Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer being directed to unwanted ads all the time

Started by tinrunner , Apr 25 2016 10:26 PM

This topic is locked

#1
tinrunner

Posted 25 April 2016 - 10:26 PM

Member

Member
16 posts

Computer being redirected to unwanted ads all the time.

McAfee and Webroot Secure scanners used. Also took computer to local computer repair place - but they could not fix it by running their virus scanners.

Thanks,

Robert

********************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Robert (administrator) on COMPUTER (25-04-2016 23:32:38)
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert (Available Profiles: knapp_000 & rober & Robert)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2016-03-29] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2016-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-04-20] (Webroot)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\knapp_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-04-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{4872bf78-5179-4708-82d8-a8083b85151f}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{99bd0181-01b9-4792-b0d9-f96f7ccd9b57}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{d4247036-fc5e-4735-a8ec-3c9b34c60537}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{d4247036-fc5e-4735-a8ec-3c9b34c60537}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {012034B4-6FD0-4BC5-B827-33AD18B56125} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0ByE0AyB0A0B0FyD0B0E0EtN0D0Tzu0StCyEyByBtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEyEyByEzzzzyCtBtGyDzy0CyCtG0E0A0CzytGyDtD0BtCtG0FtCyByDtD0F0A0Azz0FyE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FzytDzyyD0BtDtGyCtByDtCtGyEtB0FtBtGzz0B0FzztGyByB0D0ByEzztDzztAzzzz0E2QtN0A0LzuyE%26cr%3D89528775%26a%3Dwbf_mdaffmarmar_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0ByE0AyB0A0B0FyD0B0E0EtN0D0Tzu0StCyEzzyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0CyCyE0AyBtD0CtGyEtB0CtCtG0FtDzy0FtGtByDyBtCtG0B0E0C0BtAyB0Fzy0Ezy0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyBtDzz0D0EyC0AtGtC0D0ByCtGyEtD0FyCtG0Azy0FtCtGzzyDtB0B0EyEyBtCtDtAtC0F2QtN0A0LzuyE%26cr%3D1753751548%26a%3Dwbf_mdaffmarmar_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {772A566A-EA97-48C1-9B89-CC702009959F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {772A566A-EA97-48C1-9B89-CC702009959F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-03-27] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-04-15] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-03-27] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-04-15] (Webroot)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-03-27] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-03-27] (Webroot)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-21] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-04-22] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US400D20160313&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-12]
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-22]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-22]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-22]
CHR Extension: (Google Sheets) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-12]
CHR Extension: (SiteAdvisor) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-22]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-04-22]
CHR Extension: (Webroot Password Manager) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2016-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-25]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2016-03-29] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-04-20] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-08-28] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-03-27] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [54512 2016-04-15] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 23:32 - 2016-04-25 23:33 - 00031704 _____ C:\Users\Robert\Downloads\FRST.txt
2016-04-25 23:30 - 2016-04-25 23:31 - 02376192 _____ (Farbar) C:\Users\Robert\Downloads\FRST64 (1).exe
2016-04-25 23:18 - 2016-04-25 23:32 - 00000000 ____D C:\FRST
2016-04-25 23:18 - 2016-04-25 23:18 - 02376192 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2016-04-25 12:42 - 2016-04-25 12:42 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-25 10:33 - 2016-04-25 20:20 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-20 12:22 - 2016-04-25 12:22 - 00003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRobert
2016-04-20 12:22 - 2016-04-25 12:22 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRobert.job
2016-04-20 12:15 - 2016-04-20 12:22 - 00000000 ____D C:\Users\Robert\AppData\Local\Hewlett-Packard
2016-04-19 18:38 - 2016-04-19 18:38 - 00000000 ____D C:\ProgramData\Intel Security
2016-04-19 18:36 - 2016-04-19 18:36 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-04-17 11:38 - 2016-04-25 10:33 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-04-14 18:14 - 2016-04-14 18:14 - 02673664 _____ C:\Users\Robert\Downloads\MssUninstaller (1).exe
2016-04-14 18:13 - 2016-04-14 18:13 - 02673664 _____ C:\Users\Robert\Downloads\MssUninstaller.exe
2016-04-14 18:09 - 2016-04-14 18:09 - 00000363 _____ C:\Users\Robert\Desktop\Control Panel - Shortcut.lnk
2016-04-12 20:00 - 2016-04-25 16:16 - 00544466 _____ C:\WINDOWS\ntbtlog.txt
2016-04-12 19:55 - 2016-04-12 19:55 - 00000000 _____ C:\Recovery.txt
2016-04-12 19:54 - 2016-04-12 19:55 - 00000000 ___HD C:\$SysReset
2016-04-12 19:54 - 2016-04-12 19:54 - 00111288 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR501.SYS.bak
2016-04-12 19:52 - 2016-04-12 20:14 - 00000000 ____D C:\Users\Robert\AppData\Local\NPE
2016-04-12 19:42 - 2016-04-12 19:42 - 00000000 ____D C:\Users\Robert\AppData\Local\NetworkTiles
2016-04-12 19:30 - 2016-04-16 11:01 - 00000000 ____D C:\Users\Robert\Documents\Robert
2016-04-12 19:30 - 2016-04-12 19:30 - 00000000 ____D C:\Users\Robert\Documents\Medtech Services Inc
2016-04-12 19:30 - 2016-03-16 20:54 - 03088296 _____ (Symantec Corporation) C:\Users\Robert\Desktop\NPE(2).exe
2016-04-12 19:30 - 2016-01-21 23:50 - 00001983 _____ C:\Users\Robert\Desktop\Microsoft Office Word 2007.lnk
2016-04-12 19:18 - 2016-03-27 13:42 - 00873072 _____ (Webroot) C:\Users\Robert\Downloads\wsainstall.exe
2016-04-12 19:18 - 2016-03-16 21:44 - 03088296 _____ (Symantec Corporation) C:\Users\Robert\Downloads\NPE.exe
2016-04-12 19:18 - 2016-03-13 15:54 - 08204776 _____ (McAfee, Inc.) C:\Users\Robert\Downloads\McAfeeSetup-AutoLogin.exe
2016-04-12 19:18 - 2016-03-06 09:35 - 00000003 _____ C:\Users\Robert\Downloads\2.txt
2016-04-12 19:18 - 2016-03-06 09:35 - 00000003 _____ C:\Users\Robert\Downloads\1.txt
2016-04-12 19:18 - 2016-03-03 23:04 - 00075619 _____ C:\Users\Robert\Downloads\Attachments_201633.zip
2016-04-12 19:18 - 2016-03-03 23:04 - 00075619 _____ C:\Users\Robert\Downloads\Attachments_201633 (2).zip
2016-04-12 19:18 - 2016-03-03 23:04 - 00075619 _____ C:\Users\Robert\Downloads\Attachments_201633 (1).zip
2016-04-12 19:18 - 2016-03-01 11:55 - 00987728 _____ (Google Inc.) C:\Users\Robert\Downloads\GoogleEarthProSetup.exe
2016-04-12 19:18 - 2016-02-08 19:37 - 23052120 _____ C:\Users\Robert\Downloads\JavaPlugin.msi
2016-04-12 19:18 - 2016-02-07 18:27 - 03743970 _____ C:\Users\Robert\Downloads\2016Oasisbrochure.pdf
2016-04-12 19:18 - 2016-02-06 10:37 - 00101318 _____ C:\Users\Robert\Downloads\AnnualStatement.pdf
2016-04-12 19:18 - 2016-02-06 10:34 - 00100430 _____ C:\Users\Robert\Downloads\1098B.pdf
2016-04-12 19:18 - 2016-01-17 13:36 - 00927824 _____ (Google Inc.) C:\Users\Robert\Downloads\ChromeSetup.exe
2016-04-12 18:54 - 2016-04-12 18:54 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Macromedia
2016-04-12 18:44 - 2016-04-12 18:44 - 08886976 _____ (Microsoft Corporation) C:\Users\Robert\Downloads\OneDriveSetup.exe
2016-04-12 18:43 - 2016-04-13 18:55 - 00000000 ____D C:\Users\Robert\AppData\Local\MicrosoftEdge
2016-04-12 17:47 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 17:47 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 17:47 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 17:47 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 17:47 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 17:47 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 17:47 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 17:47 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 17:47 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 17:47 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 17:47 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 17:47 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 17:47 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 17:47 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 17:47 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 17:47 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 17:47 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 17:47 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 17:47 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 17:47 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 17:47 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 17:47 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 17:47 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 17:46 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 17:46 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 17:46 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 17:46 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 17:46 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 17:46 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 17:46 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 17:46 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 17:46 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 17:46 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 17:46 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 17:46 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 17:46 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 17:46 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 17:46 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 17:46 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 17:46 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 17:46 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 17:46 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 17:46 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 17:46 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 17:46 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 17:46 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 17:46 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 17:46 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 17:46 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 17:45 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 17:45 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 17:45 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 17:45 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 17:45 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 17:45 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 17:45 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 17:45 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 17:45 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 17:45 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 17:45 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 17:45 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 17:45 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 17:45 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 17:45 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 17:45 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 17:45 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 17:45 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 17:45 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 17:45 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 17:45 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 17:45 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 17:45 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 17:45 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 17:45 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 17:45 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 17:45 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 17:45 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 17:45 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 17:45 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 17:45 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 17:45 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 17:45 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 17:45 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 17:45 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 17:45 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 17:45 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 17:45 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 17:45 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 17:45 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 17:45 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 17:45 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 17:45 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 17:45 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 17:45 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 17:45 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 17:45 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 17:45 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 17:45 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 17:45 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 17:45 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 17:45 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 17:45 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 17:45 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 17:45 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 17:45 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 17:45 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 17:45 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 17:45 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 17:45 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 17:45 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 17:45 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 17:45 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 17:45 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 17:45 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 17:45 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 17:45 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 17:45 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 17:45 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 17:45 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 17:45 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 17:45 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 17:45 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 17:45 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 17:45 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 17:45 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 17:45 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 17:45 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 17:45 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 17:45 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 17:45 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 17:45 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 17:45 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 17:45 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 17:45 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 17:45 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 17:45 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 17:44 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 17:44 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 17:44 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 17:44 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 17:44 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 17:44 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 17:44 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 17:44 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 17:44 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 17:44 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 17:44 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 17:44 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 17:44 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 17:44 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 17:44 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 17:44 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 17:44 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 17:44 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 17:44 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 17:44 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 17:44 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 17:44 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 17:44 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 17:44 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 17:44 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 17:44 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 17:44 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 17:44 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 17:44 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 17:44 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 17:44 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 17:44 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 17:44 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 17:44 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 17:44 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 17:44 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 17:44 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 17:44 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 17:44 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 17:44 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 17:44 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 17:44 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 17:44 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 17:44 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 17:44 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 17:44 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 17:44 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 17:44 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 17:44 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 17:44 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 17:44 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 17:44 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 17:44 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 17:44 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 17:44 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 17:44 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 17:44 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 17:44 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 17:44 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 17:44 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 17:44 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 17:44 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 17:44 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 17:44 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 17:44 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 17:44 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 17:44 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 17:44 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 17:44 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 17:44 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 17:44 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 17:44 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 17:44 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 17:44 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 17:44 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 17:44 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 17:44 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 17:44 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 17:44 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 17:44 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 17:44 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 17:44 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 17:44 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 17:44 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 17:44 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 17:44 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 17:44 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 17:44 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 17:44 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 17:44 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 17:44 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 17:44 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 17:44 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 17:44 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 17:44 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 17:44 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 17:44 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 17:44 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 17:44 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 17:44 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 17:44 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 17:44 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 17:44 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 17:44 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 17:44 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 17:44 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 17:44 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 17:44 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 17:44 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 17:44 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 17:44 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 17:44 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 17:44 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 17:44 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 17:44 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 17:44 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 17:43 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 17:43 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 17:43 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 17:43 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 17:43 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 17:43 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 17:43 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 17:43 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 17:43 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 17:43 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 17:43 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 17:43 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 17:43 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 17:43 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 17:43 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 17:43 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 17:43 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 17:43 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 17:43 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 17:43 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 17:43 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 17:43 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 17:43 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 17:43 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 17:43 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 17:43 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 17:43 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 17:43 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 17:43 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 17:43 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 17:43 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 17:43 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 17:43 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 17:19 - 2016-04-12 17:19 - 00000000 ____D C:\Users\Robert\AppData\Local\Comms
2016-04-12 16:51 - 2016-04-12 19:15 - 00000000 ___RD C:\Users\Robert\OneDrive
2016-04-12 16:51 - 2016-04-12 18:44 - 00002412 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-12 16:49 - 2016-04-25 16:20 - 00000000 ____D C:\Users\Robert\Documents\Youcam
2016-04-12 16:49 - 2016-04-12 16:49 - 00000000 ____D C:\Users\Robert\AppData\Local\CyberLink
2016-04-12 16:48 - 2016-04-12 16:48 - 00000000 ____D C:\Users\Robert\AppData\Local\Publishers
2016-04-12 16:48 - 2016-04-12 16:48 - 00000000 ____D C:\Users\Robert\AppData\Local\ActiveSync
2016-04-12 16:46 - 2016-04-25 16:19 - 00000000 __SHD C:\Users\Robert\IntelGraphicsProfiles
2016-04-12 16:46 - 2016-04-22 14:14 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
2016-04-12 16:46 - 2016-04-12 18:43 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2016-04-12 16:46 - 2016-04-12 17:03 - 00000000 ____D C:\Users\Robert
2016-04-12 16:46 - 2016-04-12 16:50 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Hewlett-Packard
2016-04-12 16:46 - 2016-04-12 16:46 - 00000020 ___SH C:\Users\Robert\ntuser.ini
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 _SHDL C:\Users\Robert\My Documents
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 _SHDL C:\Users\Robert\Documents\My Videos
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 _SHDL C:\Users\Robert\Documents\My Pictures
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 _SHDL C:\Users\Robert\Documents\My Music
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Synaptics
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Adobe
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 ____D C:\Users\Robert\AppData\Local\VirtualStore
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 ____D C:\Users\Robert\AppData\Local\TileDataLayer
2016-04-12 16:46 - 2016-04-12 16:46 - 00000000 ____D C:\Users\Robert\AppData\Local\Power2Go8
2016-04-12 16:46 - 2016-03-29 09:23 - 00000000 ____D C:\Users\Robert\AppData\Roaming\hpqLog
2016-04-12 16:46 - 2016-01-06 21:20 - 00000000 ____D C:\Users\Robert\Documents\hp.system.package.metadata
2016-04-12 16:46 - 2016-01-06 21:20 - 00000000 ____D C:\Users\Robert\Documents\hp.applications.package.appdata
2016-04-12 16:46 - 2016-01-06 21:20 - 00000000 ____D C:\Users\Robert\AppData\Local\Microsoft Help
2016-04-12 16:40 - 2016-04-12 16:40 - 00000000 ____D C:\Users\knapp_000\AppData\Local\CrashDumps
2016-04-12 15:48 - 2016-04-12 15:48 - 00000000 ____D C:\Users\rober\Desktop\Robert
2016-04-12 15:48 - 2016-04-12 15:48 - 00000000 ____D C:\Users\rober\Desktop\Getinge
2016-04-12 15:48 - 2015-08-05 00:12 - 00000237 _____ C:\Users\rober\Desktop\Google (13).url
2016-04-12 15:48 - 2015-05-26 18:59 - 00000171 _____ C:\Users\rober\Desktop\Yahoo.url
2016-04-12 15:48 - 2015-01-29 21:44 - 00910843 _____ C:\Users\rober\Desktop\EF0B9993-463C-4245-B83A-CB73F1973922.pdf
2016-04-12 13:43 - 2016-04-12 13:43 - 00000000 __SHD C:\found.000
2016-03-29 09:43 - 2016-03-29 09:41 - 72113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-03-29 09:43 - 2016-03-29 09:41 - 38975207 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-03-29 09:43 - 2016-03-29 09:41 - 02931416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 02918104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 02702552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-03-29 09:43 - 2016-03-29 09:41 - 01748696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 01576976 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 01413776 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 01310936 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 01104040 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00943784 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00734376 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00454288 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00369296 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00329360 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00250536 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-03-29 09:43 - 2016-03-29 09:41 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-03-29 09:24 - 2016-04-25 21:59 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForrober.job
2016-03-29 09:24 - 2016-03-29 10:00 - 00003238 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForrober
2016-03-29 09:23 - 2016-03-29 09:23 - 00000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2016-03-29 09:23 - 2016-03-29 09:23 - 00000000 ____D C:\Users\Default\AppData\Roaming\Hewlett-Packard
2016-03-29 09:23 - 2016-03-29 09:23 - 00000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2016-03-29 09:23 - 2016-03-29 09:23 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Hewlett-Packard
2016-03-28 07:58 - 2016-04-25 16:17 - 00000795 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2016-03-27 14:43 - 2016-03-27 14:43 - 00000000 ____D C:\Identity
2016-03-27 13:45 - 2016-03-27 13:46 - 00000000 ____D C:\Users\rober\AppData\Local\CrashDumps
2016-03-27 13:44 - 2016-04-12 20:23 - 00000000 ____D C:\Users\rober\AppData\LocalLow\LastPass
2016-03-27 13:44 - 2016-03-27 13:44 - 00000000 ____D C:\Users\rober\AppData\Local\lptmp
2016-03-27 13:43 - 2016-04-20 12:15 - 00000000 ____D C:\ProgramData\WRData
2016-03-27 13:43 - 2016-04-20 00:15 - 00181688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-03-27 13:43 - 2016-04-20 00:15 - 00117304 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-03-27 13:43 - 2016-04-15 08:16 - 00054512 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2016-03-27 13:43 - 2016-04-12 20:21 - 00000000 ____D C:\Program Files\Webroot
2016-03-27 13:43 - 2016-03-27 13:43 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2016-03-27 13:43 - 2016-03-27 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-03-27 13:43 - 2016-03-27 13:43 - 00000000 ____D C:\Program Files\Common Files\Webroot
2016-03-27 13:41 - 2016-03-27 13:42 - 00873072 _____ (Webroot) C:\Users\rober\Downloads\wsainstall.exe
2016-03-27 08:09 - 2016-03-27 08:13 - 00000000 ____D C:\Users\rober\AppData\LocalLow\uTorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 21:47 - 2016-01-17 13:36 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 16:23 - 2016-01-06 21:12 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-25 16:23 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-25 16:19 - 2016-01-17 13:36 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-25 16:17 - 2016-01-06 21:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-25 16:17 - 2014-05-17 18:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-25 16:16 - 2015-10-30 02:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-04-25 10:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-21 17:26 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-19 18:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-19 18:50 - 2016-01-06 21:12 - 00000000 ____D C:\Users\knapp_000
2016-04-19 18:42 - 2014-05-17 18:53 - 00000000 ____D C:\ProgramData\McAfee
2016-04-19 18:41 - 2016-03-13 15:55 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-19 18:39 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-19 18:38 - 2016-03-13 16:41 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-04-19 18:38 - 2016-03-13 16:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-04-19 18:35 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-19 18:26 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-19 18:25 - 2015-08-19 10:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-17 10:40 - 2014-08-04 15:52 - 00000000 ____D C:\Users\knapp_000\Documents\Youcam
2016-04-17 10:38 - 2016-01-06 22:45 - 00000000 __SHD C:\Users\knapp_000\IntelGraphicsProfiles
2016-04-17 10:38 - 2014-08-04 15:50 - 00000000 ____D C:\Users\knapp_000\AppData\Local\Packages
2016-04-17 10:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-12 20:24 - 2013-11-09 15:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-04-12 20:23 - 2016-03-18 12:26 - 00000000 ____D C:\Users\rober\AppData\Roaming\uTorrent
2016-04-12 20:23 - 2016-03-06 09:38 - 00000000 ____D C:\Users\rober\AppData\Roaming\InstantSupport
2016-04-12 20:23 - 2016-03-06 09:37 - 00000000 ____D C:\Users\rober\AppData\Roaming\PCAcceleratePro
2016-04-12 20:23 - 2016-01-17 12:50 - 00000000 ____D C:\Users\rober\AppData\Local\TileDataLayer
2016-04-12 20:21 - 2016-01-17 12:53 - 00000000 ____D C:\Users\rober\AppData\Local\CyberLink
2016-04-12 20:21 - 2016-01-17 12:50 - 00000000 ____D C:\Users\rober\AppData\Local\Microsoft Help
2016-04-12 20:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-04-12 20:04 - 2016-03-01 11:56 - 00000000 ____D C:\Users\rober\AppData\LocalLow\Google
2016-04-12 20:04 - 2016-01-17 12:50 - 00000000 ____D C:\Users\rober\AppData\Local\Packages
2016-04-12 20:03 - 2016-03-16 20:56 - 00000000 ____D C:\NPE
2016-04-12 20:00 - 2016-01-06 21:01 - 00361184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-12 19:58 - 2016-01-20 11:39 - 00000000 ____D C:\Users\rober\AppData\Local\Hewlett-Packard
2016-04-12 19:58 - 2016-01-17 13:36 - 00000000 ____D C:\Users\rober\AppData\Local\Google
2016-04-12 19:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-12 19:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-12 19:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-12 19:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-12 17:55 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 17:53 - 2014-08-08 07:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 17:48 - 2014-08-08 07:43 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 17:45 - 2016-01-17 13:39 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 17:45 - 2016-01-17 13:39 - 00002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-12 16:46 - 2014-08-04 22:41 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-12 16:33 - 2016-01-17 12:54 - 00000000 ___RD C:\Users\rober\OneDrive
2016-04-12 16:27 - 2016-01-17 12:50 - 00000000 __SHD C:\Users\rober\IntelGraphicsProfiles
2016-04-12 16:27 - 2016-01-17 12:50 - 00000000 ____D C:\Users\rober
2016-04-12 15:41 - 2016-03-16 20:54 - 00000000 ____D C:\Users\rober\AppData\Local\NPE
2016-04-12 09:31 - 2016-01-17 12:53 - 00000000 ____D C:\Users\rober\Documents\Youcam
2016-04-11 15:48 - 2016-03-06 09:38 - 00000000 ____D C:\ProgramData\MySafeSavings
2016-04-11 15:44 - 2015-03-02 10:25 - 00000000 ____D C:\Users\knapp_000\AppData\Local\d2125e53-675d-4d80-88d0-e898807c2f0b
2016-04-06 14:32 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 14:32 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-29 09:44 - 2016-01-06 21:07 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-03-29 09:44 - 2014-05-17 18:34 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-03-29 09:41 - 2014-05-17 18:34 - 04506840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-03-29 09:41 - 2014-05-17 18:34 - 03234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-03-29 09:41 - 2014-05-17 18:34 - 02825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-03-29 09:41 - 2014-05-17 18:34 - 00184688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-03-29 09:41 - 2013-08-31 23:49 - 00000000 ____D C:\SWSetup
2016-03-29 09:23 - 2013-11-09 14:33 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-03-29 07:39 - 2016-01-25 10:59 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3BE82D2-7A19-42B9-BB9A-2069B017BF1E}
2016-03-27 08:29 - 2016-01-23 22:52 - 00000000 ____D C:\Users\rober\Documents\Robert

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-22 13:17

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Robert (2016-04-25 23:34:09)
Running from C:\Users\Robert\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-07 02:43:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2092268736-3581782249-471380157-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2092268736-3581782249-471380157-503 - Limited - Disabled)
Guest (S-1-5-21-2092268736-3581782249-471380157-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2092268736-3581782249-471380157-1003 - Limited - Enabled)
knapp_000 (S-1-5-21-2092268736-3581782249-471380157-1001 - Administrator - Enabled) => C:\Users\knapp_000
rober (S-1-5-21-2092268736-3581782249-471380157-1004 - Administrator - Disabled) => C:\Users\rober
Robert (S-1-5-21-2092268736-3581782249-471380157-1005 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon iP100 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series) (Version: - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.2.8.17 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Publisher 2013 - en-us (HKLM\...\PublisherRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Sweet Home 3D version 4.6 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.80 - Webroot)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2092268736-3581782249-471380157-1005_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0582A73D-E859-458F-9F14-4AC162A05012} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {1C4777E4-58B7-4AB0-80C7-601A2F26FCAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {2CF652EB-23E1-4A22-84F1-44157D797A05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {3540B49F-5FD1-4559-96CF-C14EFA273AEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {35C4AE2E-BCDE-43F1-A571-6764D0CBF662} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {41AC3B22-48B7-4901-8CB1-0FFFF4BB0FB5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {42C4BE1D-341D-43B9-81FB-BA69191CFE1B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {4931000B-8F4E-4589-AF40-BB50FC98A4F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {583F9BF9-36E9-4F22-A01B-731A0C540B05} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {596DE963-B057-4711-AA4C-6511CAB8E2EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {5A79811F-53E9-453E-8778-86809D2B4A11} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {60479CCC-67D6-418D-8097-40D1A5CC021C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {69BD1424-93C3-43E2-83FF-496340456038} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6C4B7E08-739B-4977-8872-1DCA0C52A66A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {72560532-8A96-4AEB-A161-B5BFD68404C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7306BDEA-9B6A-4FB8-89D2-34E46D6B88C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {7371243E-18C7-4000-9CC0-7972BDBE0949} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {78221961-A73B-44F5-B792-E892B4D43650} - System32\Tasks\HPCeeScheduleForRobert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {7A46FD01-5D26-4668-8A77-92F315F9A6FB} - System32\Tasks\HPCeeScheduleForrober => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {837FB429-2D37-4894-8487-F1ACA770084C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {963ABC1C-FD1F-46FF-92E0-94D908E3DEA8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {ABEFC10B-31F7-439F-9678-65F708816021} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B2400726-1768-4BAC-9F81-C137203E32AD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {B3171013-2E21-4D48-80C8-C6C8BDEE8F1F} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {BB411FA5-2BB6-4627-947C-DE9ABB090FFC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {BB861C57-BC7E-4CF3-8AF2-55E33EFABA1B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {BC093CDF-BCDF-4BFC-BB9D-3AA796E85ED7} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {BCC0CDB8-7277-4774-AA33-31EA1F6E05B8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {BF874826-5C4D-4A34-9B55-E66391BA3392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {BFBD4186-A79C-432A-AA2D-EC332FCA6332} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C467606D-FB8D-4A46-B8E3-7B639429669C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {C63BFA98-FA36-4E15-ADEF-E4BAE26DF962} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {D024AE02-FCEC-4544-B2A0-C5B9379F78EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {D352E79B-23BA-4DF3-B689-0CCF7E252708} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D4DAB131-9E7A-40D2-AD4D-6F77F3EB71E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {D8725A73-7B2E-4497-ACE0-6F1581EB9F7C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {E55DF0ED-98C8-4923-AE07-4804BCA636BD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E5C56B1E-C7AF-434B-A68F-14BB55533208} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EFDF4308-B7EA-416B-A98D-AEDD60725610} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForrober.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRobert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-10-14 15:23 - 2013-10-14 15:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 15:24 - 2013-10-14 15:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 15:25 - 2013-10-14 15:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 15:22 - 2013-10-14 15:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 15:22 - 2013-10-14 15:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 15:22 - 2013-10-14 15:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 15:35 - 2013-10-14 15:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 15:35 - 2013-10-14 15:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-08-21 19:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-10 02:11 - 2013-08-10 02:11 - 00607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2016-04-12 17:46 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 17:46 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-12 18:44 - 2016-04-12 18:44 - 00959168 _____ () C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2015-10-30 05:52 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-06 23:53 - 2016-01-06 23:53 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 17:43 - 2016-04-01 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 17:45 - 2016-04-01 23:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 17:44 - 2016-04-01 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 17:46 - 2016-04-01 22:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 17:46 - 2016-04-01 23:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-10-14 15:30 - 2013-10-14 15:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-04-19 18:18 - 2016-04-19 18:20 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2014-05-17 18:52 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-04-12 18:44 - 2016-04-12 18:44 - 00679624 _____ () C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\ClientTelemetry.dll
2014-05-17 18:29 - 2013-09-16 17:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-04-19 18:18 - 2016-04-19 18:20 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 18:18 - 2016-04-19 18:20 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-01-17 12:04 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 82.163.142.7 - 95.211.158.134
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7E8711B3-75DF-4AC5-BFB3-C7EC5708CFD8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{B8348B18-1F87-4292-A169-BD9156CC93D8}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{775FAD2A-7A4C-4091-AE8D-A981F3F5CDC1}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5BAFB290-A994-4E3F-89C7-20A8E5F167D7}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A480469F-5ADF-4B40-A987-F6F62B26823D}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D53D7405-F5EC-4603-AE91-D173E1076B44}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4CD13D5-5B8A-4419-89CE-8A7400071F88}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{07A73656-155E-4A8F-A792-8F78583BD773}] => (Allow) LPort=1886
FirewallRules: [{D858CF55-192D-4904-9FB2-ADBE9C575432}] => (Allow) LPort=1886
FirewallRules: [{8FBBCDDB-8B6B-49DD-890A-DD97172515BD}] => (Allow) LPort=1886
FirewallRules: [{600F4ABA-2DA2-48F7-9E02-CA124E90D301}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D181DC22-0C6B-49EA-9FE7-C98C015511AC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{38C313C4-AD61-41A4-9DCF-6529846883F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{388B8297-367A-4907-9A0C-4B588D46BA05}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E9E6AD99-1783-4184-A781-9D186D30B6AB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F27420B1-3A8F-48E4-BEAD-F5321C1F9788}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1683F9FC-A493-4F36-8494-FACA1EC7C013}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{9B9306EA-E03F-4E04-8B2B-990080BD68BE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{5937398C-C4BC-42E1-8DBD-331EA42ECB9A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{40C5164E-82AF-4681-979C-38CBBAB66624}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{3E943BC1-EEF6-4987-9CED-F780E2CF62CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BCADAFF-0E56-433F-B82E-30E05444319B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{45FA8B78-D546-45BD-A377-56287E3E76D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A4ACD7A-78FD-4C2C-9977-384642064AB5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86AD6642-1340-4AAD-B77E-1092ACA46EE0}] => (Allow) LPort=1900
FirewallRules: [{E2451CBD-F655-4397-BE29-9120A569E114}] => (Allow) LPort=2869
FirewallRules: [{ED847B0A-BE09-4AAE-A00E-3BCBB799353A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A56D181E-0501-4A79-8FBF-45D6C250CD85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-04-2016 10:14:45 Scheduled Checkpoint
19-04-2016 18:51:29 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2016 06:58:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.10586.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b10

Start Time: 01d19f45602c43f0

Termination Time: 18

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 2f93f9b1-0b39-11e6-82bb-c4346b4a7abf

Faulting package full name: Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (04/25/2016 12:43:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER)
Description: Activation of app Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/25/2016 12:38:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/22/2016 09:02:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.10586.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 229c

Start Time: 01d19c9711d219ad

Termination Time: 0

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 7b9b306a-088a-11e6-82b8-c4346b4a7abf

Faulting package full name: Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (04/22/2016 08:50:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/19/2016 06:51:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/19/2016 06:12:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 193245703

Error: (04/19/2016 06:12:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 193245703

Error: (04/19/2016 06:12:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/17/2016 10:53:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (04/25/2016 10:05:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/25/2016 10:05:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).

Error: (04/25/2016 06:53:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/25/2016 04:28:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/25/2016 04:28:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/25/2016 04:16:42 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (04/25/2016 04:16:41 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (04/25/2016 04:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/25/2016 04:16:36 PM) (Source: DCOM) (EventID: 10005) (User: COMPUTER)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (04/25/2016 04:16:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

CodeIntegrity:
===================================
Date: 2016-04-14 08:35:17.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-12 20:02:05.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-12 19:39:32.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-27 14:41:08.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-16 22:07:03.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-16 20:44:05.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-13 16:07:11.194
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-13 16:00:46.069
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-13 16:00:46.046
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-13 15:56:50.185
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 6036.27 MB
Available physical RAM: 3925.56 MB
Total Virtual: 9108.27 MB
Available Virtual: 6960.6 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.94 GB) (Free:366.07 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.29 GB) (Free:1.97 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E2AB9DB)

Partition: GPT.

==================== End of Addition.txt ============================

#2
zep516

Posted 25 April 2016 - 10:43 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Can't have two Anti Virus programs running
Please uninstall either,
McAfee Internet Security
Or
Webroot SecureAnywhere

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Next

Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
The AdwCleaner [SO].txt Log
The JRT.txt Log

#3
tinrunner

Posted 26 April 2016 - 10:28 AM

Member

Topic Starter
Member
16 posts

zep516,

Thank you for your help - it may have worked. A short time back on the internet did not bring up any ads. Junkware Removal Tool seemed to work best.

Listed below are the results of each scan.

# AdwCleaner v5.113 - Logfile created 26/04/2016 at 11:32:41
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Local]
# Operating system : Windows 10 Home (X64)
# Username : Robert - COMPUTER
# Running from : C:\Users\Robert\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\ProgramData\PCAcceleratePro
Folder Found : C:\ProgramData\Application Data\PCAcceleratePro
Folder Found : C:\Program Files (x86)\NowUSeeItPlayer
Folder Found : C:\Program Files (x86)\PCAPDownloader
Folder Found : C:\Users\knapp_000\AppData\Local\Downloaded Installers
Folder Found : C:\Users\rober\AppData\Roaming\InstantSupport
Folder Found : C:\Users\rober\AppData\Roaming\PCAcceleratePro

***** [ Files ] *****

File Found : C:\Program Files (x86)\Yahoo!\Common\unyt.exe
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage-journal

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\yt.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\yt.CacheLoader
Key Found : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
Key Found : HKLM\SOFTWARE\Classes\yt.Clickstream
Key Found : HKLM\SOFTWARE\Classes\yt.Clickstream.1
Key Found : HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found : HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found : HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Key Found : HKLM\SOFTWARE\PCAcceleratePro
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012034B4-6FD0-4BC5-B827-33AD18B56125}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{d4247036-fc5e-4735-a8ec-3c9b34c60537} [NameServer] - 82.163.142.7 95.211.158.134
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [7114 bytes] - [26/04/2016 11:32:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7187 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 10 Home x64
Ran by Robert (Administrator) on Tue 04/26/2016 at 11:58:14.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Program Files (x86)\pro pc cleaner (Folder)

Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{772A566A-EA97-48C1-9B89-CC702009959F} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/26/2016 at 12:02:12.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4
zep516

Posted 26 April 2016 - 04:44 PM

Trusted Helper

Malware Removal
8,093 posts

Re-open AdwCleaner

This time run the "clean" option.

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.

[list]
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

#5
tinrunner

Posted 26 April 2016 - 06:28 PM

Member

Topic Starter
Member
16 posts

zep516,

OK, re-opened AdwCleaner and ran the "clean" option. Report below.

Also ran Malwarebytes Anti-Malware - Scan log below.

Thanks,

Robert

# AdwCleaner v5.113 - Logfile created 26/04/2016 at 19:29:33
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Local]
# Operating system : Windows 10 Home (X64)
# Username : Robert - COMPUTER
# Running from : C:\Users\Robert\Downloads\AdwCleaner (1).exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage
[-] File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7875 bytes] - [26/04/2016 11:40:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [2012 bytes] - [26/04/2016 19:29:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [7274 bytes] - [26/04/2016 11:32:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [2100 bytes] - [26/04/2016 19:26:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2231 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/26/2016
Scan Time: 7:40 PM
Logfile: Malwarebytes Scan Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.26.06
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Robert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432672
Time Elapsed: 29 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 42
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9B9DCAE3-BE34-424C-8D73-75E305A9E091}, Quarantined, [333b7142dabf1c1a7119ce1f0ef4ac54],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9B9DCAE3-BE34-424C-8D73-75E305A9E091}, Quarantined, [333b7142dabf1c1a7119ce1f0ef4ac54],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DC9051C2-8F55-479A-97A4-747980D9047F}, Quarantined, [8ee0456e59405fd750b15599fe0418e8],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DC9051C2-8F55-479A-97A4-747980D9047F}, Quarantined, [8ee0456e59405fd750b15599fe0418e8],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F20DE5E0-2A6E-4C54-985F-1CF59551CE39}, Quarantined, [eb83cae9b0e9b28462ca2bc3bd456f91],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F20DE5E0-2A6E-4C54-985F-1CF59551CE39}, Quarantined, [eb83cae9b0e9b28462ca2bc3bd456f91],
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [a8c6456e0891d5615872382b9b694ab6],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\DailyLocalGuide_be, Quarantined, [b3bb5261b4e539fd0cb4d56914f0fd03],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\WeatherBlink, Quarantined, [7df16c47b2e7b87e272dce7112f247b9],
PUP.Optional.InstallCore, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\CoinisRS, Quarantined, [ff6fa50e4653162097a8293b1aea5da3],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\DailyLocalGuide_be, Quarantined, [fb73bbf8debb63d3e7f8a499a55f7d83],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\WeatherBlink, Quarantined, [a2cc4b68bedb3bfbbae184ba27dd15eb],
PUP.Optional.WeCare, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\wecarereminder, Quarantined, [600e892a6c2de650a4da490e61a2b24e],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\APPDATALOW\SOFTWARE\DailyLocalGuide_be, Quarantined, [3b334073cbce89add26b1b229074e020],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\APPDATALOW\SOFTWARE\WeatherBlink, Quarantined, [5717971caaef2c0a3d7f81bc48bca060],
PUP.Optional.Spigot, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\APPDATALOW\SOFTWARE\SETTINGS MANAGER, Quarantined, [bdb13d761c7d74c22152168bab59c63a],
PUP.Optional.Spigot, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, Quarantined, [93dbf4bf4554092ddd4a66eac83cc739],
PUP.Optional.W3i, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4C881980-E486-45F2-BCE5-68AFEE1D7543}, Quarantined, [9bd3d2e120798fa798651c3be81c23dd],
PUP.Optional.ASK, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F5827716-9540-492E-9E9A-9F18BB2E7912}, Quarantined, [343a248fb3e69f97ed63b0af83819a66],
PUP.Optional.WinYahoo, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{012034B4-6FD0-4BC5-B827-33AD18B56125}, Quarantined, [9ad46a49e3b6de58c7992675996bbe42],
PUP.Optional.ProductSetup, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [432bb7fc633671c5598fc48230d46c94],
PUP.Optional.InstantSupport, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\ISTab, Quarantined, [6a049f14e9b08da987b54951c93b768a],
Adware.NowUSeeIt, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\NowUSeeItPlayer, Quarantined, [f579d9da554487af51855e29be467e82],
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\PCAcceleratePro, Quarantined, [d995476cd5c42a0cf401711bf2127f81],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\WeatherBlink, Quarantined, [45299d16d6c370c6afecde60f70db947],
PUP.Optional.MindSpark, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\APPDATALOW\SOFTWARE\WeatherBlink, Quarantined, [5717466d1f7afb3b5f5d9aa3bb499868],
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\APTAB, Quarantined, [b5b9793ab4e5c670d7e7cad0e420847c],
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\CAPHYON\ADVANCED UPDATER\{EB8CB898-F337-451C-A468-B9725D04ED21}, Quarantined, [8ce2496a9ffa5bdb0949b1b320e49c64],
PUP.Optional.ProCleaningSoftware, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\E92E745D_0, Quarantined, [95d9d3e0ff9acc6a103109954eb6936d],
PUP.Optional.WinYahoo, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, Quarantined, [ea84a0137326b284134d6a31da2a6a96],
PUP.Optional.eShopComp, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\eshopcomp.com, Quarantined, [f27ce9ca9aff43f360e6f5b9d92b748c],
PUP.Optional.PastaLeads, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\nps.pastaleads.com, Quarantined, [b1bd4e65851455e1e0503d70bd47fd03],
PUP.Optional.PastaLeads, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\pastaleads.com, Quarantined, [7cf22e856336d0661e1307a6679df40c],
PUP.Optional.eShopComp, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\pstatic.eshopcomp.com, Quarantined, [214d9023a3f69a9cf552ae007a8ae719],
PUP.Optional.Revizer, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\re-markable.net, Quarantined, [5915efc4c0d991a58cc009a463a127d9],
PUP.Optional.Revizer, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\static.re-markable00.re-markable.net, Quarantined, [d797a013d1c80c2acc812687aa5a24dc],
PUP.Optional.eShopComp, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\eshopcomp.com, Quarantined, [f7775063d4c57abc1731ae00ed17cb35],
PUP.Optional.PastaLeads, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\nps.pastaleads.com, Quarantined, [a8c6a211d9c043f30c261b92e51f4cb4],
PUP.Optional.PastaLeads, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\pastaleads.com, Quarantined, [0668e8cbaeebc76f151e1c9110f4b848],
PUP.Optional.eShopComp, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\pstatic.eshopcomp.com, Quarantined, [f9758132d0c9f343ea5fafff31d37b85],
PUP.Optional.Revizer, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\re-markable.net, Quarantined, [56186d46297085b1f5592e7f9c689f61],
PUP.Optional.Revizer, HKU\S-1-5-21-2092268736-3581782249-471380157-1004_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\static.re-markable00.re-markable.net, Quarantined, [145a4c67d8c17db992bdfeaf887c38c8],

Registry Values: 15
PUP.Optional.Spigot, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\APPDATALOW\SOFTWARE\SETTINGS MANAGER|HP_IE, https://search.yahoo...r=spigot-yhp-ie, Quarantined, [bdb13d761c7d74c22152168bab59c63a]
PUP.Optional.Spigot, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\APPDATALOW\SOFTWARE\SETTINGS MANAGER|HP_FF, https://search.yahoo...r=spigot-yhp-ff, Quarantined, [4925f8bbc0d961d594df247dad5704fc]
PUP.Optional.Spigot, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, https://search.yahoo...={searchTerms},Quarantined, [93dbf4bf4554092ddd4a66eac83cc739]
PUP.Optional.W3i, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4C881980-E486-45F2-BCE5-68AFEE1D7543}|URL, https://search.yahoo...5,20028,0,31,0,Quarantined, [9bd3d2e120798fa798651c3be81c23dd]
PUP.Optional.ASK, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{f5827716-9540-492e-9e9a-9f18bb2e7912}|DisplayName, Ask Web Search, Quarantined, [343a248fb3e69f97ed63b0af83819a66]
PUP.Optional.ASK, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{f5827716-9540-492e-9e9a-9f18bb2e7912}|URL, http://search.tb.ask...={searchTerms},Quarantined, [b2bc11a2e2b7a88e202fa9b62bd948b8]
PUP.Optional.WinYahoo, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{012034B4-6FD0-4BC5-B827-33AD18B56125}|URL, https://us.search.ya...={searchTerms},%4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{012034B4-6FD0-4BC5-B827-33AD18B56125}|TopResultURLFallback, https://us.search.ya...={searchTerms},%4, %5
PUP.Optional.ProductSetup, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\PRODUCTSETUP|tb, 0J1M1N0T2R2Y2X1S1M0E1R, Quarantined, [432bb7fc633671c5598fc48230d46c94]
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\APTAB|hb, 1, Quarantined, [b5b9793ab4e5c670d7e7cad0e420847c]
PUP.Optional.ProCleaningSoftware, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\e92e745d_0, {2}.\\?\hdaudio#func_01&ven_10ec&dev_0282&subsys_103c218f&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Program Files (x86)\Professional Cleaning Software\ProfessionalCleaningSoftware.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [95d9d3e0ff9acc6a103109954eb6936d]
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe, 8888, Quarantined, [125cb102445580b68d2b5745cf35e917]
PUP.Optional.WinYahoo, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, https://us.search.ya...={searchTerms},%4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|TopResultURLFallback, https://us.search.ya...={searchTerms},%4, %5
Adware.NowUSeeIt, HKU\S-1-5-21-2092268736-3581782249-471380157-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NowUSeeIt Player, "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1, Quarantined, [9fcf575c70291e18a864c0ceed1715eb]

Registry Data: 2
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Good: (8.8.8.8), Bad: (82.163.142.7 95.211.158.134),Replaced,[f579169dd4c5ed492b8332186a9b837d]
PUP.Optional.ASK, HKU\S-1-5-21-2092268736-3581782249-471380157-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Secondary Start Pages, http://home.tb.ask.c...TM4u11TDT12w1^^, Good: (www.google.com), Bad: (http://home.tb.ask.com/index.jhtml?n=781BD8EB&p2=^XN^xdm470^YYA^us&ptb=5115B427-60FF-4139-B07D-5B963CBB8ACD&si=CD15543_883-CuTM4u11TDT12w1^^),Replaced,[cea0e3d0f2a749ed560e50f9a065b947]

Folders: 5
PUP.Optional.WebBar, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, Quarantined, [1e508f24a0f9a98d990db2a6b0541be5],
PUP.Optional.PCProCleaner, C:\Users\rober\AppData\Roaming\updates, Quarantined, [f97541721f7a64d21b40e2807b893ec2],
PUP.Optional.MindSpark, C:\Users\knapp_000\AppData\LocalLow\PackageTracer_69EI, Quarantined, [73fb763dedac5adc1e709d87d82b29d7],
PUP.Optional.MindSpark, C:\Users\knapp_000\AppData\LocalLow\PackageTracer_69EI\Installr, Quarantined, [73fb763dedac5adc1e709d87d82b29d7],
PUP.Optional.MindSpark, C:\Users\knapp_000\AppData\LocalLow\PackageTracer_69EI\Installr\Cache, Quarantined, [73fb763dedac5adc1e709d87d82b29d7],

Files: 7
PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-2092268736-3581782249-471380157-1005\$R10OSNR.partial, Quarantined, [2846a3108514af870a3853d7b250b050],
PUP.Optional.WebBar, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, Quarantined, [1e508f24a0f9a98d990db2a6b0541be5],
PUP.Optional.PCProCleaner, C:\Users\rober\AppData\Roaming\updates\updates.aiu, Quarantined, [f97541721f7a64d21b40e2807b893ec2],
PUP.Optional.Pakilan, C:\Users\knapp_000\AppData\LocalLow\Microsoft\Internet Explorer\Services\Go_Palikan.ico, Quarantined, [72fcedc67128b185298f2d360301649c],
PUP.Optional.CrossRider, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [600e9f14d7c27cba52b9247ff014e31d],
PUP.Optional.CrossRider, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [3e30387b8811bf776c9f940f937142be],
PUP.Optional.MindSpark, C:\Users\knapp_000\AppData\LocalLow\PackageTracer_69EI\Installr\Cache\files.ini, Quarantined, [73fb763dedac5adc1e709d87d82b29d7],

Physical Sectors: 0
(No malicious items detected)

(end)

#6
zep516

Posted 26 April 2016 - 07:24 PM

Trusted Helper

Malware Removal
8,093 posts

Download the enclosed =>

fixlist.txt 4.4KB 168 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

#7
tinrunner

Posted 26 April 2016 - 08:07 PM

Member

Topic Starter
Member
16 posts

zep516,

Not sure I downloaded and saved the file correctly. Let me know.

Fixlog below:

Fix result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Robert (2016-04-26 21:51:43) Run:1
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert (Available Profiles: knapp_000 & rober & Robert)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {012034B4-6FD0-4BC5-B827-33AD18B56125} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0ByE0AyB0A0B0FyD0B0E0EtN0D0Tzu0StCyEyByBtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEyEyByEzzzzyCtBtGyDzy0CyCtG0E0A0CzytGyDtD0BtCtG0FtCyByDtD0F0A0Azz0FyE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FzytDzyyD0BtDtGyCtByDtCtGyEtB0FtBtGzz0B0FzztGyByB0D0ByEzztDzztAzzzz0E2QtN0A0LzuyE%26cr%3D89528775%26a%3Dwbf_mdaffmarmar_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0ByE0AyB0A0B0FyD0B0E0EtN0D0Tzu0StCyEzzyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0CyCyE0AyBtD0CtGyEtB0CtCtG0FtDzy0FtGtByDyBtCtG0B0E0C0BtAyB0Fzy0Ezy0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyBtDzz0D0EyC0AtGtC0D0ByCtGyEtD0FyCtG0Azy0FtCtGzzyDtB0B0EyEyBtCtDtAtC0F2QtN0A0LzuyE%26cr%3D1753751548%26a%3Dwbf_mdaffmarmar_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {772A566A-EA97-48C1-9B89-CC702009959F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {772A566A-EA97-48C1-9B89-CC702009959F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
U0 SR; no ImagePath
U2 srservice; no ImagePath
2016-03-27 08:09 - 2016-03-27 08:13 - 00000000 ____D C:\Users\rober\AppData\LocalLow\uTorrent
2016-04-11 15:48 - 2016-03-06 09:38 - 00000000 ____D C:\ProgramData\MySafeSavings
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
FirewallRules: [{B8348B18-1F87-4292-A169-BD9156CC93D8}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{775FAD2A-7A4C-4091-AE8D-A981F3F5CDC1}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5BAFB290-A994-4E3F-89C7-20A8E5F167D7}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A480469F-5ADF-4B40-A987-F6F62B26823D}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D53D7405-F5EC-4603-AE91-D173E1076B44}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4CD13D5-5B8A-4419-89CE-8A7400071F88}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012034B4-6FD0-4BC5-B827-33AD18B56125} => key not found.
HKCR\CLSID\{012034B4-6FD0-4BC5-B827-33AD18B56125} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{772A566A-EA97-48C1-9B89-CC702009959F}" => key removed successfully
HKCR\CLSID\{772A566A-EA97-48C1-9B89-CC702009959F} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{772A566A-EA97-48C1-9B89-CC702009959F} => key not found.
HKCR\Wow6432Node\CLSID\{772A566A-EA97-48C1-9B89-CC702009959F} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
SR => service removed successfully
srservice => service removed successfully
C:\Users\rober\AppData\LocalLow\uTorrent => moved successfully
C:\ProgramData\MySafeSavings => moved successfully
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8348B18-1F87-4292-A169-BD9156CC93D8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{775FAD2A-7A4C-4091-AE8D-A981F3F5CDC1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BAFB290-A994-4E3F-89C7-20A8E5F167D7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A480469F-5ADF-4B40-A987-F6F62B26823D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D53D7405-F5EC-4603-AE91-D173E1076B44} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4CD13D5-5B8A-4419-89CE-8A7400071F88} => value removed successfully

========= bitsadmin /reset /allusers =========

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{81AC9A52-3BE5-4806-AA22-322BFD374505} canceled.
{A6335FDE-DD82-46AA-8298-D2DAE55B01DC} canceled.
{88B587D7-1819-46BE-AC31-E3DCBF137F74} canceled.
{6601723C-126E-4D0F-81A4-2138A90ADB78} canceled.
{7C0BC358-43BD-4B99-B415-C7860B93F191} canceled.
{F7D31D6B-6485-42B3-A752-839C0320A471} canceled.
{41344669-9191-4BAD-B395-1BCB938DD161} canceled.
{AE823F71-D9C1-4C42-958D-AB59412BD6F7} canceled.
{9FAB45C4-DC3B-47F4-8197-35C6E3E20252} canceled.
9 out of 9 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.2 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:53:11 ====

#8
zep516

Posted 26 April 2016 - 08:11 PM

Trusted Helper

Malware Removal
8,093 posts

Nice work. It appears to be correct.

What browser do you use? What issues remain ?

#9
tinrunner

Posted 26 April 2016 - 08:41 PM

Member

Topic Starter
Member
16 posts

zep516,

Windows 10, Microsoft Edge.

No other issues, everything seems to be working.

Robert

#10
zep516

Posted 26 April 2016 - 08:47 PM

Trusted Helper

Malware Removal
8,093 posts

A minor adware issue and it looks to be resolved. Time to clean up a bit.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report.
Paste it for my review.

#11
tinrunner

Posted 27 April 2016 - 07:43 AM

Member

Topic Starter
Member
16 posts

zep516,

Question: Would a different web browser be a better choice than Microsoft Edge?

Note: Malwarebytes program has put up two pop-up notes saying that is has blocked two items, however, going to the History page - it shows nothing new. Do I need to worry about this?

DelFix report below:

# DelFix v1.010 - Logfile created 27/04/2016 at 09:22:56
# Updated 26/04/2015 by Xplode
# Username : Robert - COMPUTER
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Robert\Desktop\JRT.txt
Deleted : C:\Users\Robert\Downloads\Addition.txt
Deleted : C:\Users\Robert\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\Robert\Downloads\AdwCleaner.exe
Deleted : C:\Users\Robert\Downloads\Fixlog.txt
Deleted : C:\Users\Robert\Downloads\FRST.txt
Deleted : C:\Users\Robert\Downloads\FRST64 (1).exe
Deleted : C:\Users\Robert\Downloads\FRST64 is.txt
Deleted : C:\Users\Robert\Downloads\FRST64.exe
Deleted : C:\Users\Robert\Downloads\JRT.exe

~ Cleaning system restore ...

Deleted : RP #19 [Scheduled Checkpoint | 04/12/2016 14:14:45]
Deleted : RP #20 [Scheduled Checkpoint | 04/19/2016 22:51:29]
Deleted : RP #21 [JRT Pre-Junkware Removal | 04/26/2016 15:58:18]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#12
zep516

Posted 27 April 2016 - 05:04 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

I have never used the edge browser so I really can't comment, a browser is a personal choice what ever one you like use it.

I do keep 2 browsers on my machine and use Palemoon very similar to Firefox.

Does malwarbytes say what it's blocking ? Does this happen in the edge browser on any particular site ?

#13
tinrunner

Posted 28 April 2016 - 07:07 AM

Member

Topic Starter
Member
16 posts

zep516,

Malwarebytes - pop-ups - are notes on protection from "malicious websites". So I presume everything is OK.

See Malwarebytes log below:

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 4/28/2016 8:00 AM, SYSTEM, COMPUTER, Scheduler, Malware Database, 2016.4.27.7, 2016.4.28.4,
Protection, 4/28/2016 8:00 AM, SYSTEM, COMPUTER, Protection, Refresh, Starting,
Protection, 4/28/2016 8:00 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Stopping,
Protection, 4/28/2016 8:00 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Stopped,
Protection, 4/28/2016 8:01 AM, SYSTEM, COMPUTER, Protection, Refresh, Success,
Protection, 4/28/2016 8:01 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Starting,
Protection, 4/28/2016 8:01 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Started,
Scan, 4/28/2016 8:30 AM, SYSTEM, COMPUTER, Manual, Start:4/28/2016 8:04 AM, Duration:25 min 46 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 4/28/2016 9:00 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 59793, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,
Detection, 4/28/2016 9:00 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 59796, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,
Detection, 4/28/2016 9:00 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 59793, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,
Detection, 4/28/2016 9:00 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 59797, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,
Detection, 4/28/2016 9:00 AM, SYSTEM, COMPUTER, Protection, Malicious Website Protection, Domain, 205.185.208.26, istatic.eshopcomp.com, 59798, Outbound, C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe,

(end)

#14
zep516

Posted 28 April 2016 - 07:36 AM

Trusted Helper

Malware Removal
8,093 posts

OK,

Looks like everything is ok with the computer and we can close the topic.

#15
zep516

Posted 02 May 2016 - 05:16 PM

Trusted Helper

Malware Removal
8,093 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe