Jump to content

trauts14

Honorary Members
 View Profile  See their activity

  • Posts

    79

  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. trauts14
    yesterday my computer started acting very and unresponsive. it seems better, but now my malwarebytes pro scan only takes approx 3 minutes to complete. historically it takes approx 15 min. i think. here are the reports from MB and FRST: Time Elapsed: 3 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) ------------------------------------------------------------------------------------------------------------ FRST.txt
  2. trauts14
    problem solved. thank you.
  3. trauts14
    http://i.imgur.com/ZR3msBG.jpg my malwarebytes scan comes up clean. i keep getting this malwarebytes popup in reference to an outbound connection attempt. how can i remove this issue? thank you for any assistance.
  4. trauts14
    My computer is slow and at times not responsive unless I use safe mode. Malwarebytes scan is finished after approx 30 seconds. I am no longer able to access the interent via wired cat5. Any assistance is greatly appreciated, thank you.
  5. trauts14
    no further issues. malwarebytes will open now. i will reactivate my paid version now. thank you for the assistance. i appreciate your help.
  6. trauts14
    Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/4/2016 Scan Time: 3:24 PM Logfile: scan.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.12.04.08 Rootkit Database: v2016.11.20.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Stuart Scan Type: Threat Scan Result: Completed Objects Scanned: 326550 Time Elapsed: 19 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Deep Rootkit Scan: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  7. trauts14
    i followed your instructions. i am scanning now. thanks for the activation link since i have no idea what mine is. i will activate after scan.
  8. trauts14
    my computer will not let me click the link. i will use my wifes computer to do so
  9. trauts14
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2016 Ran by Stuart (04-12-2016 14:42:53) Running from C:\Users\Stuart\Desktop Windows 7 Professional Service Pack 1 (X64) (2014-12-23 00:17:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-890830538-3602730652-670256873-500 - Administrator - Disabled) Guest (S-1-5-21-890830538-3602730652-670256873-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-890830538-3602730652-670256873-1003 - Limited - Enabled) QBPOSDBSrvUser (S-1-5-21-890830538-3602730652-670256873-1004 - Limited - Enabled) => C:\Users\QBPOSDBSrvUser Stuart (S-1-5-21-890830538-3602730652-670256873-1002 - Administrator - Enabled) => C:\Users\Stuart ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated) AnyMP4 Video Converter Platinum 6.1.50 (HKLM-x32\...\{3E48324E-4843-4818-834D-C5219B51248E}_is1) (Version: 6.1.50 - AnyMP4 Studio) Ashampoo Burning Studio 15 v.15.0.2 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG) AutoCAD LT 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brackets (HKLM-x32\...\{0DA290D2-0583-4967-9EC0-93C1F603DD13}) (Version: 1.6 - brackets.io) calibre (HKLM-x32\...\{D28D6EE4-3319-49B7-BEE5-1D5B2AC3FF30}) (Version: 2.30.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3920 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4513 - CyberLink Corp.) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse) Foxit PhantomPDF (HKLM-x32\...\{5F3E0897-97AA-4FC2-A0A9-130A39D0FDFB}) (Version: 6.0.16.324 - Foxit Corporation) GiliSoft Video Editor 7.0.0 (HKLM-x32\...\{3908B421-EF03-4389-A38C-DBAF6252E312}_is1) (Version: 7.0.0 - GiliSoft International LLC.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hallmark Card Studio 2015 Bonus Pack (HKLM-x32\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home) Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home) HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company) HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.4.1811 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company) HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{53AE55F3-8E99-4776-A347-06222894ECD3}) (Version: 1.1.0.0 - Hewlett-Packard) HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.7.27 - Hewlett-Packard Company) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company) HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.41 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{88D3964A-59BE-412B-B61F-6EF5FBB33707}) (Version: 6.0.12.1 - Hewlett-Packard Company) HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP SoftPaq Download Manager (HKLM-x32\...\{34FF930E-DBF9-4858-BAB5-BAC957BF616E}) (Version: 3.5.1.0 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) HP System Default Settings (HKLM-x32\...\{B5BEF5F8-BD76-4174-A47D-05A06EA62615}) (Version: 2.7.1 - Hewlett-Packard Company) HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company) ImTOO DVD Creator (HKLM-x32\...\ImTOO DVD Creator) (Version: 7.1.3.20130709 - ImTOO) inSSIDer 4 (HKLM-x32\...\{23A7D3D7-D312-4549-B349-2226AF6C6A83}) (Version: 4.1.0.60 - MetaGeek, LLC) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{978B5476-EAF9-4EB0-AD34-92689249A016}) (Version: 4.2.41.2499 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Movie DVD Copy 1.4.3 (HKLM-x32\...\Movie DVD Copy_is1) (Version: - movie-dvd-copy.com) Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich) NetDvrPlugin 1.0 (HKLM-x32\...\NetDvrPlugin) (Version: 1.0 - ) NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PeaZip 5.5.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani) Prey Anti-Theft (x32 Version: 1.6.3 - Prey, Inc.) Hidden Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.7 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.83.328.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7225 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.) Revo Uninstaller Pro 3.1.2 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.1.2 - VS Revo Group, Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Setup (HKLM-x32\...\{FB2CA23A-3F6F-4E94-8A92-3DBA61A7092D}) (Version: 1.0.35 - Microsoft) Skitch (HKLM-x32\...\Skitch 2.3.2.173) (Version: 2.3.2.173 - Evernote Corp.) Slingplayer for Web Installer (x32 Version: 1.2.7.358 - Sling Media) Hidden SlingplayerForWeb (HKLM-x32\...\{62a74667-8e59-4fbc-9417-ad041a630066}) (Version: 1.2.7.358 - Sling Media) Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation) Snagit 12 (x32 Version: 12.2.2 - TechSmith Corporation) Hidden STWWebViewer for Windows 1.0.150 (HKLM-x32\...\STWWebViewer for Windows) (Version: 1.0.150 - Samsung Techwin) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.8.1 - Synaptics Incorporated) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer) Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - ) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-890830538-3602730652-670256873-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1E937FC4-A260-4030-9950-FB095745776E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {28AF43EA-62E6-4A8E-9DA2-804BCE20515F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated) Task: {349B7FFD-6FB1-41FC-B88C-3D7EADB57B0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe Task: {57F486EB-42E0-4B8D-BFB4-591EF149FEC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {72112010-607E-48A6-A255-F24B0E481275} - System32\Tasks\HPCeeScheduleForStuart => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {84ABFAEB-8797-4597-9A90-C8B3D65D9AFC} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-12-22] () Task: {8743F999-5A58-46C3-A043-BAE004C8D486} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation) Task: {AAFA4149-531B-4022-9C37-A2F310DE84D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {EB0D11B1-47E6-4D1A-A520-258AB3909B4B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForStuart.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" ==================== Loaded Modules (Whitelisted) ============== 2013-05-22 15:21 - 2013-05-22 15:21 - 00299832 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2014-12-02 13:52 - 2014-12-02 13:52 - 00029184 _____ () C:\Windows\System32\ssm4mlm.dll 2014-09-08 04:42 - 2014-03-05 20:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2014-03-31 15:28 - 2014-03-31 15:28 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe 2014-12-08 05:10 - 2014-12-08 05:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-02-05 13:56 - 2014-02-05 13:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll 2016-03-28 13:07 - 2016-03-28 13:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2013-09-06 19:06 - 2013-09-06 19:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-09-06 19:06 - 2013-09-06 19:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-09-06 19:05 - 2013-09-06 19:05 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe 2014-12-22 19:35 - 2014-12-22 19:35 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe 2014-12-02 13:52 - 2014-12-02 13:52 - 01199104 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssm4mdu.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe 2014-12-22 19:35 - 2014-12-22 19:35 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll 2016-11-29 14:31 - 2016-11-29 14:31 - 00899584 _____ () \\?\C:\Windows\Prey\versions\1.6.4\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node 2014-09-08 04:49 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-09-08 04:41 - 2013-12-09 20:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-03-19 10:00 - 2014-03-19 10:00 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll 2016-11-14 19:09 - 2016-11-08 15:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll 2016-11-14 19:09 - 2016-11-08 15:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll 2016-12-04 13:25 - 2016-12-04 13:25 - 00012800 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00009728 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00014848 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00094208 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\src\rgloader\rgloader193.mswin.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00009216 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00094208 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00126976 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00087552 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00016384 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00127316 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\bin\libffi-6.dll 2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00013312 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00095744 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00026624 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00012800 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00009728 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00014848 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00094208 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\src\rgloader\rgloader193.mswin.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00094208 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00118784 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00069120 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00083968 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\bin\zlib1.dll 2016-12-04 13:25 - 2016-12-04 13:25 - 00026624 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00275968 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00015360 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00008192 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00009216 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00023552 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00036352 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00126976 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00087552 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00016384 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00127316 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\bin\libffi-6.dll 2016-12-04 13:25 - 2016-12-04 13:25 - 00013312 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2016-12-04 13:25 - 2016-12-04 13:25 - 00095744 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2016-12-04 13:25 - 2016-12-04 13:26 - 00026624 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2014-12-22 19:35 - 2014-12-22 19:35 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll 2014-12-22 19:35 - 2014-12-22 19:35 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:264B2CC4 [121] AlternateDataStreams: C:\ProgramData\Temp:C05ABBB5 [250] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-890830538-3602730652-670256873-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 209.222.18.222 - 209.222.18.218 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gNjZHC.vbs => C:\Windows\pss\gNjZHC.vbs.Startup MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro.lnk => C:\Windows\pss\OptimizerPro.lnk.Startup MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SlingplayerForWebShortcut.lnk => C:\Windows\pss\SlingplayerForWebShortcut.lnk.Startup MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe MSCONFIG\startupreg: HP Camera Driver_Monitor => "C:\Program Files (x86)\HP Camera Driver\monitor.exe" MSCONFIG\startupreg: Skitch => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [{2A59FA7A-482C-47D9-A70B-9FA741B788DF}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{12911CC8-2F25-4DFB-BD49-D4135325B5E2}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{34C41F39-93DD-42A8-A11D-2A2C3547EEE4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{31ABE01A-FA44-48A6-B0AB-2893A702E9B8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6E5741AB-4F86-41B5-A203-51A91DD361DE}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{D263C9A9-9D6C-4487-A5B8-56B9869567E9}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{E5190284-FC99-4CA1-BEAE-33DD8B785B77}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{A61000F9-8C39-4FCF-A539-1F5356C29BED}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{2A154F1F-AEDE-4190-974D-55820F5ADE6B}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{FD02CCB9-2D91-43B8-B3DC-A8B1B75F98D0}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{EE2CAC8A-8419-4F84-AF15-E662E968C04D}] => LPort=8298 FirewallRules: [TCP Query User{A9F5BBBA-5E67-4177-9935-3071F6E3329E}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe FirewallRules: [UDP Query User{0FB126CB-1746-4DAD-A3D9-7D71F3C0AD54}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe FirewallRules: [{01AE9375-F4AC-4F14-8232-0E1CD6F0B80B}] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe FirewallRules: [{3A586712-7DBF-4D7A-83E2-A88FDC465D67}] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe FirewallRules: [TCP Query User{7D43E712-1D45-40F5-BB77-7D3DDFEACE9C}C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe FirewallRules: [UDP Query User{50319A32-099D-4A15-803E-67C2712C317B}C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe FirewallRules: [{16A118BE-427E-4EEC-A343-745B706CA249}] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe FirewallRules: [{8B53EED9-0A37-456D-AA78-7C416884F075}] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe FirewallRules: [TCP Query User{83C29B25-FB86-4929-BAA7-917FB0550FBF}C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe] => C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe FirewallRules: [UDP Query User{E0F96008-3D66-43BC-92A8-04C9B9F05CF8}C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe] => C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe FirewallRules: [TCP Query User{37ED1B18-5DEE-426E-A308-D572152939CF}C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe] => C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe FirewallRules: [UDP Query User{6D093600-A053-4DAB-BB06-569EA9A5ED1D}C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe] => C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe FirewallRules: [TCP Query User{FBF78116-6C66-428E-9B4B-679928EB232D}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe FirewallRules: [UDP Query User{E1D99A83-932A-4527-874B-E29D697F8BE7}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe FirewallRules: [TCP Query User{181A6549-C532-4B2E-BE42-12F789C61F28}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe FirewallRules: [UDP Query User{59FBD0F3-1D40-49D0-AC72-475A64C1EEAB}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe FirewallRules: [{84D0D1D9-1FF8-4700-BA75-A26C9F8B7F73}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7891E0E7-B562-4383-AE94-74B7394A6A47}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{594E0781-75FC-4F93-A895-0079F2A4E7A8}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E216FBCF-2878-460A-97B6-2197B1DCFCFA}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B8D9DAE6-174D-45AE-BB8C-B6FC3746A40A}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8396DCA5-DF47-4D97-BA3F-57BC10C65D02}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A20EBB08-E54C-466F-ACA0-1A1AA8EB0137}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E1CD9A8F-A99D-4930-B438-23F0B54AEDEB}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{BA8F2BC8-5984-4878-8993-E1B792E6236E}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe FirewallRules: [{BD618F48-76B8-42A5-B5A0-254D4FD21FCA}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe FirewallRules: [{DEC3FE58-DBC1-42F1-8FEA-317E09D8AA3A}] => C:\Users\Stuart\Ubiquiti UniFi\bin\mongod.exe FirewallRules: [{DC57C0D3-C4E9-4C18-BA3C-FC4DCB2C464A}] => C:\Users\Stuart\Ubiquiti UniFi\bin\mongod.exe FirewallRules: [TCP Query User{A9F29751-C383-47E2-BBDF-9C3C9E837DCB}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [UDP Query User{7CA75C56-82BB-48B7-A8D4-C9161FF3069C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [{44F9C19F-3F1C-4C76-8F5E-F2BA87094C09}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D7E54455-60B1-4FAD-A03E-FA1F124B8ACE}] => C:\Windows\Prey\versions\1.6.4\bin\node.exe ==================== Restore Points ========================= 27-11-2016 15:01:03 Revo Uninstaller Pro's restore point - Blue Iris 4 27-11-2016 15:01:30 Removed Blue Iris 4 29-11-2016 04:14:38 Windows Update 03-12-2016 12:01:21 Windows Update 03-12-2016 18:15:54 Revo Uninstaller Pro's restore point - Microsoft Security Essentials 04-12-2016 12:58:25 Windows Update ==================== Faulty Device Manager Devices ============= Name: Realtek Bluetooth 4.0 Adapter Description: Realtek Bluetooth 4.0 Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Realtek Semiconductor Corp. Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Sadp Driver (SADP_NPF) Description: Sadp Driver (SADP_NPF) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SADP_NPF Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/04/2016 02:41:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1f18 Faulting application start time: 0x01d24e665e55e624 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 9df83d86-ba59-11e6-828e-3464a97bb6dc Error: (12/04/2016 01:05:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1b10 Faulting application start time: 0x01d24e58f88a141d Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 3880f55c-ba4c-11e6-828e-3464a97bb6dc Error: (12/04/2016 12:56:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0xffc Faulting application start time: 0x01d24e57c5ebe764 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 0588e782-ba4b-11e6-b6cc-3464a97bb6dc Error: (12/04/2016 11:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2012 Error: (12/04/2016 11:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2012 Error: (12/04/2016 11:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/04/2016 11:50:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1014 Error: (12/04/2016 11:50:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1014 Error: (12/04/2016 11:50:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/04/2016 11:45:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 999 System errors: ============= Error: (12/04/2016 01:03:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intuit Update Service v4 service failed to start due to the following error: The system cannot find the file specified. Error: (12/04/2016 01:02:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/04/2016 01:01:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Sadp Driver (SADP_NPF) service failed to start due to the following error: The system cannot find the file specified. Error: (12/04/2016 01:01:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intuit Entitlement Service v8 service failed to start due to the following error: The system cannot find the file specified. Error: (12/04/2016 01:01:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Autodesk Desktop App Service service failed to start due to the following error: The system cannot find the file specified. Error: (12/04/2016 10:49:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/04/2016 10:49:06 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Stuart\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (12/04/2016 10:49:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (12/04/2016 10:49:05 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Stuart\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (12/04/2016 10:49:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading CodeIntegrity: =================================== Date: 2015-08-27 13:49:35.447 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.437 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.427 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.138 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.044 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.033 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:34.834 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:34.829 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:34.825 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:34.564 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentage of memory in use: 36% Total physical RAM: 8064.11 MB Available physical RAM: 5127.24 MB Total Virtual: 16126.4 MB Available Virtual: 12660.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:916.28 GB) (Free:792.52 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:12.22 GB) (Free:1.34 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 20A63BC4) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0B) ==================== End of Addition.txt ============================
  10. trauts14
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2016 Ran by Stuart (administrator) on STUART-HP (04-12-2016 14:42:15) Running from C:\Users\Stuart\Desktop Loaded Profiles: Stuart (Available Profiles: Stuart & QBPOSDBSrvUser) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\AvrcpService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe (Node.js) C:\Windows\Prey\versions\1.6.4\bin\node.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Fork, Ltd.) C:\Windows\Prey\versions\1.6.4\node_modules\triggers\bin\lightevt.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\RtkBleServ.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\pia_manager\pia_manager.exe (hxxp://www.ruby-lang.org/) C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\bin\rubyw.exe () C:\Program Files\pia_manager\pia_manager.exe (hxxp://www.ruby-lang.org/) C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\bin\rubyw.exe () C:\Program Files\pia_manager\pia_tray\pia_tray.exe (Microsoft Corporation) C:\Windows\splwow64.exe () C:\Program Files\pia_manager\openvpn.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Stuart\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7574896 2014-04-16] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818288 2014-04-07] (Synaptics Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [419512 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-09-16] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.) HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2014-02-05] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\Run: [Microsoft Host] => C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe [32768 2014-03-20] (Microsoft Corporation) HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\Policies\Explorer: [] HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {314cbd70-782e-11e5-9af7-38b1dbb7d787} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {441913eb-5028-11e5-aae8-3464a97bb6dc} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {66da070c-4fed-11e5-a839-3464a97bb6dc} - H:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {b109f5a9-8c0e-11e4-a51a-38b1dbb7d788} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {f0be3690-a7ff-11e4-a96e-38b1dbb7d788} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) Lsa: [Notification Packages] DPPassFilter scecli ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-09-08] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) GroupPolicy: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{BA6C7892-C1FC-4FCF-9B7C-8F61FDAD5BD0}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{D77F764B-A99E-4F1D-9274-6473BF938A12}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F433712C-6EB1-4AB8-B308-E99810D42066}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1 HKU\S-1-5-21-890830538-3602730652-670256873-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1 BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-02-05] (Hewlett-Packard) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~2\VIDEOC~1\WSBROW~1.DLL => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation) BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation) DPF: HKLM-x32 {DB7ACFA2-9634-4C98-BC9D-FB9416153022} hxxp://192.168.1.115:6020/nvEPLMedia.cab DPF: HKLM-x32 {E19E79EC-F62E-40A0-952D-E49AEC7BEC2F} hxxp://192.168.1.4:6010/control/nvA1Media.cab Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File FireFox: ======== FF ProfilePath: C:\Users\Stuart\AppData\Roaming\KompoZer\Profiles\cy7lg9xc.default [2016-10-20] FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-09-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com => not found FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @samsungtechwin.com/npwViewer -> c:\SamsungTechwin\Ipolis\npwViewer_lib.dll [2014-07-28] (Samsung Techwin) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-28] (DigitalPersona, Inc.) FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [2011-10-28] (DVR) FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-07-11] () Chrome: ======= CHR DefaultProfile: Profile 3 CHR HomePage: Profile 3 -> hxxp://google.com/ CHR StartupUrls: Profile 3 -> "hxxps://www.google.com/" CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default [2016-12-02] CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04] CHR Extension: (Google Cast) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-03-06] CHR Extension: (Abine TACO) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk [2015-02-12] CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-11] CHR Extension: (Pushbullet) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-17] CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22] CHR Extension: (Photo Zoom for Facebook) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-01-01] CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2015-03-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04] CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2015-03-20] CHR Extension: (Google Wallet) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04] CHR Extension: (Robot Theme, inspired by Android™) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj [2015-03-22] CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2014-12-22] CHR Extension: (Send from Gmail (by Google)) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-31] CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04] CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-12-05] CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2 [2015-12-05] CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-17] CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22] CHR Extension: (Google Cast) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-11] CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-15] CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] CHR Extension: (Photo Zoom for Facebook) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-03-22] CHR Extension: (Google Play Music) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-08-14] CHR Extension: (Facebook Friends Mapper) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ikfdhlkcdllmkklmdbhfjkofjmehionn [2015-06-29] CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2015-07-04] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-03-22] CHR Extension: (Send from Gmail (by Google)) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-03-22] CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-04] CHR Extension: (Flash Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-03] CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27] CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Google Play Music) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-11-11] CHR Extension: (FBDown Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2016-05-01] CHR Extension: (Flixster) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-09-04] CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2016-10-22] CHR Extension: (Autodesk Homestyler) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-08-17] CHR Extension: (UglyEmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2016-08-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Fast Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31] CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-08-31] CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-04] CHR Extension: (Chrome Media Router) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29] CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-03-28] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed] R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-10-02] (Fork, Ltd.) [File not signed] R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-03-31] () [File not signed] R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-04-03] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company) R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation) R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-06] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation) S2 AdAppMgrSvc; "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe" [X] S2 Intuit Entitlement Service v8; "C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe" [X] S2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X] S2 QBPOSDBServiceV11; "C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] () R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-27] (Intel Corporation) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-08] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-08-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2014-02-03] (WinMagic Inc.) S3 RtkAvrcp; C:\Windows\system32\drivers\RtkAvrcp.sys [61152 2012-12-28] (Realtek Semiconductor Corporation) S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [552448 2014-04-01] (Realtek Semiconductor Corporation) S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3402968 2014-04-11] (Realtek Semiconductor Corporation ) R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-02-03] (WinMagic Inc.) R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2014-02-03] (WinMagic Inc.) S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-07] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-03-18] (Duplex Secure Ltd.) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1519520 2014-03-13] (Sunplus) S2 SADP_NPF; \??\C:\Windows\SysWOW64\drivers\sadp_npf64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-04 14:42 - 2016-12-04 14:42 - 00030498 _____ C:\Users\Stuart\Desktop\FRST.txt 2016-12-04 14:40 - 2016-12-04 14:40 - 02419200 _____ (Farbar) C:\Users\Stuart\Desktop\FRST64 (1).exe 2016-12-04 13:40 - 2016-12-04 13:40 - 00010466 _____ C:\Users\Stuart\Desktop\Tiny Price Label Template.odt 2016-12-04 07:42 - 2016-12-04 07:42 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-12-03 17:40 - 2016-12-03 17:40 - 03968464 _____ C:\Users\Stuart\Desktop\adwcleaner_6.040.exe 2016-12-03 11:39 - 2016-12-03 11:39 - 00000000 ____D C:\Users\Stuart\Impostazioni locali 2016-12-02 19:51 - 2016-12-04 14:42 - 00000000 ____D C:\FRST 2016-12-02 19:31 - 2016-12-02 19:31 - 00000000 ____D C:\Users\Stuart\AppData\Local\ElevatedDiagnostics 2016-12-02 15:30 - 2016-12-03 17:41 - 00000000 ____D C:\AdwCleaner 2016-12-02 14:27 - 2016-12-02 14:27 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Stuart\Desktop\esetonlinescanner_enu.exe 2016-12-02 08:53 - 2016-12-02 09:19 - 235011967 _____ C:\Users\Stuart\Desktop\Pure.Genius.S01E06.HDTV.x264-KILLERS.mkv 2016-12-02 06:49 - 2016-12-03 12:25 - 00000000 ____D C:\Users\Stuart\AppData\Local\ESET 2016-12-02 06:39 - 2016-12-02 19:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-12-02 06:16 - 2016-12-04 07:44 - 01830176 _____ C:\Windows\ntbtlog.txt 2016-11-24 07:32 - 2016-11-24 08:07 - 1320941244 _____ C:\Users\Stuart\Downloads\Recording01_20161124_030000_3600_5624.raw 2016-11-20 15:17 - 2016-11-20 15:17 - 00000000 ____D C:\Users\Stuart\AppData\LocalLow\Google 2016-11-20 15:17 - 2016-11-20 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2016-11-08 17:43 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-08 17:43 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-11-08 17:43 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-08 17:43 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-11-08 17:43 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-11-08 17:43 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-08 17:43 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-11-08 17:43 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-11-08 17:43 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-11-08 17:43 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-08 17:43 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-08 17:43 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-11-08 17:43 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-11-08 17:43 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-11-08 17:43 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-11-08 17:43 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-11-08 17:43 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-11-08 17:43 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-11-08 17:43 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-11-08 17:43 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-08 17:43 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-11-08 17:43 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-11-08 17:43 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-11-08 17:43 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-11-08 17:43 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-11-08 17:43 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-11-08 17:43 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-11-08 17:43 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-11-08 17:43 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-11-08 17:43 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-11-08 17:43 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-11-08 17:43 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-11-08 17:43 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-11-08 17:43 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-11-08 17:43 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-08 17:43 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-08 17:43 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-11-08 17:43 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-08 17:43 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-11-08 17:43 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-08 17:43 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-08 17:43 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-11-08 17:43 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-11-08 17:43 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-11-08 17:43 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-11-08 17:43 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-11-08 17:43 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-11-08 17:43 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-08 17:43 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-11-08 17:43 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-11-08 17:43 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-11-08 17:43 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-11-08 17:43 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-11-08 17:43 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-11-08 17:43 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-11-08 17:43 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-11-08 17:43 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-11-08 17:43 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-11-08 17:43 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-11-08 17:43 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-11-08 17:43 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-11-08 17:43 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-11-08 17:43 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-11-08 17:43 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-11-08 17:43 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-11-08 17:43 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-11-08 17:43 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-11-08 17:43 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-11-08 17:43 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-11-08 17:43 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-11-08 17:43 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-11-08 17:43 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-11-08 17:43 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-11-08 17:43 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-11-08 17:43 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-11-08 17:43 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-11-08 17:43 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-11-08 17:43 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-08 17:43 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-11-08 17:43 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-11-08 17:43 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-11-08 17:43 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-11-08 17:43 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2016-11-08 17:43 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-08 17:43 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-11-08 17:43 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-08 17:43 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME 2016-11-08 17:43 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-08 17:43 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2016-11-08 17:43 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-08 17:43 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime 2016-11-08 17:43 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-08 17:43 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-08 17:43 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-11-08 17:43 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-11-08 17:43 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-11-08 17:43 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-11-08 17:43 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-11-08 17:43 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-11-08 17:43 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-11-08 17:43 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-11-08 17:43 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-11-08 17:43 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-11-08 17:43 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-11-08 17:43 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-11-08 17:43 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-11-08 17:43 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-11-08 17:43 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-11-08 17:43 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-11-08 17:43 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-11-08 17:43 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-11-08 17:43 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-11-08 17:43 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-11-08 17:43 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-11-08 17:43 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-11-08 17:43 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-11-08 17:43 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-11-08 17:43 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-11-08 17:43 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-11-08 17:43 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-11-08 17:43 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-11-08 17:43 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-11-08 17:43 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-08 17:43 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2016-11-08 17:43 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-11-08 17:43 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-11-08 17:43 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-08 17:43 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-11-08 17:43 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-04 14:41 - 2015-01-22 15:21 - 00000000 ____D C:\Users\Stuart\AppData\Local\CrashDumps 2016-12-04 14:07 - 2014-12-22 19:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-12-04 13:50 - 2014-12-22 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-04 13:09 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-04 13:09 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-04 13:06 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-04 13:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-12-04 13:01 - 2015-08-12 15:46 - 00000000 ____D C:\Windows\Prey 2016-12-04 13:01 - 2014-12-22 19:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-12-04 13:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-04 12:37 - 2014-12-22 19:18 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1635E4DC-7E0A-46A3-B13B-1CE0E703D475} 2016-12-04 12:04 - 2014-12-26 08:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-12-04 12:04 - 2014-12-22 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-12-04 10:49 - 2015-07-04 15:22 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-12-04 07:42 - 2016-08-02 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-12-04 07:42 - 2016-08-02 16:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-12-03 18:54 - 2014-12-24 14:23 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\vlc 2016-12-03 18:16 - 2014-05-21 21:32 - 00001945 _____ C:\Windows\epplauncher.mif 2016-12-03 11:39 - 2014-12-22 19:17 - 00000000 ____D C:\Users\Stuart 2016-12-02 14:24 - 2015-07-04 15:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-02 09:47 - 2016-10-29 15:33 - 00000000 ____D C:\Users\Stuart\Ubiquiti UniFi 2016-12-01 08:49 - 2015-11-17 18:24 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForStuart 2016-12-01 08:49 - 2015-11-17 18:24 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForStuart.job 2016-11-27 15:01 - 2014-05-21 21:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-11-22 17:30 - 2014-09-08 04:42 - 00000000 ____D C:\ProgramData\Realtek 2016-11-20 15:17 - 2014-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Google 2016-11-15 17:35 - 2014-12-22 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-11-15 17:35 - 2014-12-22 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-11-14 19:09 - 2014-12-22 19:29 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-09 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2016-11-09 03:24 - 2009-07-13 23:45 - 00445960 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-09 03:06 - 2014-12-26 09:20 - 00000000 ____D C:\Windows\system32\MRT 2016-11-09 03:01 - 2014-12-26 09:20 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-08 18:50 - 2014-12-22 19:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-08 18:50 - 2014-12-22 19:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-08 18:50 - 2014-12-22 19:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-11-08 18:50 - 2014-12-22 19:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-11-08 18:50 - 2014-12-22 19:28 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-07 06:26 - 2009-07-14 00:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2016-05-26 15:14 - 2016-05-26 15:36 - 112407166 _____ () C:\Program Files (x86)\20958.mp4 2015-01-23 16:38 - 2011-04-22 19:28 - 636745237 _____ () C:\Program Files (x86)\AWESOME VIDEO.mov 2015-01-23 16:37 - 2006-06-24 05:58 - 298684218 _____ () C:\Program Files (x86)\Barbara, Jackie and Michelle.wmv 2015-01-23 16:37 - 2009-06-01 16:41 - 1451862066 _____ () C:\Program Files (x86)\Butterfly.avi 2015-02-19 14:25 - 2015-02-19 15:56 - 1535461525 _____ () C:\Program Files (x86)\good sexart movie.mp4 2015-09-09 15:54 - 2015-08-24 12:53 - 1514845509 _____ () C:\Program Files (x86)\hhh.mp4 2015-08-24 12:44 - 2015-08-24 12:53 - 1514845509 _____ () C:\Program Files (x86)\Kari.A.And.Linda.Sweet.Chef.mp4 2015-04-29 14:13 - 2015-04-27 07:22 - 177655867 _____ () C:\Program Files (x86)\Lesbea good vid.mp4 2015-04-05 08:23 - 2015-04-05 08:17 - 1046962468 _____ () C:\Program Files (x86)\lesbea ivy & shelly, how it should be.mp4 2015-03-26 16:18 - 2015-03-26 16:22 - 172932634 _____ () C:\Program Files (x86)\lesbea1.mp4 2015-03-25 17:10 - 2015-02-15 09:34 - 1017039995 _____ () C:\Program Files (x86)\lesbea8.mov 2015-01-23 16:38 - 2006-04-27 13:25 - 420732928 _____ () C:\Program Files (x86)\lesbian clip.avi 2015-04-12 16:26 - 2015-04-12 10:42 - 282471328 _____ () C:\Program Files (x86)\metart brunette on brunette.mp4 2015-07-15 16:00 - 2015-07-15 17:14 - 1596521696 _____ () C:\Program Files (x86)\Tracy.Lindsay.And.Anabelle.Linger.mp4 2015-01-23 16:38 - 2005-11-27 08:56 - 366952448 _____ () C:\Program Files (x86)\Viv Thomas - All About Eve - Scn 01 - Sandra Shine.avi 2015-02-02 08:50 - 2015-02-02 08:56 - 198956092 _____ () C:\Program Files (x86)\viv thomas.mp4 2015-02-13 17:06 - 2015-02-13 17:21 - 839529679 _____ () C:\Program Files (x86)\www.0xxx.in_VivThomas.15.02.13.Kari.A.And.Tracy.Smile.Lady.Scene.3.Marquise.XXX.1080p.MP4-KTR.mp4 2015-08-02 18:51 - 2015-08-02 20:39 - 1655945770 _____ () C:\Program Files (x86)\www.0xxx.in_VivThomas.15.07.31.Erica.Fontes.And.Talia.Mint.Proclivity.mp4 2015-01-23 16:37 - 2006-04-27 13:24 - 442327040 _____ () C:\Program Files (x86)\_Peaches_&_Eve.avi 2014-03-20 06:53 - 2014-03-20 06:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll 2014-12-31 18:18 - 2014-12-31 18:18 - 7907217 _____ (Aimersoft Software ) C:\Users\Stuart\AppData\Roaming\dvdcopy_setup.exe 2016-03-27 07:53 - 2016-03-27 08:46 - 0099384 _____ () C:\Users\Stuart\AppData\Roaming\inst.exe 2016-03-27 07:53 - 2016-03-27 08:46 - 0007859 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.cat 2016-03-27 07:53 - 2016-03-27 08:46 - 0001167 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.inf 2016-03-27 07:53 - 2016-03-27 08:46 - 0000055 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.log 2016-03-27 07:53 - 2016-03-27 08:46 - 0082816 _____ (VSO Software) C:\Users\Stuart\AppData\Roaming\pcouffin.sys 2014-12-22 19:17 - 2016-12-04 13:24 - 10916389 _____ () C:\Users\Stuart\AppData\Local\BTServer.log 2014-09-08 04:29 - 2014-09-08 04:31 - 8905842 _____ () C:\ProgramData\hpcsmmsilogs.log 2014-09-08 04:53 - 2014-09-08 04:54 - 1278098 _____ () C:\ProgramData\hpdam_install_log.txt 2014-09-08 04:53 - 2014-09-08 04:53 - 0543736 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt 2016-04-27 17:41 - 2016-04-27 17:45 - 0000306 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2012-11-01 15:07 - 2012-11-01 15:07 - 0002507 _____ () C:\ProgramData\regid.1983-04.com.intuit,IFS,POS_E1171703-BD05-428F-99A1-7FE2FC879DE2.swidtag Some files in TEMP: ==================== C:\Users\Stuart\AppData\Local\Temp\AcDeltree.exe C:\Users\Stuart\AppData\Local\Temp\AdAppMgrUpdater.exe C:\Users\Stuart\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\Stuart\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\Stuart\AppData\Local\Temp\snappy-1.0.5-snappyjava.dll C:\Users\Stuart\AppData\Local\Temp\vlc-2.2.4-win32.exe C:\Users\Stuart\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-24 11:11 ==================== End of FRST.txt ============================
  11. trauts14
    Malwarebytes will not open. I have it installed and can attempt to open it, but the program refuses to open. I was having potential malware problems as well, but I not not sure if this is a related issue.
  12. trauts14
    I forgot to mention, when computer boots it will not let me do anything.
  13. trauts14
    malware prevents me from accessing internet unless im in safe mode. malwarebytes detects nothing. chameleon will not fully scan. log below: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2016 Ran by Stuart (administrator) on STUART-HP (02-12-2016 19:51:18) Running from C:\Users\Stuart\Desktop Loaded Profiles: Stuart (Available Profiles: Stuart & QBPOSDBSrvUser) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7574896 2014-04-16] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818288 2014-04-07] (Synaptics Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [419512 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-09-16] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.) HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2014-02-05] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\Run: [Microsoft Host] => C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe [32768 2014-03-20] (Microsoft Corporation) HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\Policies\Explorer: [] HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {314cbd70-782e-11e5-9af7-38b1dbb7d787} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {441913eb-5028-11e5-aae8-3464a97bb6dc} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {66da070c-4fed-11e5-a839-3464a97bb6dc} - H:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {b109f5a9-8c0e-11e4-a51a-38b1dbb7d788} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {f0be3690-a7ff-11e4-a96e-38b1dbb7d788} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-890830538-3602730652-670256873-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) Lsa: [Notification Packages] DPPassFilter scecli ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-09-08] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) GroupPolicy: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BA6C7892-C1FC-4FCF-9B7C-8F61FDAD5BD0}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{D77F764B-A99E-4F1D-9274-6473BF938A12}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F433712C-6EB1-4AB8-B308-E99810D42066}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1 HKU\S-1-5-21-890830538-3602730652-670256873-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1 BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-02-05] (Hewlett-Packard) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~2\VIDEOC~1\WSBROW~1.DLL => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation) BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation) DPF: HKLM-x32 {DB7ACFA2-9634-4C98-BC9D-FB9416153022} hxxp://192.168.1.115:6020/nvEPLMedia.cab DPF: HKLM-x32 {E19E79EC-F62E-40A0-952D-E49AEC7BEC2F} hxxp://192.168.1.4:6010/control/nvA1Media.cab Handler-x32: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll [2012-11-01] (Intuit Inc.) Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File FireFox: ======== FF ProfilePath: C:\Users\Stuart\AppData\Roaming\KompoZer\Profiles\cy7lg9xc.default [2016-10-20] FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-09-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com => not found FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @samsungtechwin.com/npwViewer -> c:\SamsungTechwin\Ipolis\npwViewer_lib.dll [2014-07-28] (Samsung Techwin) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-28] (DigitalPersona, Inc.) FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [2011-10-28] (DVR) FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-07-11] () Chrome: ======= CHR DefaultProfile: Profile 3 CHR HomePage: Profile 3 -> hxxp://google.com/ CHR StartupUrls: Profile 3 -> "hxxps://www.google.com/" CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default [2016-12-02] CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04] CHR Extension: (Google Cast) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-03-06] CHR Extension: (Abine TACO) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk [2015-02-12] CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-11] CHR Extension: (Pushbullet) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-17] CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22] CHR Extension: (Photo Zoom for Facebook) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-01-01] CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2015-03-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04] CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2015-03-20] CHR Extension: (Google Wallet) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04] CHR Extension: (Robot Theme, inspired by Android™) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj [2015-03-22] CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2014-12-22] CHR Extension: (Send from Gmail (by Google)) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-31] CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04] CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-12-05] CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2 [2015-12-05] CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-17] CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22] CHR Extension: (Google Cast) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-11] CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-15] CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] CHR Extension: (Photo Zoom for Facebook) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-03-22] CHR Extension: (Google Play Music) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-08-14] CHR Extension: (Facebook Friends Mapper) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ikfdhlkcdllmkklmdbhfjkofjmehionn [2015-06-29] CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2015-07-04] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-03-22] CHR Extension: (Send from Gmail (by Google)) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-03-22] CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-02] CHR Extension: (Flash Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-01] CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27] CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Google Play Music) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-11-11] CHR Extension: (FBDown Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2016-05-01] CHR Extension: (Flixster) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-09-04] CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2016-10-22] CHR Extension: (Autodesk Homestyler) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-08-17] CHR Extension: (UglyEmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2016-08-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Fast Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31] CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-08-31] CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-04] CHR Extension: (Chrome Media Router) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29] CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-03-28] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed] S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed] S2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-10-02] (Fork, Ltd.) [File not signed] S2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-03-31] () [File not signed] S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-04-03] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company) S2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation) S2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation) S2 Intuit Entitlement Service v8; C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [24680 2011-12-23] (Intuit, Inc.) S2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-06] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S2 QBPOSDBServiceV11; C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe [3140744 2012-11-01] (Intuit Inc.) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) S2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed] S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation) S2 AdAppMgrSvc; "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company) S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] () R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-27] (Intel Corporation) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-08] () S3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-08-07] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2014-02-03] (WinMagic Inc.) S3 RtkAvrcp; C:\Windows\system32\drivers\RtkAvrcp.sys [61152 2012-12-28] (Realtek Semiconductor Corporation) S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [552448 2014-04-01] (Realtek Semiconductor Corporation) S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3402968 2014-04-11] (Realtek Semiconductor Corporation ) R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-02-03] (WinMagic Inc.) R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2014-02-03] (WinMagic Inc.) S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-07] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-03-18] (Duplex Secure Ltd.) S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1519520 2014-03-13] (Sunplus) S2 SADP_NPF; \??\C:\Windows\SysWOW64\drivers\sadp_npf64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-02 19:51 - 2016-12-02 19:51 - 00025742 _____ C:\Users\Stuart\Desktop\FRST.txt 2016-12-02 19:51 - 2016-12-02 19:51 - 00000000 ____D C:\FRST 2016-12-02 19:50 - 2016-12-02 19:51 - 02411520 _____ (Farbar) C:\Users\Stuart\Desktop\FRST64.exe 2016-12-02 19:31 - 2016-12-02 19:31 - 00000000 ____D C:\Users\Stuart\AppData\Local\ElevatedDiagnostics 2016-12-02 15:30 - 2016-12-02 15:33 - 00000000 ____D C:\AdwCleaner 2016-12-02 15:29 - 2016-12-02 15:29 - 03910208 _____ C:\Users\Stuart\Desktop\AdwCleaner.exe 2016-12-02 15:25 - 2016-12-02 19:10 - 00002872 _____ C:\Users\Stuart\Desktop\Rkill.txt 2016-12-02 14:27 - 2016-12-02 14:27 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Stuart\Desktop\esetonlinescanner_enu.exe 2016-12-02 08:53 - 2016-12-02 09:19 - 235011967 _____ C:\Users\Stuart\Desktop\Pure.Genius.S01E06.HDTV.x264-KILLERS.mkv 2016-12-02 06:49 - 2016-12-02 16:49 - 00000000 ____D C:\Users\Stuart\AppData\Local\ESET 2016-12-02 06:39 - 2016-12-02 19:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-12-02 06:16 - 2016-12-02 19:43 - 01169654 _____ C:\Windows\ntbtlog.txt 2016-11-24 07:32 - 2016-11-24 08:07 - 1320941244 _____ C:\Users\Stuart\Downloads\Recording01_20161124_030000_3600_5624.raw 2016-11-20 15:17 - 2016-11-20 15:17 - 00000000 ____D C:\Users\Stuart\AppData\LocalLow\Google 2016-11-20 15:17 - 2016-11-20 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2016-11-08 17:43 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-08 17:43 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-11-08 17:43 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-08 17:43 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-11-08 17:43 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-11-08 17:43 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-08 17:43 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-11-08 17:43 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-11-08 17:43 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-11-08 17:43 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-08 17:43 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-08 17:43 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-11-08 17:43 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-11-08 17:43 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-11-08 17:43 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-11-08 17:43 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-11-08 17:43 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-11-08 17:43 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-11-08 17:43 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-11-08 17:43 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-08 17:43 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-11-08 17:43 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-11-08 17:43 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-11-08 17:43 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-11-08 17:43 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-11-08 17:43 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-11-08 17:43 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-11-08 17:43 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-11-08 17:43 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-11-08 17:43 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-11-08 17:43 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-11-08 17:43 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-11-08 17:43 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-11-08 17:43 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-11-08 17:43 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-08 17:43 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-08 17:43 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-11-08 17:43 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-08 17:43 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-11-08 17:43 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-08 17:43 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-08 17:43 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-11-08 17:43 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-11-08 17:43 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-11-08 17:43 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-11-08 17:43 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-11-08 17:43 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-11-08 17:43 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-08 17:43 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-11-08 17:43 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-11-08 17:43 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-11-08 17:43 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-11-08 17:43 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-11-08 17:43 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-11-08 17:43 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-11-08 17:43 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-11-08 17:43 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-11-08 17:43 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-11-08 17:43 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-11-08 17:43 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-11-08 17:43 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-11-08 17:43 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-11-08 17:43 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-11-08 17:43 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-11-08 17:43 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-11-08 17:43 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-11-08 17:43 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-11-08 17:43 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-11-08 17:43 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-11-08 17:43 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-11-08 17:43 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-11-08 17:43 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-11-08 17:43 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-11-08 17:43 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-11-08 17:43 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-11-08 17:43 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-11-08 17:43 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-11-08 17:43 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-08 17:43 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-11-08 17:43 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-11-08 17:43 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-11-08 17:43 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-11-08 17:43 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2016-11-08 17:43 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-08 17:43 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-11-08 17:43 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-08 17:43 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2016-11-08 17:43 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME 2016-11-08 17:43 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-08 17:43 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2016-11-08 17:43 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-08 17:43 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime 2016-11-08 17:43 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime 2016-11-08 17:43 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-08 17:43 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-08 17:43 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-11-08 17:43 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-11-08 17:43 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-11-08 17:43 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-11-08 17:43 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-11-08 17:43 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-11-08 17:43 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-11-08 17:43 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-11-08 17:43 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-11-08 17:43 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-11-08 17:43 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-11-08 17:43 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-11-08 17:43 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-11-08 17:43 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-11-08 17:43 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-11-08 17:43 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-11-08 17:43 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-11-08 17:43 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-11-08 17:43 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-11-08 17:43 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-11-08 17:43 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-11-08 17:43 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-11-08 17:43 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-11-08 17:43 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-11-08 17:43 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-11-08 17:43 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-11-08 17:43 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-11-08 17:43 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-11-08 17:43 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-11-08 17:43 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-11-08 17:43 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-11-08 17:43 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-11-08 17:43 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-08 17:43 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2016-11-08 17:43 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-11-08 17:43 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-11-08 17:43 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-08 17:43 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-11-08 17:43 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-05 20:18 - 2016-11-06 04:25 - 895116800 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103132254_20161103132635.avi 2016-11-05 20:18 - 2016-11-06 04:22 - 2070645248 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103131432_20161103132254.avi 2016-11-05 20:18 - 2016-11-06 04:15 - 2071195136 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103131231_20161103131432.avi 2016-11-05 20:18 - 2016-11-06 04:12 - 2079110656 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103131011_20161103131231.avi 2016-11-05 20:18 - 2016-11-06 04:09 - 2047384064 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103130714_20161103131011.avi 2016-11-05 20:18 - 2016-11-06 04:06 - 2066130944 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103130545_20161103130714.avi 2016-11-05 20:18 - 2016-11-06 04:04 - 2048870912 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103130253_20161103130545.avi 2016-11-05 20:18 - 2016-11-06 04:01 - 2048315392 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103130038_20161103130253.avi 2016-11-05 20:18 - 2016-11-06 03:58 - 2076597248 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103125631_20161103130038.avi 2016-11-05 20:18 - 2016-11-06 03:54 - 2059469824 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103125320_20161103125631.avi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-02 19:38 - 2015-08-12 15:46 - 00000000 ____D C:\Windows\Prey 2016-12-02 19:36 - 2014-12-22 19:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-12-02 19:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-02 19:29 - 2015-01-22 15:21 - 00000000 ____D C:\Users\Stuart\AppData\Local\CrashDumps 2016-12-02 19:28 - 2015-07-04 15:22 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-12-02 19:09 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-02 19:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-12-02 15:09 - 2014-12-22 19:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-12-02 14:50 - 2014-12-22 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-02 14:31 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-02 14:31 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-02 14:24 - 2015-07-04 15:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-02 09:47 - 2016-10-29 15:33 - 00000000 ____D C:\Users\Stuart\Ubiquiti UniFi 2016-12-02 06:04 - 2014-12-26 08:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-12-02 01:03 - 2014-12-22 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-12-01 19:11 - 2014-12-22 19:18 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1635E4DC-7E0A-46A3-B13B-1CE0E703D475} 2016-12-01 14:56 - 2014-12-24 14:23 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\vlc 2016-12-01 08:49 - 2015-11-17 18:24 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForStuart 2016-12-01 08:49 - 2015-11-17 18:24 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForStuart.job 2016-11-27 15:01 - 2014-05-21 21:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-11-22 17:30 - 2014-09-08 04:42 - 00000000 ____D C:\ProgramData\Realtek 2016-11-20 15:17 - 2014-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Google 2016-11-15 17:35 - 2014-12-22 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-11-15 17:35 - 2014-12-22 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-11-14 19:09 - 2014-12-22 19:29 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-09 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2016-11-09 03:24 - 2009-07-13 23:45 - 00445960 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-09 03:06 - 2014-12-26 09:20 - 00000000 ____D C:\Windows\system32\MRT 2016-11-09 03:01 - 2014-12-26 09:20 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-08 18:50 - 2014-12-22 19:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-08 18:50 - 2014-12-22 19:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-08 18:50 - 2014-12-22 19:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-11-08 18:50 - 2014-12-22 19:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-11-08 18:50 - 2014-12-22 19:28 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-07 06:26 - 2009-07-14 00:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2016-05-26 15:14 - 2016-05-26 15:36 - 112407166 _____ () C:\Program Files (x86)\20958.mp4 2015-01-23 16:38 - 2011-04-22 19:28 - 636745237 _____ () C:\Program Files (x86)\AWESOME VIDEO.mov 2015-01-23 16:37 - 2006-06-24 05:58 - 298684218 _____ () C:\Program Files (x86)\Barbara, Jackie and Michelle.wmv 2015-01-23 16:37 - 2009-06-01 16:41 - 1451862066 _____ () C:\Program Files (x86)\Butterfly.avi 2015-02-19 14:25 - 2015-02-19 15:56 - 1535461525 _____ () C:\Program Files (x86)\good sexart movie.mp4 2015-09-09 15:54 - 2015-08-24 12:53 - 1514845509 _____ () C:\Program Files (x86)\hhh.mp4 2015-08-24 12:44 - 2015-08-24 12:53 - 1514845509 _____ () C:\Program Files (x86)\Kari.A.And.Linda.Sweet.Chef.mp4 2015-04-29 14:13 - 2015-04-27 07:22 - 177655867 _____ () C:\Program Files (x86)\Lesbea good vid.mp4 2015-04-05 08:23 - 2015-04-05 08:17 - 1046962468 _____ () C:\Program Files (x86)\lesbea ivy & shelly, how it should be.mp4 2015-03-26 16:18 - 2015-03-26 16:22 - 172932634 _____ () C:\Program Files (x86)\lesbea1.mp4 2015-03-25 17:10 - 2015-02-15 09:34 - 1017039995 _____ () C:\Program Files (x86)\lesbea8.mov 2015-01-23 16:38 - 2006-04-27 13:25 - 420732928 _____ () C:\Program Files (x86)\lesbian clip.avi 2015-04-12 16:26 - 2015-04-12 10:42 - 282471328 _____ () C:\Program Files (x86)\metart brunette on brunette.mp4 2015-07-15 16:00 - 2015-07-15 17:14 - 1596521696 _____ () C:\Program Files (x86)\Tracy.Lindsay.And.Anabelle.Linger.mp4 2015-01-23 16:38 - 2005-11-27 08:56 - 366952448 _____ () C:\Program Files (x86)\Viv Thomas - All About Eve - Scn 01 - Sandra Shine.avi 2015-02-02 08:50 - 2015-02-02 08:56 - 198956092 _____ () C:\Program Files (x86)\viv thomas.mp4 2015-02-13 17:06 - 2015-02-13 17:21 - 839529679 _____ () C:\Program Files (x86)\www.0xxx.in_VivThomas.15.02.13.Kari.A.And.Tracy.Smile.Lady.Scene.3.Marquise.XXX.1080p.MP4-KTR.mp4 2015-08-02 18:51 - 2015-08-02 20:39 - 1655945770 _____ () C:\Program Files (x86)\www.0xxx.in_VivThomas.15.07.31.Erica.Fontes.And.Talia.Mint.Proclivity.mp4 2015-01-23 16:37 - 2006-04-27 13:24 - 442327040 _____ () C:\Program Files (x86)\_Peaches_&_Eve.avi 2014-03-20 06:53 - 2014-03-20 06:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll 2014-12-31 18:18 - 2014-12-31 18:18 - 7907217 _____ (Aimersoft Software ) C:\Users\Stuart\AppData\Roaming\dvdcopy_setup.exe 2016-03-27 07:53 - 2016-03-27 08:46 - 0099384 _____ () C:\Users\Stuart\AppData\Roaming\inst.exe 2016-03-27 07:53 - 2016-03-27 08:46 - 0007859 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.cat 2016-03-27 07:53 - 2016-03-27 08:46 - 0001167 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.inf 2016-03-27 07:53 - 2016-03-27 08:46 - 0000055 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.log 2016-03-27 07:53 - 2016-03-27 08:46 - 0082816 _____ (VSO Software) C:\Users\Stuart\AppData\Roaming\pcouffin.sys 2014-12-22 19:17 - 2016-12-02 19:37 - 10885652 _____ () C:\Users\Stuart\AppData\Local\BTServer.log 2014-09-08 04:29 - 2014-09-08 04:31 - 8905842 _____ () C:\ProgramData\hpcsmmsilogs.log 2014-09-08 04:53 - 2014-09-08 04:54 - 1278098 _____ () C:\ProgramData\hpdam_install_log.txt 2014-09-08 04:53 - 2014-09-08 04:53 - 0543736 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt 2016-04-27 17:41 - 2016-04-27 17:45 - 0000306 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2012-11-01 15:07 - 2012-11-01 15:07 - 0002507 _____ () C:\ProgramData\regid.1983-04.com.intuit,IFS,POS_E1171703-BD05-428F-99A1-7FE2FC879DE2.swidtag Some files in TEMP: ==================== C:\Users\Stuart\AppData\Local\Temp\AcDeltree.exe C:\Users\Stuart\AppData\Local\Temp\AdAppMgrUpdater.exe C:\Users\Stuart\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\Stuart\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\Stuart\AppData\Local\Temp\libeay32.dll C:\Users\Stuart\AppData\Local\Temp\msvcr120.dll C:\Users\Stuart\AppData\Local\Temp\snappy-1.0.5-snappyjava.dll C:\Users\Stuart\AppData\Local\Temp\sqlite3.dll C:\Users\Stuart\AppData\Local\Temp\vlc-2.2.4-win32.exe C:\Users\Stuart\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-24 11:11 ==================== End of FRST.txt ============================ ---------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016 Ran by Stuart (02-12-2016 19:52:17) Running from C:\Users\Stuart\Desktop Windows 7 Professional Service Pack 1 (X64) (2014-12-23 00:17:01) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-890830538-3602730652-670256873-500 - Administrator - Disabled) Guest (S-1-5-21-890830538-3602730652-670256873-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-890830538-3602730652-670256873-1003 - Limited - Enabled) QBPOSDBSrvUser (S-1-5-21-890830538-3602730652-670256873-1004 - Limited - Enabled) => C:\Users\QBPOSDBSrvUser Stuart (S-1-5-21-890830538-3602730652-670256873-1002 - Administrator - Enabled) => C:\Users\Stuart ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated) AnyMP4 Video Converter Platinum 6.1.50 (HKLM-x32\...\{3E48324E-4843-4818-834D-C5219B51248E}_is1) (Version: 6.1.50 - AnyMP4 Studio) Ashampoo Burning Studio 15 v.15.0.2 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG) AutoCAD LT 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brackets (HKLM-x32\...\{0DA290D2-0583-4967-9EC0-93C1F603DD13}) (Version: 1.6 - brackets.io) calibre (HKLM-x32\...\{D28D6EE4-3319-49B7-BEE5-1D5B2AC3FF30}) (Version: 2.30.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3920 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4513 - CyberLink Corp.) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse) Foxit PhantomPDF (HKLM-x32\...\{5F3E0897-97AA-4FC2-A0A9-130A39D0FDFB}) (Version: 6.0.16.324 - Foxit Corporation) GiliSoft Video Editor 7.0.0 (HKLM-x32\...\{3908B421-EF03-4389-A38C-DBAF6252E312}_is1) (Version: 7.0.0 - GiliSoft International LLC.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hallmark Card Studio 2015 Bonus Pack (HKLM-x32\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home) Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home) HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company) HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.4.1811 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company) HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{53AE55F3-8E99-4776-A347-06222894ECD3}) (Version: 1.1.0.0 - Hewlett-Packard) HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.7.27 - Hewlett-Packard Company) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company) HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.41 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{88D3964A-59BE-412B-B61F-6EF5FBB33707}) (Version: 6.0.12.1 - Hewlett-Packard Company) HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP SoftPaq Download Manager (HKLM-x32\...\{34FF930E-DBF9-4858-BAB5-BAC957BF616E}) (Version: 3.5.1.0 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) HP System Default Settings (HKLM-x32\...\{B5BEF5F8-BD76-4174-A47D-05A06EA62615}) (Version: 2.7.1 - Hewlett-Packard Company) HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company) ImTOO DVD Creator (HKLM-x32\...\ImTOO DVD Creator) (Version: 7.1.3.20130709 - ImTOO) inSSIDer 4 (HKLM-x32\...\{23A7D3D7-D312-4549-B349-2226AF6C6A83}) (Version: 4.1.0.60 - MetaGeek, LLC) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{978B5476-EAF9-4EB0-AD34-92689249A016}) (Version: 4.2.41.2499 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Movie DVD Copy 1.4.3 (HKLM-x32\...\Movie DVD Copy_is1) (Version: - movie-dvd-copy.com) Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich) NetDvrPlugin 1.0 (HKLM-x32\...\NetDvrPlugin) (Version: 1.0 - ) NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PeaZip 5.5.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani) Prey Anti-Theft (x32 Version: 1.6.3 - Prey, Inc.) Hidden Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) QuickBooks Point of Sale 2013 (HKLM-x32\...\{2F6FE8E0-A61C-4C2D-A601-F5731D8F7EF0}) (Version: 22.3.1029 - Intuit Inc.) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.7 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.83.328.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7225 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.) Revo Uninstaller Pro 3.1.2 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.1.2 - VS Revo Group, Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Setup (HKLM-x32\...\{FB2CA23A-3F6F-4E94-8A92-3DBA61A7092D}) (Version: 1.0.35 - Microsoft) Skitch (HKLM-x32\...\Skitch 2.3.2.173) (Version: 2.3.2.173 - Evernote Corp.) Slingplayer for Web Installer (x32 Version: 1.2.7.358 - Sling Media) Hidden SlingplayerForWeb (HKLM-x32\...\{62a74667-8e59-4fbc-9417-ad041a630066}) (Version: 1.2.7.358 - Sling Media) Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation) Snagit 12 (x32 Version: 12.2.2 - TechSmith Corporation) Hidden STWWebViewer for Windows 1.0.150 (HKLM-x32\...\STWWebViewer for Windows) (Version: 1.0.150 - Samsung Techwin) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.8.1 - Synaptics Incorporated) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer) Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - ) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-890830538-3602730652-670256873-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1E937FC4-A260-4030-9950-FB095745776E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {28AF43EA-62E6-4A8E-9DA2-804BCE20515F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated) Task: {349B7FFD-6FB1-41FC-B88C-3D7EADB57B0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe Task: {57F486EB-42E0-4B8D-BFB4-591EF149FEC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {72112010-607E-48A6-A255-F24B0E481275} - System32\Tasks\HPCeeScheduleForStuart => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {84ABFAEB-8797-4597-9A90-C8B3D65D9AFC} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-12-22] () Task: {8743F999-5A58-46C3-A043-BAE004C8D486} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation) Task: {AAFA4149-531B-4022-9C37-A2F310DE84D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {EB0D11B1-47E6-4D1A-A520-258AB3909B4B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForStuart.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" ==================== Loaded Modules (Whitelisted) ============== 2014-12-08 05:10 - 2014-12-08 05:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-02-05 13:56 - 2014-02-05 13:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll 2016-03-28 13:07 - 2016-03-28 13:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-12-02 06:44 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2016-12-02 06:44 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:264B2CC4 [121] AlternateDataStreams: C:\ProgramData\Temp:C05ABBB5 [250] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" e" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-890830538-3602730652-670256873-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gNjZHC.vbs => C:\Windows\pss\gNjZHC.vbs.Startup MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro.lnk => C:\Windows\pss\OptimizerPro.lnk.Startup MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SlingplayerForWebShortcut.lnk => C:\Windows\pss\SlingplayerForWebShortcut.lnk.Startup MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe MSCONFIG\startupreg: HP Camera Driver_Monitor => "C:\Program Files (x86)\HP Camera Driver\monitor.exe" MSCONFIG\startupreg: Skitch => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [{2A59FA7A-482C-47D9-A70B-9FA741B788DF}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{12911CC8-2F25-4DFB-BD49-D4135325B5E2}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{34C41F39-93DD-42A8-A11D-2A2C3547EEE4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{31ABE01A-FA44-48A6-B0AB-2893A702E9B8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6E5741AB-4F86-41B5-A203-51A91DD361DE}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{D263C9A9-9D6C-4487-A5B8-56B9869567E9}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{E5190284-FC99-4CA1-BEAE-33DD8B785B77}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{A61000F9-8C39-4FCF-A539-1F5356C29BED}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{2A154F1F-AEDE-4190-974D-55820F5ADE6B}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{FD02CCB9-2D91-43B8-B3DC-A8B1B75F98D0}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{EE2CAC8A-8419-4F84-AF15-E662E968C04D}] => LPort=8298 FirewallRules: [TCP Query User{A9F5BBBA-5E67-4177-9935-3071F6E3329E}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe FirewallRules: [UDP Query User{0FB126CB-1746-4DAD-A3D9-7D71F3C0AD54}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe FirewallRules: [{01AE9375-F4AC-4F14-8232-0E1CD6F0B80B}] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe FirewallRules: [{3A586712-7DBF-4D7A-83E2-A88FDC465D67}] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe FirewallRules: [TCP Query User{7D43E712-1D45-40F5-BB77-7D3DDFEACE9C}C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe FirewallRules: [UDP Query User{50319A32-099D-4A15-803E-67C2712C317B}C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe FirewallRules: [{16A118BE-427E-4EEC-A343-745B706CA249}] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe FirewallRules: [{8B53EED9-0A37-456D-AA78-7C416884F075}] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe FirewallRules: [TCP Query User{83C29B25-FB86-4929-BAA7-917FB0550FBF}C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe] => C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe FirewallRules: [UDP Query User{E0F96008-3D66-43BC-92A8-04C9B9F05CF8}C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe] => C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe FirewallRules: [TCP Query User{37ED1B18-5DEE-426E-A308-D572152939CF}C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe] => C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe FirewallRules: [UDP Query User{6D093600-A053-4DAB-BB06-569EA9A5ED1D}C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe] => C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe FirewallRules: [TCP Query User{FBF78116-6C66-428E-9B4B-679928EB232D}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe FirewallRules: [UDP Query User{E1D99A83-932A-4527-874B-E29D697F8BE7}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe FirewallRules: [TCP Query User{181A6549-C532-4B2E-BE42-12F789C61F28}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe FirewallRules: [UDP Query User{59FBD0F3-1D40-49D0-AC72-475A64C1EEAB}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe FirewallRules: [{84D0D1D9-1FF8-4700-BA75-A26C9F8B7F73}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7891E0E7-B562-4383-AE94-74B7394A6A47}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{594E0781-75FC-4F93-A895-0079F2A4E7A8}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E216FBCF-2878-460A-97B6-2197B1DCFCFA}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B8D9DAE6-174D-45AE-BB8C-B6FC3746A40A}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8396DCA5-DF47-4D97-BA3F-57BC10C65D02}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A20EBB08-E54C-466F-ACA0-1A1AA8EB0137}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E1CD9A8F-A99D-4930-B438-23F0B54AEDEB}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{BA8F2BC8-5984-4878-8993-E1B792E6236E}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe FirewallRules: [{BD618F48-76B8-42A5-B5A0-254D4FD21FCA}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe FirewallRules: [{DEC3FE58-DBC1-42F1-8FEA-317E09D8AA3A}] => C:\Users\Stuart\Ubiquiti UniFi\bin\mongod.exe FirewallRules: [{DC57C0D3-C4E9-4C18-BA3C-FC4DCB2C464A}] => C:\Users\Stuart\Ubiquiti UniFi\bin\mongod.exe FirewallRules: [TCP Query User{A9F29751-C383-47E2-BBDF-9C3C9E837DCB}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [UDP Query User{7CA75C56-82BB-48B7-A8D4-C9161FF3069C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [{44F9C19F-3F1C-4C76-8F5E-F2BA87094C09}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D7E54455-60B1-4FAD-A03E-FA1F124B8ACE}] => C:\Windows\Prey\versions\1.6.4\bin\node.exe ==================== Restore Points ========================= 25-11-2016 13:39:11 Windows Update 27-11-2016 15:01:03 Revo Uninstaller Pro's restore point - Blue Iris 4 27-11-2016 15:01:30 Removed Blue Iris 4 29-11-2016 04:14:38 Windows Update ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Realtek Bluetooth 4.0 Adapter Description: Realtek Bluetooth 4.0 Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Realtek Semiconductor Corp. Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: sptd Description: sptd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: sptd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/02/2016 07:37:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Intuit.Spc.Map.EntitlementClient.Server.Service.exe, version: 8.0.7.0, time stamp: 0x4ef5015f Faulting module name: KERNELBASE.dll, version: 6.1.7601.23569, time stamp: 0x57f7bc1f Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0xc1c Faulting application start time: 0x01d24cfd66a3ac8b Faulting application path: C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: b4ace22b-b8f0-11e6-b373-3464a97bb6dc Error: (12/02/2016 07:37:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Intuit.Spc.Map.EntitlementClient.Server.Service.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Intuit.Spc.Map.Features.EntitlementClient.Server.Service.EntitlementService.OnStartWorker() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (12/02/2016 07:29:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x49c Faulting application start time: 0x01d24cfc39d29def Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 81c1417c-b8ef-11e6-be86-3464a97bb6dc Error: (12/02/2016 07:28:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x7a4 Faulting application start time: 0x01d24cfc12be3ae3 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 5aae3e04-b8ef-11e6-be86-3464a97bb6dc Error: (12/02/2016 07:26:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x778 Faulting application start time: 0x01d24cfbd900a743 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 20eb2c10-b8ef-11e6-be86-3464a97bb6dc Error: (12/02/2016 07:25:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x440 Faulting application start time: 0x01d24cfba7e8568b Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: efd4b01f-b8ee-11e6-be86-3464a97bb6dc Error: (12/02/2016 07:23:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x5fc Faulting application start time: 0x01d24cfb60e66b20 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: a8d0c8dd-b8ee-11e6-be86-3464a97bb6dc Error: (12/02/2016 07:21:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1c0 Faulting application start time: 0x01d24cfb3931f52b Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 81268c3e-b8ee-11e6-be86-3464a97bb6dc Error: (12/02/2016 07:20:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x560 Faulting application start time: 0x01d24cfb100fe01c Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 57fc60c0-b8ee-11e6-be86-3464a97bb6dc Error: (12/02/2016 07:19:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x524 Faulting application start time: 0x01d24cfae8325dbd Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 30301cb2-b8ee-11e6-be86-3464a97bb6dc System errors: ============= Error: (12/02/2016 07:51:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:51:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:51:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:51:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:51:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:51:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:46:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:46:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:46:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (12/02/2016 07:45:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. CodeIntegrity: =================================== Date: 2015-08-27 13:49:35.447 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.437 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.427 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.138 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.044 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:35.033 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:34.834 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:34.829 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:34.825 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-27 13:49:34.564 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentage of memory in use: 16% Total physical RAM: 8064.11 MB Available physical RAM: 6702.15 MB Total Virtual: 16126.4 MB Available Virtual: 14554.19 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:916.28 GB) (Free:788.53 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:12.22 GB) (Free:1.34 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 20A63BC4) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0B) ==================== End of Addition.txt ============================
  14. trauts14
    I am attempting to remove the Backup My PC and whatever else I may have. The DDS and Malwarebytes logs are below. Malwarebytes Log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.01.31.05 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421lak0914 :: LAK0914-PC [administrator] 1/31/2014 9:09:10 AMmbam-log-2014-01-31 (09-09-10).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 225761Time elapsed: 11 minute(s), 20 second(s) Memory Processes Detected: 3C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> 7312 -> Delete on reboot.C:\Program Files (x86)\Lizardlink\updateLizardlink.exe (PUP.Optional.Lizardlink.A) -> 7352 -> Delete on reboot.C:\Program Files (x86)\Lizardlink\bin\utilLizardlink.exe (PUP.Optional.Lizardlink.A) -> 10660 -> Delete on reboot. Memory Modules Detected: 1C:\Program Files (x86)\Lizardlink\bin\Lizardlink.BrowserFilter.Helper.dll (PUP.Optional.Lizardlink.A) -> Delete on reboot. Registry Keys Detected: 43HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\CLSID\{24F3378A-5B52-491F-AD90-88D583C42C77} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\TypeLib\{A09B0156-EFCE-46B4-9118-BC270EA654C1} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\CLSID\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Speed Analysis 3.ScriptHostObject.1 (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Speed Analysis 3.ScriptHostObject (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Speed Analysis 3.Tool.1 (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Speed Analysis 3.Tool (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.HKCR\CLSID\{58B849FB-ECBE-4F1B-BEE0-2DC418CF68F7} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\TypeLib\{15998F3C-BBA9-476D-8FC2-09BE9E3B8751} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Speed Analysis 3.Navbar.1 (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Speed Analysis 3.Navbar (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\CLSID\{976CD962-E0CA-4337-AEA7-D93FAE63A79C} (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.HKCR\CLSID\{7BE9DC96-CD5F-474C-983F-8B8164343A99} (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.HKCR\Toolbar.CT3279412 (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7BE9DC96-CD5F-474C-983F-8B8164343A99} (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{976CD962-E0CA-4337-AEA7-D93FAE63A79C} (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{976CD962-E0CA-4337-AEA7-D93FAE63A79C} (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.HKCR\CLSID\{ACE0D5AB-50C8-4052-BD02-977569E56291} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\TypeLib\{0771C34F-730F-4535-AD4C-37B74D27188E} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Speed Analysis 3.BackgroundHostObject.1 (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Speed Analysis 3.BackgroundHostObject (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Typelib\{D88E0FD9-31EB-48EF-BC89-35EBCE0E813C} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKCR\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1 (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Analysis 3 (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\Update Lizardlink (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\Util Lizardlink (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.HKCU\Software\Lizardlink (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Lizardlink (PUP.Optional.LizardLink.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Google\Chrome\Extensions\mbmpjbkgemhgalmeiigcdljkccfcafoj (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.HKLM\Software\appbario13 (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3279412 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. Registry Values Detected: 6HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{976CD962-E0CA-4337-AEA7-D93FAE63A79C} (PUP.Optional.AppBario.A) -> Data: -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{976CD962-E0CA-4337-AEA7-D93FAE63A79C} (PUP.Optional.AppBario.A) -> Data: appbario13 Toolbar -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{976CD962-E0CA-4337-AEA7-D93FAE63A79C} (PUP.Optional.AppBario.A) -> Data: -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{976cd962-e0ca-4337-aea7-d93fae63a79c} (PUP.Optional.AppBario.A) -> Data: -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{976cd962-e0ca-4337-aea7-d93fae63a79c} (PUP.Optional.AppBario.A) -> Data: -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{976cd962-e0ca-4337-aea7-d93fae63a79c} (PUP.Optional.AppBario.A) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 2HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3279412&octid=CT3279412&SearchSource=61&CUI=UN26372459973279361&UM=2&UP=SP3256BD14-008A-4A3B-A1C3-386135CFCF55&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 43C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3 (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\mz (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink (PUP.Optional.Lizardlink.A) -> Delete on reboot.C:\Program Files (x86)\Lizardlink\bin (PUP.Optional.Lizardlink.A) -> Delete on reboot.C:\Program Files (x86)\Lizardlink\bin\plugins (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\SpeedAnalysis3 (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\chrome (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\components (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\META-INF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\searchplugin (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\ProgramData\Conduit\IE\CT3279412 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13 (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully. Files Detected: 288C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\ScriptHost.dll (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\ButtonSite.dll (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\prxtbappb.dll (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\BackgroundHost.exe (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\AddonsFramework.Typelib.dll (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\nseC1AC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\nsj7638.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\nsjD0A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\nsp20FB.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\nsz6EE8.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\nsz8883.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\Сodec Performer803975.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\AU\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsg9895.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsh3529.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nshC862.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nshD57A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsj6419.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsjAD88.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsjB1CC.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsl53D7.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsnDBB4.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nss80B8.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsw5416.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nswC600.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsx7C93.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsxD7AE.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Windows\Temp\nsy6428.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Downloads\CodecPerformerSetup.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Conduit\CT3279412\appbario13AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Local Settings\Temporary Internet Files\Content.IE5\0XZ1HLQ2\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Local Settings\Temporary Internet Files\Content.IE5\0XZ1HLQ2\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Local Settings\Temporary Internet Files\Content.IE5\476CUOX4\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Local Settings\Temporary Internet Files\Content.IE5\476CUOX4\Setup[1].exe (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Local Settings\Temporary Internet Files\Content.IE5\476CUOX4\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Local Settings\Temporary Internet Files\Content.IE5\4LU753R9\appbario13[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Local Settings\Temporary Internet Files\Content.IE5\4LU753R9\appbario13[2].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\Local Settings\Temporary Internet Files\Content.IE5\OCGYZLO0\appbario13_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\rcpupdate.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\eng_rcp.dat (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\ExcludeList.rcp (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\log_01-23-2014.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\log_01-25-2014.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\log_01-26-2014.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\log_01-29-2014.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\log_01-31-2014.log (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\results.rcp (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\PerformerSoft\PC Performer\TempHLList.rcp (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\xmllite.dll (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Chinese_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\CleanSchedule.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Danish_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Dutch_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\eng_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Finnish_rcp_fi.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\French_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\German_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\greek_rcp_el.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\install_left_image.bmp (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\isxdl.dll (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Italian_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Japanese_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\korean_rcp_ko.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Norwegian_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\PCPerformer.dll (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\PCPerformer.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\polish_rcp_pl.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\portugese_rcp_pt.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Portuguese_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\russian_rcp_ru.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Spanish_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\Swedish_rcp.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\turkish_rcp_tr.ini (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\unins000.dat (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\unins000.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\PC Performer\unins000.msg (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Windows\Tasks\PC Performer_DEFAULT.job (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Windows\Tasks\PC Performer_UPDATES.job (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\background.html (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\AddonsFramework.Typelib64.dll (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\BackgroundHost64.exe (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\bg.js (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\ButtonSite64.dll (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\config.xml (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\content.js (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon128.ico (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon128.png (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon16.ico (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon16.png (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon18.ico (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon18.png (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon24.ico (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon24.png (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon32.ico (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon32.png (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon48.ico (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon48.png (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon64.ico (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\icon64.png (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\jquery-1.9.1.min.js (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\json2.min.js (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\options.htm (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\ScriptHost64.dll (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\uninst.exe (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\uninstall.exe (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\updater.js (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\updaterWrapper.js (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\mz\background.js (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Speed Analysis 3\mz\content.js (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\Lizardlink.ico (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\LizardlinkUninstall.exe (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\sqlite3.exe (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\updateLizardlink.exe (PUP.Optional.Lizardlink.A) -> Delete on reboot.C:\Program Files (x86)\Lizardlink\updateLizardlink.InstallState (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\bin\Lizardlink.BrowserFilter.Helper.dll (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\bin\Lizardlink.BrowserFilter.Helper.dll.old.cb9c390a-5ff5-4435-a5a9-e52ef072d889 (PUP.Optional.Lizardlink.A) -> Delete on reboot.C:\Program Files (x86)\Lizardlink\bin\LizardlinkBrowserFilter.exe (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\bin\sqlite3.dll (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\bin\utilLizardlink.exe (PUP.Optional.Lizardlink.A) -> Delete on reboot.C:\Program Files (x86)\Lizardlink\bin\utilLizardlink.InstallState (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\bin\plugins\Lizardlink.BrowserFilter.dll (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\bin\plugins\Lizardlink.FFUpdate.dll (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\bin\plugins\Lizardlink.GCUpdate.dll (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\Lizardlink\bin\plugins\Lizardlink.IEUpdate.dll (PUP.Optional.Lizardlink.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\SpeedAnalysis3\speedanalysis03.crx (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\SpeedAnalysis3\install_helper.exe (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_1391007033162 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389830121099 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391007027684 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391007030030 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391176824913 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391176825262 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll_1391007033183 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll_1391007033223 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\chrome.manifest (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\chrome\vshare.tv_bar.jar (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\components\ConduitAutoCompleteSearch.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\components\ConduitAutoCompleteSearch.xpt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\components\RadioWMPCore.xpt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko19.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko5.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko6.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\alertSettingsComponent.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\appContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\engineContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\engineSettings.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\fbAlert.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\getAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\postAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\toolbarContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\defaults\unsharedAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\META-INF\manifest.mf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\META-INF\zigbert.rsa (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\META-INF\zigbert.sf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\Chat.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\DataStructures.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\EBEncryption.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\ExternalLibraryLoader.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\HTTP.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\IO.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\Log.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\MainSingleton.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\MD5.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\Notifications.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\ObserversAndEvents.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\Prefs.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\SearchProtector.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\SearchSuggestIO.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\String.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\TEAEncryption.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\Timer.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\Twitter.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\URL.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\Windows.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\modules\XML.jsm (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct2818425\searchplugin\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\CT3279412.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\CT3279412.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\lak0914\AppData\Local\Temp\ct3279412\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\ProgramData\Conduit\IE\CT3279412\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\ProgramData\Conduit\IE\CT3279412\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\ProgramData\Conduit\IE\CT3279412\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\appbario13ToolbarHelper.exe (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\GottenAppsContextMenu.xml (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\hk64tbappb.dll (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\hktbappb.dll (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\ldrtbappb.dll (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\OtherAppsContextMenu.xml (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\SharedAppsContextMenu.xml (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\tbappb.dll (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\toolbar.cfg (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\appbario13\ToolbarContextMenu.xml (PUP.Optional.AppBario.A) -> Quarantined and deleted successfully. (end)
  15. trauts14
    i guess that is all for now, I thank you for your help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.