56 - 2015-12-12 12:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-12 22:56 - 2015-12-12 12:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 22:56 - 2015-12-12 12:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 22:56 - 2015-12-12 12:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 22:56 - 2015-12-12 12:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-12 22:56 - 2015-12-12 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 22:56 - 2015-12-12 12:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-12 22:56 - 2015-12-12 11:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-12 22:56 - 2015-12-12 11:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 22:56 - 2015-12-12 11:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-12 22:56 - 2015-12-12 11:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 22:56 - 2015-12-12 11:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-12 22:56 - 2015-12-12 11:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 22:56 - 2015-12-12 11:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 22:56 - 2015-12-12 11:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 22:56 - 2015-12-12 11:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-12 22:56 - 2015-12-12 11:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-12 22:56 - 2015-12-12 11:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-12 22:56 - 2015-12-12 11:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-12 22:56 - 2015-12-12 11:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-12 22:56 - 2015-12-12 11:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-12 22:56 - 2015-12-12 11:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-12 22:56 - 2015-12-12 11:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-12 22:56 - 2015-12-12 11:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-12 22:56 - 2015-12-12 11:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 22:56 - 2015-12-12 11:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-12 22:56 - 2015-12-12 11:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-12 22:56 - 2015-12-12 11:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-12 22:56 - 2015-12-12 11:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 22:56 - 2015-12-12 11:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-12 22:56 - 2015-12-12 11:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-12 22:56 - 2015-12-12 11:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 22:56 - 2015-12-12 11:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-12 22:56 - 2015-12-12 11:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 22:56 - 2015-12-12 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 22:56 - 2015-12-12 11:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-12 22:56 - 2015-12-12 11:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-12 22:56 - 2015-12-12 11:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-12 22:56 - 2015-12-12 11:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 22:56 - 2015-12-12 11:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-12 22:56 - 2015-12-12 11:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 22:56 - 2015-12-12 11:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-12 22:56 - 2015-12-12 11:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 22:56 - 2015-12-12 11:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-12 22:56 - 2015-12-12 11:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-12 22:56 - 2015-12-12 11:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 22:56 - 2015-12-12 10:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 22:56 - 2015-12-12 10:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 22:56 - 2015-12-12 10:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 22:56 - 2015-12-12 10:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 22:56 - 2015-12-12 10:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 22:56 - 2015-12-11 12:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 22:56 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 22:56 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-12 22:56 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 22:56 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 22:56 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 22:56 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 22:56 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-12 22:56 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-12 22:56 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-12 22:56 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 22:56 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 22:56 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-12 22:56 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-12 22:56 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 22:56 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-12 22:56 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-12 22:56 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-12 22:56 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-12 22:56 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-12 22:56 - 2015-12-08 11:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-12 22:56 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-12 22:56 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-12 22:56 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-12 22:56 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-12 22:56 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-12 22:56 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-12 22:54 - 2015-12-30 13:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 22:54 - 2015-12-30 13:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 22:54 - 2015-12-30 13:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-12 22:54 - 2015-12-30 13:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-12 22:54 - 2015-12-30 13:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-12 22:54 - 2015-12-30 13:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-12 22:54 - 2015-12-30 13:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-12 22:54 - 2015-12-30 12:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-12 22:54 - 2015-12-30 12:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 22:54 - 2015-12-30 12:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-12 22:54 - 2015-12-30 12:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 22:54 - 2015-12-30 12:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-12 22:54 - 2015-12-30 12:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-12 22:54 - 2015-12-30 12:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-12 22:54 - 2015-12-30 12:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-12 22:54 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-12 22:54 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-12 22:54 - 2015-12-30 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-12 22:54 - 2015-12-30 12:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-12 22:54 - 2015-12-30 12:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-12 22:54 - 2015-12-30 12:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-12 22:54 - 2015-12-30 12:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 22:54 - 2015-12-30 12:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-12 22:54 - 2015-12-30 12:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-12 22:54 - 2015-12-30 12:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 22:54 - 2015-12-30 12:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-12 22:54 - 2015-12-30 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-12 22:54 - 2015-12-30 12:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-12 22:54 - 2015-12-30 12:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 11:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-12 22:54 - 2015-12-30 11:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-12 22:54 - 2015-12-30 11:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-12 22:54 - 2015-12-30 11:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-12 22:54 - 2015-12-30 11:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 22:54 - 2015-12-30 11:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-12 22:54 - 2015-12-30 11:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 22:54 - 2015-12-30 11:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-12 22:54 - 2015-12-30 11:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-12 22:54 - 2015-12-30 11:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-12 22:54 - 2015-12-30 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-12 22:54 - 2015-12-30 11:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-12 22:54 - 2015-12-30 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 22:54 - 2015-12-30 11:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-12 22:54 - 2015-12-30 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 22:54 - 2015-12-30 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-12 22:54 - 2015-12-08 15:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 22:54 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 22:54 - 2015-12-08 13:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 22:54 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 22:54 - 2015-11-16 19:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 22:54 - 2015-11-16 19:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 22:54 - 2015-11-16 19:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 22:54 - 2015-11-16 19:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 22:54 - 2015-11-16 19:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 22:54 - 2015-11-16 19:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 22:54 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-11 16:26 - 2016-01-11 16:26 - 00215125 _____ C:\Users\Serum Office\Downloads\470005870039728.pdf
2016-01-11 06:18 - 2016-01-11 15:03 - 00272896 _____ C:\Users\Serum Office\Documents\2016_A.xlsx
2016-01-05 10:27 - 2016-01-05 10:27 - 00007032 _____ C:\Users\Serum Office\Downloads\Holmquist
2016-01-02 18:16 - 2016-01-02 18:16 - 06905461 _____ C:\Users\Serum Office\Downloads\Quick Start Guide.pdf
2015-12-31 09:53 - 2015-12-31 09:53 - 00046472 _____ C:\Users\Serum Office\Downloads\The Plantation Golf and Country Club Info.pdf
2015-12-30 13:22 - 2015-12-30 13:22 - 00748738 _____ C:\Users\Serum Office\Downloads\Attachments_20151230.zip
2015-12-30 09:58 - 2015-12-30 09:58 - 00014785 _____ C:\Users\Serum Office\Downloads\MMM_Men.xlsx
2015-12-29 06:34 - 2015-12-29 06:34 - 00646158 _____ C:\Users\Serum Office\Downloads\Statement_Dec 2015.pdf
2015-12-28 11:34 - 2015-12-28 11:34 - 16187038 _____ C:\Users\Serum Office\Downloads\MostWired_2015 (3).pdf
2015-12-28 11:34 - 2015-12-28 11:34 - 00113432 _____ C:\Users\Serum Office\Downloads\2015MostWiredSurvey.pdf
2015-12-28 11:33 - 2015-12-28 11:34 - 16187038 _____ C:\Users\Serum Office\Downloads\MostWired_2015 (2).pdf
2015-12-28 11:33 - 2015-12-28 11:33 - 00213402 _____ C:\Users\Serum Office\Downloads\MostWiredWinnersbyState2015.pdf
2015-12-28 11:14 - 2015-12-28 11:14 - 00308376 _____ C:\Users\Serum Office\Downloads\84991_MICHAEL_SERUM_Sep-30-2015.pdf
2015-12-28 10:42 - 2015-12-28 10:42 - 00207344 _____ C:\Users\Serum Office\Downloads\Attachments_20151228.zip
2015-12-28 10:42 - 2015-12-28 10:42 - 00207344 _____ C:\Users\Serum Office\Downloads\Attachments_20151228 (1).zip
2015-12-28 06:03 - 2015-12-28 06:03 - 04522972 _____ C:\Users\Serum Office\Documents\garmin fenix manual sapphire fenix3_OM_EN.pdf
2015-12-28 05:45 - 2015-12-28 05:45 - 00019484 _____ C:\Users\Serum Office\Downloads\SecureMessageAtt (2).html

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 07:51 - 2014-04-26 17:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-27 07:50 - 2015-12-19 16:59 - 00000000 ____D C:\FRST
2016-01-27 07:50 - 2015-06-25 19:39 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000UA.job
2016-01-27 07:49 - 2015-12-19 16:58 - 02370560 _____ (Farbar) C:\Users\Serum Office\Downloads\FRST64.exe
2016-01-27 07:41 - 2014-10-12 19:16 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-01-27 07:09 - 2014-08-10 12:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 06:55 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-27 06:55 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 06:54 - 2014-08-10 12:16 - 00000000 ____D C:\ProgramData\softthinks
2016-01-27 06:54 - 2014-04-26 17:36 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-01-27 06:48 - 2014-10-28 17:44 - 00000000 ___RD C:\Users\Serum Office\Dropbox
2016-01-27 06:48 - 2014-10-28 15:21 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Dropbox
2016-01-27 06:47 - 2015-02-17 17:48 - 00000000 ____D C:\ProgramData\MediaMall
2016-01-27 06:47 - 2014-08-10 12:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 06:47 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 06:40 - 2015-10-05 06:49 - 00273408 _____ C:\Users\Serum Office\Documents\2016.xlsx
2016-01-27 06:07 - 2015-12-26 06:02 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\SlingMedia
2016-01-27 06:07 - 2015-12-26 06:02 - 00000000 ____D C:\Program Files (x86)\DishAnywhereDesktop
2016-01-27 06:07 - 2014-09-08 17:53 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-27 04:44 - 2014-08-10 12:38 - 00000000 ____D C:\ProgramData\MFAData
2016-01-26 20:40 - 2014-08-10 12:45 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\uTorrent
2016-01-26 17:40 - 2009-07-13 23:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-26 17:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-01-26 17:00 - 2014-12-31 05:17 - 00000000 ____H C:\Users\Serum Office\Documents\FD5ED0B4E896BE9E.dat
2016-01-26 13:50 - 2015-06-25 19:39 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000Core.job
2016-01-26 10:47 - 2015-01-13 20:44 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\Anvsoft
2016-01-26 10:46 - 2014-08-10 12:37 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\vlc
2016-01-26 10:23 - 2015-11-12 09:24 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-01-26 09:27 - 2015-06-16 06:02 - 00000000 ____D C:\Users\Serum Office\Documents\AMC
2016-01-25 15:21 - 2014-08-12 03:40 - 00000000 ____D C:\Users\Serum Office\AppData\Local\CrashDumps
2016-01-25 07:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-24 09:32 - 2014-08-10 12:20 - 00000000 ____D C:\Users\Serum Office\AppData\Local\Microsoft Help
2016-01-21 16:51 - 2014-04-26 17:17 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-21 16:51 - 2014-04-26 17:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-21 16:51 - 2014-04-26 17:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-21 08:19 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-19 06:43 - 2014-07-28 06:55 - 00000000 ____D C:\Users\Serum Office\Desktop\Steve Kopech
2016-01-18 16:39 - 2014-08-10 12:14 - 00000000 ____D C:\Users\Serum Office\Documents\Bluetooth Folder
2016-01-18 15:11 - 2014-08-10 13:09 - 00000000 ____D C:\Users\Serum Office\AppData\Local\ElevatedDiagnostics
2016-01-17 18:49 - 2014-09-08 17:54 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-17 18:48 - 2014-09-08 17:54 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-01-17 10:43 - 2011-02-10 08:25 - 00000000 ____D C:\dell
2016-01-17 10:28 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-17 10:17 - 2015-12-19 16:38 - 00001489 _____ C:\Users\Serum Office\Desktop\Google Chrome.lnk
2016-01-17 10:06 - 2014-08-10 13:15 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\HpUpdate
2016-01-17 10:06 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-01-17 10:00 - 2015-12-02 13:03 - 00000000 ____D C:\Users\Serum Office\AppData\Local\AvgSetupLog
2016-01-17 09:59 - 2015-12-19 06:36 - 00000000 ____D C:\ProgramData\Avg
2016-01-17 09:59 - 2014-09-01 05:08 - 00000000 ____D C:\Users\Serum Office\AppData\Local\AVG Web TuneUp
2016-01-17 09:59 - 2014-08-10 12:40 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-13 16:27 - 2015-06-02 07:48 - 00000000 ____D C:\Users\Serum Office\AppData\Local\Avg
2016-01-13 16:24 - 2014-09-30 13:03 - 00000000 ____D C:\ProgramData\AVG2015
2016-01-13 16:24 - 2014-04-26 17:23 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2016-01-13 16:15 - 2015-12-19 06:38 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\AVG
2016-01-13 16:15 - 2015-06-29 08:01 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-13 16:15 - 2014-08-10 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-13 16:15 - 2014-08-10 12:41 - 00000000 ___HD C:\$AVG
2016-01-13 14:41 - 2014-04-26 17:23 - 00000000 ____D C:\Windows\system32\nn-NO
2016-01-13 14:40 - 2014-04-26 17:22 - 00000000 ____D C:\ProgramData\Dell
2016-01-13 04:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 03:30 - 2009-07-13 22:45 - 00327184 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 03:29 - 2015-02-18 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 03:29 - 2015-02-18 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 03:27 - 2014-12-10 03:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 03:27 - 2014-08-11 17:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 03:11 - 2015-02-18 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 03:11 - 2014-08-10 12:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 03:10 - 2015-03-27 13:00 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 03:03 - 2015-03-27 13:00 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-31 21:13 - 2014-10-04 17:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-30 08:27 - 2015-06-16 05:39 - 00294912 _____ C:\Users\Serum Office\Documents\Copy of 2015.xlsx

==================== Files in the root of some directories =======

2015-02-21 12:00 - 2015-02-21 12:00 - 0003471 _____ () C:\Users\Serum Office\AppData\Roaming\QBFileDrTool.log
2015-10-26 05:48 - 2015-10-26 05:48 - 0000787 _____ () C:\Users\Serum Office\AppData\Local\recently-used.xbel
2014-08-10 13:14 - 2014-08-10 13:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-04-26 17:28 - 2014-04-26 17:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-30 12:18 - 2015-01-30 12:30 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-06-19 11:09 - 2015-06-19 11:09 - 0005038 _____ () C:\ProgramData\wmzddnmb.cix

Some files in TEMP:
====================
C:\Users\Serum Office\AppData\Local\Temp\avg-b5094b59-99f0-4451-885e-857dfeb0be66.exe
C:\Users\Serum Office\AppData\Local\Temp\avguirn_08492822995.exe
C:\Users\Serum Office\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-21 16:39

==================== End of FRST.txt =====================


==================== End of Addition.txt ============================
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 27th, 2016, 10:03 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Serum Office (2016-01-27 07:51:39)
Running from C:\Users\Serum Office\Downloads\FRST-OlderVersion
Windows 7 Professional Service Pack 1 (X64) (2014-08-10 18:09:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3131991204-3860928008-3871616040-500 - Administrator - Disabled)
Guest (S-1-5-21-3131991204-3860928008-3871616040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3131991204-3860928008-3871616040-1002 - Limited - Enabled)
Serum Office (S-1-5-21-3131991204-3860928008-3871616040-1000 - Administrator - Enabled) => C:\Users\Serum Office

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Amazon Cloud Drive) (Version: 2.5.2.40 - Amazon Digital Services, LLC.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.4 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.13.1.47453 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.13.3 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.4.155 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2907.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 4.1.13.0 - Garmin Ltd or its subsidiaries) Hidden
Eraser 6.2.0.2969 (HKLM\...\{66AB13EA-E7D2-4CFC-9B66-8E9EE44C89EE}) (Version: 6.2.2969 - The Eraser Project)
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Garmin Express (HKLM-x32\...\{48ce1b54-7299-420b-8c22-482c781de18b}) (Version: 4.1.13.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.13.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{928EE567-49F9-4082-A7B3-9BB82CD3C0FE}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyMedia (HKLM-x32\...\{083D6ABD-49D9-4664-A0DC-887A66A1A0FD}) (Version: 3.10.21 - MediaMall Technologies, Inc.)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
Port Forward Network Utilities 2.0.1 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.1 - Portforward.com)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.330 - Qualcomm Atheros Communications)
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2014 (HKLM-x32\...\{48DCE40F-BD78-4EEA-B810-6F371716A5DD}) (Version: 24.0.4008.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.1.11 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlingPlayer for Web (HKLM-x32\...\{7A2A3C57-B5C9-4E2D-A8E6-8406B78750CA}) (Version: 2.4.0152 - Sling Media)
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD)
Symform (HKLM\...\{73EDDF5E-CE9E-4A77-917F-58BBA5110300}) (Version: 4.24.0.0 - Symform, Inc.)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TVMOBiLi (HKLM-x32\...\TVMOBiLi) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
ViewSonic Windows 7 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebOptimum (x32 Version: 1.0.0.0 - bscodecs.com) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B013EB-E963-44C8-A918-9054F99E17CC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {23BE4326-A300-4137-B59B-1EAD05F4333C} - System32\Tasks\win => C:\Windows\win.exe
Task: {307BE6EF-04DA-4E90-B182-BFD6DC5D2BB6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {345D77B0-01BB-4293-BF00-F5B01012F42C} - System32\Tasks\GoogleUp => C:\Windows\hsysinfo.exe
Task: {380DF6C1-3FC5-40E2-B43A-B4029FE9BA61} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6187E8BC-0094-4369-BF6D-C2960B00EDFF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {62966042-AF2B-4B0A-94E5-0404C9428496} - System32\Tasks\{9F8768BB-724E-4CFB-B2AF-F25CA21B85E3} => pcalua.exe -a "C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {7CFC115F-41D3-430A-8E66-B5F4025C7C66} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe <==== ATTENTION
Task: {8024CB1D-A3AB-4FC7-8917-38B2689615B7} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {83626D15-90D9-4416-8270-F93C6DEDACF0} - System32\Tasks\Form Camera2 => Rundll32.exe "C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\kevsod.dll",#1 <==== ATTENTION
Task: {8737045B-8BD0-42E6-B8B5-4A394AE45C8B} - System32\Tasks\WOUP => C:\Program Files (x86)\WebOptimum\opt.exe
Task: {96B11535-49D1-4882-8BE7-6DAD4CC8913F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000UA => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {97B146FA-4A0F-4D05-9344-A43C8F6DACAB} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2015-12-11] (AVG Technologies CZ, s.r.o.)
Task: {98CA0071-D43B-4527-8342-D87CF79A903B} - System32\Tasks\Form Camera => Rundll32.exe "C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\FormCamera.dll",#1 <==== ATTENTION
Task: {99BC8774-F47D-4AD0-9A29-DF34F76A1AC4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {AD65894F-E7CD-4EC4-B100-AC1A51F7A6F7} - System32\Tasks\SymformServicesRestart => C:\Program Files\Symform\Node Service\symform.restart.cmd [2014-10-08] ()
Task: {B4CE8B38-8EAE-42A9-83AD-EF722A9A5165} - System32\Tasks\SymformLogUploader => C:\Program Files\Symform\Node Service\LogUploader.exe [2014-11-19] (Symform, Inc.)
Task: {BAD5CAA8-045F-48D6-8A0D-26A1D01EC238} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BBFF8B86-09AB-4EA1-93BB-D77ED97C0271} - System32\Tasks\Googleuptodate => C:\Windows\Wimboldon.exe
Task: {BCA269B0-0247-4FE4-9407-92654BED8604} - \impo -> No File <==== ATTENTION
Task: {C217A95D-72CA-4D78-9434-92B5B2C2FCF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated)
Task: {CB068483-64ED-4012-AD2B-D83D6929F8B5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-13] ()
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E27C6336-7E92-429C-B6CA-BDBDF571F41B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000Core => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {E99287B3-ABA6-4C64-BEB0-07EA9C0DD414} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {ECB9C1D0-45B6-41B9-89E2-4D300A5E6556} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F9EDA87A-00CC-4838-9CD6-88337F2D6B34} - System32\Tasks\import => C:\Windows\Mint.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000Core.job => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3131991204-3860928008-3871616040-1000UA.job => C:\Users\Serum Office\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-16 11:53 - 2015-12-16 08:32 - 01164688 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-08-27 21:11 - 2014-08-27 21:11 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-10-08 10:29 - 2014-10-08 10:29 - 00292304 _____ () C:\Program Files\Symform\Node Service\AlphaFS.dll
2014-12-01 13:39 - 2014-12-01 13:39 - 00069120 _____ () C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
2014-11-19 15:00 - 2014-11-19 15:00 - 00163256 _____ () C:\Program Files\Symform\Node Service\symformutp.DLL
2014-10-08 10:29 - 2014-10-08 10:29 - 00057544 _____ () C:\Program Files\Symform\Node Service\Mono.Nat.dll
2014-09-18 12:37 - 2014-07-02 20:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2016-01-26 20:42 - 2016-01-26 20:42 - 00468480 _____ () C:\Users\Serum Office\Desktop\CKScanner.exe
2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-12-11 20:35 - 2015-10-30 18:59 - 00034768 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00019408 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00022848 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00023352 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00042296 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00116688 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 20:35 - 2015-10-30 18:59 - 00093640 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00018376 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00019760 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00105928 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00392144 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 20:35 - 2015-12-08 15:36 - 00381752 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00692688 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00020816 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00109520 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 01737032 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00020808 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00020800 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00021840 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00038696 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00024528 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00020936 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00114640 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00021320 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00124880 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00030160 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00043472 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00175560 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00028616 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00024016 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00048592 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00024392 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00036296 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 20:35 - 2015-10-30 19:00 - 00024016 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00117056 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00023376 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00134608 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 20:35 - 2015-10-30 18:59 - 00134088 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00240584 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00020280 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00052024 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00021304 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00350152 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00084792 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 20:35 - 2015-12-08 15:36 - 01826608 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 20:35 - 2015-10-30 19:00 - 00083912 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 03891504 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 01950000 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00519984 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00133936 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00225080 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00207672 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00024904 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00486704 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 20:35 - 2015-12-08 15:36 - 00357680 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 15:45 - 2015-10-30 19:01 - 00019920 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 15:45 - 2015-10-30 19:00 - 00786904 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 23:51 - 2015-10-30 19:00 - 00063448 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 15:45 - 2015-10-30 19:00 - 00019408 _____ () C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-12-19 06:36 - 2015-12-19 06:35 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-04-26 17:20 - 2013-12-09 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-01-14 20:11 - 2016-01-12 10:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-14 20:11 - 2016-01-12 10:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2014-09-18 12:37 - 2014-07-30 16:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-04-26 17:36 - 2012-11-25 08:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 12:37 - 2012-11-25 22:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2016-01-19 19:56 - 2016-01-19 14:06 - 16792256 _____ () C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\95641836.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\95641836.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-12-19 16:49 - 00000931 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3131991204-3860928008-3871616040-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Serum Office\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DB80741D-B0DB-4745-9A07-4B521C85D9BD}] => (Allow) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13DF95E5-4ED9-41B9-9CDF-F2986E921A58}] => (Allow) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C545D861-7538-4BC3-A97C-99ED5128F98C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{B4FCB652-247F-4513-85B7-BFBD7D1968A8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{85F7D2F1-6E53-4E55-A020-8EB6825CE4A6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{6BB73B1A-7C94-45C1-A623-F67772907880}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{F7225CE1-77F3-4FD8-BB61-7DC469B567BF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{40AE8EF1-FAED-4B11-85AE-FE685C8ACA54}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B8799829-7A95-4ADB-AF2B-AFFEDD882FC2}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{E6505E20-D3E0-45CC-BFB3-8D91BAA2619A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{127BDD42-C0EA-4C89-85DF-0DF858314E02}] => (Allow) C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BC74AC10-FA16-4890-B334-57C2C5F5E9E9}] => (Allow) C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{046E476F-FBC0-4906-8A93-E4D02D0A6BED}] => (Allow) C:\Program Files\Symform\Node Service\symformconfig.exe
FirewallRules: [{156A7FD0-4078-448B-BCBA-A662C11B2374}] => (Allow) C:\Program Files\Symform\Node Service\symformcontrib.exe
FirewallRules: [TCP Query User{443D2645-E9B3-4211-86C2-A32AE3601628}C:\users\serum office\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\serum office\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2B8A057A-FE1E-4246-A51C-390A4803C85C}C:\users\serum office\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\serum office\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{6A94BF51-35AA-4CA2-A08B-A65093F6166A}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{775C5518-170B-4CFC-AA64-B8974AD1D385}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{DB6CAB3B-856A-44A7-8DC9-74FC8F8D0F5C}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{731824B2-AEDD-4577-95FF-57C98308AAA2}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [{76E0B2CD-A058-4E54-9B61-21EB8D824173}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{E1D0D32F-9AD7-49CD-8D7B-D8E01F663E8C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{4CFC5B29-1C79-4654-8169-0EE158FCFE18}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{6276EC1D-2608-414F-A298-E9851E06817A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22B8135E-4EC6-417F-97A7-DE71A3299DA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB6955EC-784A-419E-AB50-19EAE8263845}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C913EB6D-18D6-46DF-89D6-F380B76035AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF592010-6CAF-4B6E-8BAB-3FABF66C214F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3BC37CFF-1FBC-415C-955F-E692320898A6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{F9BD95A2-4050-4A64-988A-570041D6B292}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CD748585-D949-4DC7-B5AC-57E939997D04}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C8F4A666-2553-4654-8F38-C3EB8FA78D58}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F6013EB4-6545-4CF8-8CF7-760776A020C4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D675A64A-12FC-4048-9230-DB6980C319C4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{85AECBC5-AECB-4BCB-9696-E7D481AFC0C2}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{AB4E219E-667A-45C1-B0ED-1A07A19E6988}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{F1594D87-35C4-4E73-A682-440B960F16B2}] => (Allow) C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
FirewallRules: [{A9C148F3-4D9F-45E3-9C56-B33B27EB21BC}] => (Allow) C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
FirewallRules: [TCP Query User{2C9F5772-6CDF-42AF-A528-1ACF26EFCBDE}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{3F5DF82B-6594-4BBA-90C6-01A5E8894B39}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{13AAAB1A-E197-497A-AEDF-03146876395D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DEC312E-6639-4015-BBF1-BB0C4579DDE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5329E4D2-1F64-4BE0-B2E1-8E92E30CC8CA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FACDD4A8-9CE3-4BE1-8AEE-815EAEF255C9}] => (Allow) LPort=2869
FirewallRules: [{7FD4D30B-1FE3-4050-B412-D1DB9179A8BB}] => (Allow) LPort=1900
FirewallRules: [{17FD560F-168B-4E04-A1AD-57E3F86083CA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{1AD29A8E-1DE2-42E6-9AD3-0C0CF7CE0D65}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{FBF94D26-A216-4927-A082-F8DCE173D709}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{CA039604-7473-4698-AAA8-5D4D5F3E2189}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8C58297A-4FCD-486A-AFEE-DB15EA91D49C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{9CC6BDEC-5E55-4184-845A-692312AF6578}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{A24283F2-4E3A-4A40-8657-9C6455D29EE9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E17283AD-60C2-4332-B5AE-B58896A3CBBE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{1ECA0578-20FA-4C7A-ACC2-B008D0E10591}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A1436A1B-36C2-4E08-85EB-596A8A3BD1D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{BFC0EF8E-6B05-443A-B07B-B58883D9BA00}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [UDP Query User{A5EDA751-F347-45DE-BE45-B4982089CA81}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe

==================== Restore Points =========================

17-01-2016 18:48:13 Garmin Express
17-01-2016 18:49:34 Garmin Express
25-01-2016 13:01:07 Installed PDFill PDF Editor with FREE Writer and FREE Tools
25-01-2016 15:19:36 DishAnywhereDesktop
25-01-2016 15:19:50 Installed DISH Anywhere Video Player
25-01-2016 15:20:48 DishAnywhereDesktop
27-01-2016 06:06:08 Removed DISH Anywhere Video Player
27-01-2016 06:06:37 DishAnywhereDesktop
27-01-2016 06:08:00 Removed Instagram Downloader
27-01-2016 06:08:36 Removed PDFill PDF Editor with FREE Writer and FREE Tools
27-01-2016 06:09:43 Removed Streamline Your Debt

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 06:48:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2016 08:45:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dd4

Start Time: 01d158ac70d5d1a5

Termination Time: 2

Application Path: C:\Users\Serum Office\Desktop\CKScanner.exe

Report Id: fc4b5da2-c49f-11e5-bb58-142d27a2f006

Error: (01/26/2016 05:57:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2016 05:54:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28735

Error: (01/26/2016 05:54:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28735

Error: (01/26/2016 05:54:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/26/2016 05:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13494

Error: (01/26/2016 05:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13494

Error: (01/26/2016 05:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/25/2016 03:21:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DishAnywherePlayer.exe, version: 1.1.0.384, time stamp: 0x56823790
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x0002e59d
Faulting process id: 0x2c9c
Faulting application start time: 0xDishAnywherePlayer.exe0
Faulting application path: DishAnywherePlayer.exe1
Faulting module path: DishAnywherePlayer.exe2
Report Id: DishAnywherePlayer.exe3


System errors:
=============
Error: (01/27/2016 06:47:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.2.4 service failed to start due to the following error:
%%2

Error: (01/26/2016 06:02:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/26/2016 05:56:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.2.4 service failed to start due to the following error:
%%2

Error: (01/26/2016 05:56:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:53:32 AM on ‎1/‎26/‎2016 was unexpected.

Error: (01/25/2016 12:38:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.2.4 service failed to start due to the following error:
%%2

Error: (01/25/2016 12:38:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (01/25/2016 12:38:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (01/25/2016 10:33:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (01/25/2016 06:14:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater40.2.4 service failed to start due to the following error:
%%2

Error: (01/25/2016 06:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
Date: 2014-09-10 03:58:23.808
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:58:23.806
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:58:12.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:36:21.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:36:21.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 03:35:32.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-15 05:26:33.350
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-15 05:26:33.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-15 05:25:50.355
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 31%
Total physical RAM: 12204.95 MB
Available physical RAM: 8370.16 MB
Total Virtual: 24408.11 MB
Available Virtual: 20160.01 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:279.84 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:14.82 GB) FAT32
Drive y: (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.75 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 8FB48BB7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby wannabeageek » January 27th, 2016, 4:28 pm

Hi mbserum,

You should be running these tools from your desktop. These programs were designed to be run from the desktop.
Running from C:\Users\Serum Office\Downloads\FRST-OlderVersion


Post each step as you complete it to prevent running the logs together.
LastRegBack: 2016-01-21 16:39

==================== End of FRST.txt =====================

==================== End of Addition.txt ============================




Step 1.
Registry Backup (TCRB)
TCRB should still be on your desktop - if not;
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
AdwCleaner Download and Run

Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

Image

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

Image

Please post the content of the C:\AdwCleaner[S?].txt logfile in your next reply.


Step 3.
Junkware Removal Tool
Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Right-click JRT.exe and select " Run as administrator " to run it. If prompted by UAC, please allow it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.


Step 4.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\73655B7AD9ED759B7A6B0CBCAA75D9E87365 [2015-12-19] <==== ATTENTION
CHR Plugin: (Coupons Inc., Coupon Printer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
S2 vToolbarUpdater40.2.4; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe" [X]
2016-01-26 10:01 - 2016-01-26 10:01 - 00022649 _____ C:\Users\Serum Office\Downloads\X-Files+season+1 (1).torrent
2016-01-26 09:58 - 2016-01-26 09:58 - 00022649 _____ C:\Users\Serum Office\Downloads\X-Files+season+1.torrent
2016-01-26 09:48 - 2016-01-26 09:48 - 00697416 _____ C:\Users\Serum Office\Downloads\THE+X-FILES+-+SEASON+1+FULL+-+DVD+RIP.torrent
2016-01-26 09:43 - 2016-01-26 09:43 - 00026768 _____ C:\Users\Serum Office\Downloads\Sicario.2015.1080p.Bluray.DTS.x264-ETRG.torrent
2016-01-25 14:19 - 2016-01-25 14:19 - 00097343 _____ C:\Users\Serum Office\Downloads\Bang+Casting+-+Holly+Hendrix+in+Casting+with+Holly+Hendrix%21.torrent
2016-01-25 14:18 - 2016-01-25 14:18 - 00050207 _____ C:\Users\Serum Office\Downloads\%5BPunishTeens%5D+Holly+Hendrix+-+Making+a+Groupie+His+Bitch.torrent
2016-01-25 14:14 - 2016-01-25 14:14 - 00037054 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall.Elsa.Dream.Daddys.Little.Princess (1).torrent
2016-01-25 14:13 - 2016-01-25 14:13 - 00014165 _____ C:\Users\Serum Office\Downloads\%5BEroticaX%5D+Elsa+Jean+%28Coming+of+Age+2%2C+Elsa+%2C+Logan%29.torrent
2016-01-25 13:29 - 2016-01-25 13:29 - 00037054 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall.Elsa.Dream.Daddys.Little.Princess.torrent
2016-01-25 13:27 - 2016-01-25 13:27 - 00023672 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall+-+Renee+Roulette+-+Tiny+Business+Proposal+-+TeamSke.torrent
2016-01-25 13:26 - 2016-01-25 13:26 - 00042698 _____ C:\Users\Serum Office\Downloads\%5BExxxtraSmall%5D+Holly+Hendrix+%28Stranded+Teen+Gets+Picked+Up+and+F.torrent
2016-01-25 13:26 - 2016-01-25 13:26 - 00030877 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall+-+Uma+Jolie+%28Extra+Small+Elf+on+The+Shelf%29.torrent
2016-01-26 20:40 - 2014-08-10 12:45 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\uTorrent
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
Task: {62966042-AF2B-4B0A-94E5-0404C9428496} - System32\Tasks\{9F8768BB-724E-4CFB-B2AF-F25CA21B85E3} => pcalua.exe -a "C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {7CFC115F-41D3-430A-8E66-B5F4025C7C66} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe <==== ATTENTION
Task: {83626D15-90D9-4416-8270-F93C6DEDACF0} - System32\Tasks\Form Camera2 => Rundll32.exe "C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\kevsod.dll",#1 <==== ATTENTION
Task: {98CA0071-D43B-4527-8342-D87CF79A903B} - System32\Tasks\Form Camera => Rundll32.exe "C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\FormCamera.dll",#1 <==== ATTENTION
Task: {BCA269B0-0247-4FE4-9407-92654BED8604} - \impo -> No File <==== ATTENTION
FirewallRules: [{DB80741D-B0DB-4745-9A07-4B521C85D9BD}] => (Allow) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13DF95E5-4ED9-41B9-9CDF-F2986E921A58}] => (Allow) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log



What I need back from you:
Post each separately.
  1. Ensure that TCRB worked.
  2. Contents of C:\AdwCleaner[S?].txt
  3. Contents of JRT.txt
  4. Contents of fixlog.txt
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 27th, 2016, 6:27 pm

TCRB Worked!
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 27th, 2016, 6:27 pm

# AdwCleaner v5.031 - Logfile created 27/01/2016 at 16:22:55
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Serum Office - SERUMOFFICE-PC
# Running from : C:\Users\Serum Office\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.4

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\4C4C4544-1450565426-5A10-8057-B2C04F563032
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol
[-] Folder Deleted : C:\Users\Serum Office\AppData\Roaming\Elex-tech

***** [ Files ] *****

[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safesidesearch.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safesidesearch.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bitchcrawler.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bitchcrawler.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Serum Office\AppData\Roaming\Mozilla\Firefox\Profiles\xusd85ou.default\user.js
[-] File Deleted : C:\Windows\SysNative\log\iSafeKrnlCall.log

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 27th, 2016, 7:16 pm

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Professional x64
Ran by Serum Office (Administrator) on Wed 01/27/2016 at 16:29:46.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 35

Failed to delete: C:\ProgramData\mediamall (Folder)
Failed to delete: C:\Program Files (x86)\mediamall (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\(default) (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)
Successfully deleted: C:\Windows\system32\Tasks\GoogleUp (Task)
Successfully deleted: C:\Windows\system32\Tasks\Googleuptodate (Task)
Successfully deleted: C:\Windows\system32\Tasks\import (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\SymformServicesRestart (Task)
Successfully deleted: C:\Windows\system32\Tasks\win (Task)
Successfully deleted: C:\Program Files (x86)\ytd (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3703R0NB (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EEEVL9M (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46V35LYA (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LZ621EK (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Q67AMKD (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60PIX7CR (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P4DI675 (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9UENUMM (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1CUNJQZ (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5OU2W7A (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAMVZQRR (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GETG3817 (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI83OUAB (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0UOYFI3 (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAMS4UOL (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3RHF6M8 (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQ9DDYUX (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TV9M4PNT (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB6QKNQ1 (Folder)
Successfully deleted: C:\Users\Serum Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3OIXIH2 (Folder)



Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\MediaMall Server (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314cc13e-2027-44ca-838b-546591a01fda} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/27/2016 at 16:33:26.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am

Re: chrome.exe *32 in Processes - Numerous Entries - HELP!

Unread postby mbserum » January 27th, 2016, 7:25 pm

Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Serum Office (2016-01-27 17:19:20) Run:1
Running from C:\Users\Serum Office\Downloads\FRST-OlderVersion
Loaded Profiles: Serum Office (Available Profiles: Serum Office)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\73655B7AD9ED759B7A6B0CBCAA75D9E87365 [2015-12-19] <==== ATTENTION
CHR Plugin: (Coupons Inc., Coupon Printer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
S2 vToolbarUpdater40.2.4; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe" [X]
2016-01-26 10:01 - 2016-01-26 10:01 - 00022649 _____ C:\Users\Serum Office\Downloads\X-Files+season+1 (1).torrent
2016-01-26 09:58 - 2016-01-26 09:58 - 00022649 _____ C:\Users\Serum Office\Downloads\X-Files+season+1.torrent
2016-01-26 09:48 - 2016-01-26 09:48 - 00697416 _____ C:\Users\Serum Office\Downloads\THE+X-FILES+-+SEASON+1+FULL+-+DVD+RIP.torrent
2016-01-26 09:43 - 2016-01-26 09:43 - 00026768 _____ C:\Users\Serum Office\Downloads\Sicario.2015.1080p.Bluray.DTS.x264-ETRG.torrent
2016-01-25 14:19 - 2016-01-25 14:19 - 00097343 _____ C:\Users\Serum Office\Downloads\Bang+Casting+-+Holly+Hendrix+in+Casting+with+Holly+Hendrix%21.torrent
2016-01-25 14:18 - 2016-01-25 14:18 - 00050207 _____ C:\Users\Serum Office\Downloads\%5BPunishTeens%5D+Holly+Hendrix+-+Making+a+Groupie+His+Bitch.torrent
2016-01-25 14:14 - 2016-01-25 14:14 - 00037054 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall.Elsa.Dream.Daddys.Little.Princess (1).torrent
2016-01-25 14:13 - 2016-01-25 14:13 - 00014165 _____ C:\Users\Serum Office\Downloads\%5BEroticaX%5D+Elsa+Jean+%28Coming+of+Age+2%2C+Elsa+%2C+Logan%29.torrent
2016-01-25 13:29 - 2016-01-25 13:29 - 00037054 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall.Elsa.Dream.Daddys.Little.Princess.torrent
2016-01-25 13:27 - 2016-01-25 13:27 - 00023672 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall+-+Renee+Roulette+-+Tiny+Business+Proposal+-+TeamSke.torrent
2016-01-25 13:26 - 2016-01-25 13:26 - 00042698 _____ C:\Users\Serum Office\Downloads\%5BExxxtraSmall%5D+Holly+Hendrix+%28Stranded+Teen+Gets+Picked+Up+and+F.torrent
2016-01-25 13:26 - 2016-01-25 13:26 - 00030877 _____ C:\Users\Serum Office\Downloads\ExxxtraSmall+-+Uma+Jolie+%28Extra+Small+Elf+on+The+Shelf%29.torrent
2016-01-26 20:40 - 2014-08-10 12:45 - 00000000 ____D C:\Users\Serum Office\AppData\Roaming\uTorrent
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Serum Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
Task: {62966042-AF2B-4B0A-94E5-0404C9428496} - System32\Tasks\{9F8768BB-724E-4CFB-B2AF-F25CA21B85E3} => pcalua.exe -a "C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {7CFC115F-41D3-430A-8E66-B5F4025C7C66} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe <==== ATTENTION
Task: {83626D15-90D9-4416-8270-F93C6DEDACF0} - System32\Tasks\Form Camera2 => Rundll32.exe "C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\kevsod.dll",#1 <==== ATTENTION
Task: {98CA0071-D43B-4527-8342-D87CF79A903B} - System32\Tasks\Form Camera => Rundll32.exe "C:\Users\Serum Office\AppData\Local\Form Camera\{3AD2D434-95E7-D223-7A03-B27E73934F90}\FormCamera.dll",#1 <==== ATTENTION
Task: {BCA269B0-0247-4FE4-9407-92654BED8604} - \impo -> No File <==== ATTENTION
FirewallRules: [{DB80741D-B0DB-4745-9A07-4B521C85D9BD}] => (Allow) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13DF95E5-4ED9-41B9-9CDF-F2986E921A58}] => (Allow) C:\Users\Serum Office\AppData\Roaming\uTorrent\uTorrent.exe
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\mozilla firefox\73655B7AD9ED759B7A6B0CBCAA75D9E87365 => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => moved successfully
vToolbarUpdater40.2.4 => service not found.
C:\Users\Serum Office\Downloads\X-Files+season+1 (1).torrent => moved successfully
C:\Users\Serum Office\Downloads\X-Files+season+1.torrent => moved successfully
C:\Users\Serum Office\Downloads\THE+X-FILES+-+SEASON+1+FULL+-+DVD+RIP.torrent => moved successfully
C:\Users\Serum Office\Downloads\Sicario.2015.1080p.Bluray.DTS.x264-ETRG.torrent => moved successfully
C:\Users\Serum Office\Downloads\Bang+Casting+-+Holly+Hendrix+in+Casting+with+Holly+Hendrix%21.torrent => moved successfully
C:\Users\Serum Office\Downloads\%5BPunishTeens%5D+Holly+Hendrix+-+Making+a+Groupie+His+Bitch.torrent => moved successfully
C:\Users\Serum Office\Downloads\ExxxtraSmall.Elsa.Dream.Daddys.Little.Princess (1).torrent => moved successfully
C:\Users\Serum Office\Downloads\%5BEroticaX%5D+Elsa+Jean+%28Coming+of+Age+2%2C+Elsa+%2C+Logan%29.torrent => moved successfully
C:\Users\Serum Office\Downloads\ExxxtraSmall.Elsa.Dream.Daddys.Little.Princess.torrent => moved successfully
C:\Users\Serum Office\Downloads\ExxxtraSmall+-+Renee+Roulette+-+Tiny+Business+Proposal+-+TeamSke.torrent => moved successfully
C:\Users\Serum Office\Downloads\%5BExxxtraSmall%5D+Holly+Hendrix+%28Stranded+Teen+Gets+Picked+Up+and+F.torrent => moved successfully
C:\Users\Serum Office\Downloads\ExxxtraSmall+-+Uma+Jolie+%28Extra+Small+Elf+on+The+Shelf%29.torrent => moved successfully
C:\Users\Serum Office\AppData\Roaming\uTorrent => moved successfully
"HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3131991204-3860928008-3871616040-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62966042-AF2B-4B0A-94E5-0404C9428496}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62966042-AF2B-4B0A-94E5-0404C9428496}" => key removed successfully
C:\Windows\System32\Tasks\{9F8768BB-724E-4CFB-B2AF-F25CA21B85E3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F8768BB-724E-4CFB-B2AF-F25CA21B85E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CFC115F-41D3-430A-8E66-B5F4025C7C66}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CFC115F-41D3-430A-8E66-B5F4025C7C66}" => key removed successfully
C:\Windows\System32\Tasks\MyDailyBackup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyDailyBackup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83626D15-90D9-4416-8270-F93C6DEDACF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83626D15-90D9-4416-8270-F93C6DEDACF0}" => key removed successfully
C:\Windows\System32\Tasks\Form Camera2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Form Camera2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98CA0071-D43B-4527-8342-D87CF79A903B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98CA0071-D43B-4527-8342-D87CF79A903B}" => key removed successfully
C:\Windows\System32\Tasks\Form Camera => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Form Camera" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCA269B0-0247-4FE4-9407-92654BED8604}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA269B0-0247-4FE4-9407-92654BED8604}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\impo" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB80741D-B0DB-4745-9A07-4B521C85D9BD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13DF95E5-4ED9-41B9-9CDF-F2986E921A58} => value removed successfully
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:19:57 ====
mbserum
Regular Member
 
Posts: 21
Joined: January 25th, 2016, 9:55 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware