Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome Malware Issue [Solved]


  • This topic is locked This topic is locked

#1
Braind

Braind

    Member

  • Member
  • PipPipPip
  • 246 posts

My Chrome bowser has malware on it that redirects me to a website that sells malware protection services. I can get to websites, but when I try to click on a link in those websites, e.g., going to a news website and then clicking on an article on that website, I am redirected. I have tried these scans: Windows Defender, Malwarebytes Anti-Malware, the free Sophos anti-malware, SuperAntiSpyware, plus other anti-malware and I can't get rid of this.

I have a HP Pavilion p7- 1080t PC with Windows 10, x64 OS.Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016

Ran by Brian (2016-06-29 21:06:46)

Running from C:\Users\Brian\Downloads

Windows 10 Home Version 1511 (X64) (2015-11-30 03:56:16)

Boot Mode: Normal

============================================================================= Accounts: =============================

 

Administrator (S-1-5-21-1563961910-250262785-1644635927-500 - Administrator - Disabled)

Brian (S-1-5-21-1563961910-250262785-1644635927-1001 - Administrator - Enabled) => C:\Users\Brian

DefaultAccount (S-1-5-21-1563961910-250262785-1644635927-503 - Limited - Disabled)

Guest (S-1-5-21-1563961910-250262785-1644635927-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1563961910-250262785-1644635927-1002 - Limited - Enabled)

SophosSAUBRIAN-HP0 (S-1-5-21-1563961910-250262785-1644635927-1009 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Sophos Home (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}

AS: Sophos Home (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Adguard (HKLM-x32\...\{277af691-7c0f-478e-9fb6-62efeead0faa}) (Version: 6.0.226.1108 - Performix LLC)

Adguard (x32 Version: 6.0.226.1108 - Performix LLC) Hidden

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.196 - Adobe Systems Incorporated)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\{18BBF24A-6D04-4CA4-B6B4-1CF372162EEC}) (Version: 10.2.152.32 - Adobe Systems Incorporated)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Amazon Kindle (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.5.1.16 - AT&T)

ATI Catalyst Install Manager (HKLM\...\{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)

ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brave (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Brave) (Version: 0.10.0 - Brave Software)

ccc-core-static (x32 Version: 2010.1123.1002.17926 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)

CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dashlane (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Dashlane) (Version: 4.5.0.13208 - Dashlane SAS)

DetectorTools (HKLM-x32\...\{E8F0431A-A158-49F6-96AC-7C1380D9AF21}) (Version: 1.11.60 - Escort)

Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)

Diskeeper 15 (HKLM\...\{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}) (Version: 18.0.1104.64 - Condusiv Technologies)

FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)

Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)

Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{22FCD3B0-CAA7-444A-84AC-75716545EAB9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)

HP Officejet 6500 E710a-f Product Improvement Study (HKLM\...\{8F3591D0-074B-4F7B-A269-39FE61C9CB5C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.4.18.7 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Hulu Desktop (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)

HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Malwarebytes Anti-Ransomware version 0.9.16.484 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.16.484 - Malwarebytes)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version: - MiniTool Solution Ltd.)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyHarmony (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)

NirSoft RegScanner (HKLM-x32\...\NirSoft RegScanner) (Version: - )

NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden

[email protected] (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)

[email protected] (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis)

Pale Moon 26.1.1 (x86 en-US) (HKLM-x32\...\Pale Moon 26.1.1 (x86 en-US)) (Version: 26.1.1 - Moonchild Productions)

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden

RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden

Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)

Should I Remove It (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)

Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden

Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)

Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.5.4 - Sophos Limited)

Sophos AutoUpdate (HKLM-x32\...\{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520}) (Version: 5.3.0.516 - Sophos Limited)

Sophos Management Communications System (HKLM-x32\...\{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}) (Version: 2.0.1 - Sophos Limited)

SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)

TunesKit Audiobook Converter 2.3.2.10 (HKLM-x32\...\TunesKit Audiobook Converter_is1) (Version: - TunesKit, Inc.)

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)

Windows Driver Package - ESCORT Inc. (WinUSB) MyDeviceClass (07/22/2014 ) (HKLM\...\D0C35FE98CEDEF60A59F31DC022A63EFCF48559E) (Version: 07/22/2014 - ESCORT Inc.)

Windows Driver Package - ESCORT, Inc. (usbser) Ports (04/24/2013 1.0.0.0) (HKLM\...\81CF09C262F2AF50FED94F55B77F731D76C948F2) (Version: 04/24/2013 1.0.0.0 - ESCORT, Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinX DVD Ripper Platinum 7.5.12 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)

WonderFox DVD Video Converter 8.8 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 8.8 - WonderFox Soft, Inc.)

YoWindow (HKLM-x32\...\yowindow) (Version: 3 - RepkaSoft)

Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.94 - Zemana Ltd.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1563961910-250262785-1644635927-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {06D58ED9-2FD4-4825-B8AB-6324F047E5A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {087167D8-8230-4048-82DE-75D6C3B67431} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)

Task: {0F276872-AB99-46F3-A08E-BA357BF36A48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)

Task: {0F7CAE4F-9DE1-43E3-A6E8-C77313EB7E10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {18AD7D57-DFD5-4BCC-8EEA-E63435130B8D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {21A8972F-F82B-439F-950B-2B0A8A4B4EB7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {2B790A28-F946-4A0F-97B5-0EB97BE9934C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)

Task: {3405A3D3-8CA2-4CA9-8BE6-43537AE3CE04} - System32\Tasks\ModemBooster_networkMonitor => C:\Program Files (x86)\inKline Global\Modem Booster\mbtray.exe

Task: {341A5A91-8362-4F47-B457-2E871B4B19FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {5098E177-EECA-4B55-93A6-CEF510DE15D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)

Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {5A78CE1F-C261-4943-93DC-B126D03DBEF3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {67BBD5B0-09A6-42B4-A932-D4A5B0DB3FBF} - System32\Tasks\HPCeeScheduleForBRIAN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {682DA36B-41EA-48BB-AD0E-5670EA640788} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {7FA484FA-6FF3-4578-B7CD-EA43C11F09A0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-17] (Adobe Systems Incorporated)

Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {80B1311C-5F20-47B4-803A-7383240C33B8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)

Task: {85AA3C48-9081-4969-A99A-73A90BFBC70F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)

Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {92741044-7CFA-4BF0-97B3-DF05B539CA26} - System32\Tasks\ModemBooster_Run => C:\Program Files (x86)\inKline Global\Modem Booster\ModemBooster.exe

Task: {9698E6B2-49B7-4EF8-A069-D6B07BD4B853} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)

Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {A641C078-23E3-4655-A8EA-49043BDC528B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)

Task: {A74C4C55-DD10-4C0C-8B17-5F9057D45FC1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)

Task: {A9B32E4E-00E9-4C0A-81EA-FAC4E87128FD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-11-04] (RealNetworks, Inc.)

Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {AECF3AE5-8D63-4D4A-90F7-33B40365CD04} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)

Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {B4D4E86B-D688-44B1-BAC9-DE56CFA8FE85} - System32\Tasks\{4ABB3C9A-AA10-471F-BBDD-71AB9D4E726D} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"

Task: {B76CEA16-D75C-4504-BEA2-5044FE5AA0F1} - System32\Tasks\HPCeeScheduleForBrian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {B9F1C6BE-AD04-4C0E-B7BB-5A691C4175DF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)

Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {C20D3F74-A273-407C-8621-C05C4C3635DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-18] (Microsoft Corporation)

Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {CF077B7A-6F49-449F-BC12-B3A17BE7D4F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)

Task: {D26EA5F5-70FD-4338-9E4D-493EEB5AF8AC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {D49161D9-1CF6-4461-958A-72743729BE58} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()

Task: {D7C5CE96-D2C3-4346-9789-E2A1D5394191} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)

Task: {D96448E4-FD9F-41FE-8DAC-AA34F46B8DFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {E43372F5-C9FD-400E-8679-530A33C405E9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {EC38A472-87B2-4E3E-8034-92E250279398} - System32\Tasks\ModemBooster_notification => C:\Program Files (x86)\inKline Global\Modem Booster\ModemBooster.exe

Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {F31E9816-34F9-4F79-95EA-B0036CA1DAB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)

Task: {F4527842-FB71-44AD-BC7E-8B82C84A2247} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {F8934F0C-AEF2-4BC2-B941-09264B17B041} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {FC0FA31B-488F-4E7A-814B-0831FD99207C} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForBRIAN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForBrian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&tp=onlinesvs&s=quickenfc&pf=cndt&c=113&TYPE=4EC:\Program Files (x86)\Online Services\quickenfc\financial_center.ico (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cndt&s=hp_softwarestore&c=113&TYPE=4>C:\Program Files (x86)\Online Services\hpswstore\hpswstore.ico (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2011_usAC:\Program Files (x86)\Online Services\snapfish\SnapfishGreen.ico (No File)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-06-25 19:28 - 2016-06-07 09:48 - 01126368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll

2016-04-13 18:52 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-04-13 18:52 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-03-15 05:24 - 2016-06-10 04:05 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2015-12-17 19:02 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-05-12 18:32 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-06-17 21:22 - 2016-05-27 22:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-06-17 21:21 - 2016-05-27 22:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-06-17 21:22 - 2016-05-27 22:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-06-17 21:22 - 2016-05-27 22:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2016-06-25 19:28 - 2016-04-14 18:38 - 00745984 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll

2016-01-18 20:16 - 2015-11-25 14:03 - 00412672 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll

2016-06-26 14:42 - 2016-06-23 08:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll

2016-06-26 14:42 - 2016-06-23 08:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll

2015-11-15 13:59 - 2016-06-03 04:44 - 00227200 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\Dashlane.exe

2015-11-15 13:59 - 2016-06-03 04:44 - 00286080 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\DashlanePlugin.exe

2016-04-22 01:07 - 2016-04-22 01:07 - 00313656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll

2015-12-09 18:52 - 2016-01-18 17:27 - 00043520 _____ () C:\Program Files (x86)\IDriveWindows\RemoteManagement.dll

2015-12-09 18:52 - 2016-01-18 17:27 - 00013312 _____ () C:\Program Files (x86)\IDriveWindows\SqliteWrapper.dll

2015-12-09 18:52 - 2015-11-25 14:03 - 00834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll

2016-02-27 21:20 - 2016-02-27 21:20 - 01426424 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL

2016-02-27 21:20 - 2016-02-27 21:20 - 00140280 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL

2016-02-14 23:59 - 2016-02-14 23:59 - 00306472 _____ () C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\log4cplus.dll

2015-12-07 18:44 - 2015-12-07 18:44 - 00270336 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node

2015-12-07 18:44 - 2015-12-07 18:44 - 00244736 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node

2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\libxmljs\build\Release\xmljs.node

2015-12-07 18:44 - 2015-12-07 18:44 - 00237056 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node

2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 00347520 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 00436608 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 00469376 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 63070592 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 00299392 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 06254464 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 07393664 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 13624192 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 02284928 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.5.0.13208.dll

2016-06-03 04:43 - 2016-06-03 04:43 - 00353664 _____ () C:\Users\Brian\AppData\Roaming\Dashlane\4.5.0.13208\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.5.0.13208.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

HKLM\...\.scr: CryptoPreventSCR => "C:\PROGRA~2\FOOLIS~1\CRYPTO~1\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1001movie.com -> 1001movie.com

 

There are 6091 more sites.

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"

HKLM\...\StartupApproved\Run: => "hpsysdrv"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run: => "ATT_McciTrayApp"

HKLM\...\StartupApproved\Run32: => "HP Software Update"

HKLM\...\StartupApproved\Run32: => "PDF Complete"

HKLM\...\StartupApproved\Run32: => "RealDownloader"

HKLM\...\StartupApproved\Run32: => "TkBellExe"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "Dashlane"

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "DashlanePlugin"

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "FileHippo.com"

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "Adguard"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{8369B9E8-5FA4-4416-BBE5-A8EF7F88E924}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{8C7AB105-1E2B-49E0-AB30-840D93FDC9DA}] => (Allow) LPort=1900

FirewallRules: [{8BED5578-C934-4048-AAD5-155B6DDEEF4C}] => (Allow) LPort=2869

FirewallRules: [{CCAA96EF-A07B-43C4-84DD-B981062D9018}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{F0D9FCE7-EF3E-4196-B325-1D48A840D57F}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{3891FB49-C0A7-4FEA-9173-CD7FDA1B270E}] => (Allow) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe

FirewallRules: [{3C9ADB16-4651-43E6-A16F-5DA8A6F633A7}] => (Allow) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe

FirewallRules: [{BA30E9F4-551F-48FE-97DD-51F816094B14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{4A932183-A324-47B1-AEA0-491CF24EEE92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{210C68F2-FD4B-4B44-881D-C19B3CDD415B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{59E71CA3-D907-4901-AD38-3CD0275091A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{3CF4AF4F-11ED-43DF-81F8-B411B8CA292C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{C3797A3C-FF3A-4AB6-8414-296B9EC2B15E}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe

FirewallRules: [{354983A1-B058-49B0-BD7A-3600286638B5}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe

FirewallRules: [{99A3625A-9B37-40DE-8FE7-4B10CBDEC956}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\SendAFax.exe

FirewallRules: [{862EB5B8-BD8F-4D35-98B2-4360EF2AEA89}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\DigitalWizards.exe

FirewallRules: [{FD948C44-7788-4694-9A59-BE5C9AE323E9}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\FaxApplications.exe

FirewallRules: [{0082FA77-F435-422F-B60F-3ACA819FE190}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{FF75E0B2-8507-49F6-83C0-C6071AEFC6D1}C:\program files (x86)\idrivewindows\cmd_util\idwutil_600.exe] => (Allow) C:\program files (x86)\idrivewindows\cmd_util\idwutil_600.exe

FirewallRules: [UDP Query User{92EE037D-C18A-406D-9C23-5B92587D2DE6}C:\program files (x86)\idrivewindows\cmd_util\idwutil_600.exe] => (Allow) C:\program files (x86)\idrivewindows\cmd_util\idwutil_600.exe

FirewallRules: [{A2FA46EE-AC6E-4063-8F11-584FC5831ED3}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe

FirewallRules: [{75A935F3-5BA9-436C-B60F-1AD94CFC5AAD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{DA2CABDC-E5C1-41B1-8CE4-DD81B4EC849C}] => (Allow) LPort=15600

FirewallRules: [{80FE7B09-3934-4139-B53E-0221EAC3D58E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{A58AF042-73AB-4190-884A-C55E39A4F4AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/29/2016 06:30:05 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

 

Error: (06/29/2016 06:26:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0

Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb

Exception code: 0xc0000409

Fault offset: 0x00000000000a9ba0

Faulting process id: 0x1700

Faulting application start time: 0xbackgroundTaskHost.exe0

Faulting application path: backgroundTaskHost.exe1

Faulting module path: backgroundTaskHost.exe2

Report Id: backgroundTaskHost.exe3

Faulting package full name: backgroundTaskHost.exe4

Faulting package-relative application ID: backgroundTaskHost.exe5

 

Error: (06/27/2016 04:43:23 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (06/27/2016 04:43:23 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (06/27/2016 12:14:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8234

 

Error: (06/27/2016 12:14:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8234

 

Error: (06/27/2016 12:14:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (06/26/2016 11:52:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbarw.exe, version: 1.0.0.174, time stamp: 0x57558c7d

Faulting module name: mbarw.exe, version: 1.0.0.174, time stamp: 0x57558c7d

Exception code: 0xc0000005

Fault offset: 0x000000000002515b

Faulting process id: 0x1a84

Faulting application start time: 0xmbarw.exe0

Faulting application path: mbarw.exe1

Faulting module path: mbarw.exe2

Report Id: mbarw.exe3

Faulting package full name: mbarw.exe4

Faulting package-relative application ID: mbarw.exe5

 

Error: (06/26/2016 11:45:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MBAMService.exe, version: 3.0.0.549, time stamp: 0x574313ca

Faulting module name: arwlib.dll, version: 3.0.0.219, time stamp: 0x5756f022

Exception code: 0xc0000005

Fault offset: 0x0000000000039c99

Faulting process id: 0x920

Faulting application start time: 0xMBAMService.exe0

Faulting application path: MBAMService.exe1

Faulting module path: MBAMService.exe2

Report Id: MBAMService.exe3

Faulting package full name: MBAMService.exe4

Faulting package-relative application ID: MBAMService.exe5

 

Error: (06/26/2016 11:21:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BRIAN-HP)

Description: Package ACMEAtronOmaticLLC.MyRadar_3.1.5.0_x86__hgk1kwjkxrdv0+App was terminated because it took too long to suspend.

 

 

System errors:

=============

Error: (06/29/2016 09:01:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Downloaded Maps Manager service hung on starting.

 

Error: (06/29/2016 08:58:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

 

Error: (06/29/2016 08:58:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Delivery Optimization service hung on starting.

 

Error: (06/29/2016 08:57:47 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Brian-HPBrianS-1-5-21-1563961910-250262785-1644635927-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (06/29/2016 08:57:47 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Brian-HPBrianS-1-5-21-1563961910-250262785-1644635927-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (06/29/2016 08:57:47 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Brian-HPBrianS-1-5-21-1563961910-250262785-1644635927-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (06/29/2016 08:57:47 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Brian-HPBrianS-1-5-21-1563961910-250262785-1644635927-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (06/29/2016 08:57:47 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Brian-HPBrianS-1-5-21-1563961910-250262785-1644635927-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (06/29/2016 08:57:47 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Brian-HPBrianS-1-5-21-1563961910-250262785-1644635927-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (06/29/2016 08:57:47 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Brian-HPBrianS-1-5-21-1563961910-250262785-1644635927-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

 

CodeIntegrity:

===================================

Date: 2016-06-29 19:31:31.266

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:31:31.240

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:09:12.853

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:09:12.833

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:09:12.772

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:09:12.739

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:09:12.723

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:09:12.649

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:09:12.599

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2016-06-29 19:09:12.582

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i5-2400S CPU @ 2.50GHz

Percentage of memory in use: 53%

Total physical RAM: 6126.53 MB

Available physical RAM: 2872.21 MB

Total Virtual: 9838.53 MB

Available Virtual: 6589.75 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:919.73 GB) (Free:625.35 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (HP_RECOVERY) (Fixed) (Total:11.25 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 7EF8BB38)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Attached Files


Edited by RKinner, 30 June 2016 - 08:39 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Plese post your First log.  You posted addition.txt twice.  Also please just copy and paste the text from the logs.  Do not convert them to rtf.

 

Is this in all browsers or just one?


  • 0

#3
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

Chrome is the only one that has this problem.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016

Ran by Brian (administrator) on BRIAN-HP (29-06-2016 21:03:32)

Running from C:\Users\Brian\Downloads

Loaded Profiles: Brian (Available Profiles: Brian & DefaultAppPool)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\MAHostService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

(Joyent, Inc) C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\node.exe

(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe

(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe

(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe

(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Repkasoft) C:\Program Files (x86)\YoWindow\yowindow.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcGCMessagingHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\Brian\AppData\Roaming\Dashlane\Dashlane.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

() C:\Users\Brian\AppData\Roaming\Dashlane\DashlanePlugin.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Apple Inc.) C:\Program Files\iTunes\iTunes.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Farbar) C:\Users\Brian\Downloads\FRST64 (2).exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Pro Softnet Corporation) C:\Program Files (x86)\IDriveWindows\id_vssvista.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.5.1.16\ma\bin\pcTrayApp.exe [2943488 2015-12-11] (Alcatel-Lucent)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13708016 2016-06-28] (Zemana Ltd.)

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286992 2015-11-15] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] ()

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [72736 2016-01-18] (Prosoftnet)

HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1985056 2016-01-18] (Prosoftnet)

HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"

HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1596200 2016-01-15] (Sophos Limited)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)

HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION

HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION

HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION

HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION

HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\dashlane.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\dashlane.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\dashlane\procdump.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\dashlaneplugin.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\dashlane\dashlaneplugin.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\procdump.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\dashlane\dashlane.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\dashlaneplugin.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\procdump.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\procdump.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\dashlane.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\dashlaneplugin.exe <====== ATTENTION

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-06-02] (SUPERAntiSpyware)

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Dashlane] => C:\Users\Brian\AppData\Roaming\Dashlane\Dashlane.exe [227200 2016-06-03] ()

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [DashlanePlugin] => C:\Users\Brian\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-06-03] ()

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5578232 2016-04-18] (Performix LLC)

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\yowindow.scr [859080 2015-12-21] (repkasoft)

AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [275352 2016-02-22] (Sophos Limited)

ShellIconOverlayIdentifiers: [  0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)

ShellIconOverlayIdentifiers: [  0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)

ShellIconOverlayIdentifiers: [  0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-06-28]

ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-11-15]

ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-18]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk [2016-01-22]

ShortcutTarget: YoWindow.lnk -> C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)

Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2015-11-29] ()

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{136f715d-1007-4cf1-8adb-aa43da411b61}: [DhcpNameServer] 192.168.1.254

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =

SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =

SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {F2B5E2C6-4DFD-420A-80B7-6DDC3D8989CA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {F813F595-1DA6-4476-915D-E3C2FDF0B758} URL = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)

BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Brian\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-06-03] (Dashlane)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)

Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Brian\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-06-03] (Dashlane)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [2015-12-11] (AT&T)

FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-11-15] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-11-15] (RealPlayer)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1563961910-250262785-1644635927-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]

FF Extension: AT&T Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2016-04-02] [not signed]

FF HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Brian\AppData\Roaming\Dashlane\3.6.0.97092\Extensions\JetPack_expanded\[email protected] => not found

 

Chrome:

=======

CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggTdgpdUg4TERgRcg5eTA1BF1EOIVpbBxRIEVdHJgEJAl8UQwQFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"

CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}

CHR DefaultSearchKeyword: Default -> duckduckgo.com

CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list

CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-08]

CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-11-08]

CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-08]

CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]

CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-12]

CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-08]

CHR Extension: (Adblock Plus) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]

CHR Extension: (Incognito-Filter) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2015-11-08]

CHR Extension: (Blur Privacy Dashboard) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjidbdiahninbecbcigapoocbkfncobc [2015-11-15]

CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]

CHR Extension: (PriceJump) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblfcnaanidhgjbmcfgebdcifkaffcpb [2015-11-08]

CHR Extension: (Blur) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2016-06-23]

CHR Extension: (YoWindow Free Weather) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2016-06-26]

CHR Extension: (Dashlane) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-06-29]

CHR Extension: (Google Sheets) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-08]

CHR Extension: (Just Not Sorry -- the Gmail Plug-in) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmegmibednnlgojepmidhlhpjbppmlci [2016-04-03]

CHR Extension: (HTTPS Everywhere) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-06-09]

CHR Extension: (Assassin's Creed III) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn [2015-11-08]

CHR Extension: (Google Docs Offline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]

CHR Extension: (The Camelizer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-04-26]

CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2015-11-08]

CHR Extension: (Protect My Choices) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2016-05-12]

CHR Extension: (Incognito This!) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icnaplnkjfjncegmphmlfpggildllbho [2015-12-24]

CHR Extension: (The Weather Channel for Chrome) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2015-11-08]

CHR Extension: (Google Voice (by Google)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-11-08]

CHR Extension: (Advanced Extensions) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\knchccdpckooledklhnooegnniofcfip [2015-11-08]

CHR Extension: (iCloud Dashboard) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2016-06-25]

CHR Extension: (Ghostery Fixer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaegpmdlhnpldpoadmnnbddbkcdmbhb [2015-11-08]

CHR Extension: (Ghostery) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-20]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

CHR Extension: (Buffer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2016-06-24]

CHR Extension: (AT&T Extension) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\okccnkhldjgdpjclfpdnlhlofcpginnm [2016-02-20]

CHR Extension: (Readability) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2015-11-08]

CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-08]

CHR HKLM\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [149496 2016-04-18] (Performix LLC)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\MAHostService.exe [321024 2015-12-11] (Alcatel-Lucent) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)

R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe [2695920 2015-03-05] (Condusiv Technologies)

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)

R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [154656 2016-01-18] (Prosoftnet)

R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3143648 2016-06-07] (Malwarebytes)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)

R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [370176 2015-08-13] (Alcatel-Lucent) [File not signed]

R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [462336 2015-08-13] (Alcatel-Lucent) [File not signed]

S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()

S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2015-11-15] (RealNetworks, Inc.)

R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2016-02-14] (Sophos Limited)

R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2016-02-14] (Sophos Limited)

R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [636224 2016-01-15] (Sophos Limited)

R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [331048 2016-02-14] (Sophos Limited)

R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [909608 2016-02-14] (Sophos Limited)

R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341768 2016-02-14] (Sophos Limited)

R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [307848 2016-02-22] (Sophos Limited)

R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3285640 2016-02-22] (Sophos Limited)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13708016 2016-06-28] (Zemana Ltd.)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [60528 2016-03-29] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)

R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [41744 2013-05-06] (Condusiv Technologies)

R3 DKRtWrt; C:\WINDOWS\system32\drivers\DKRtWrt.sys [53520 2014-10-24] (Condusiv Technologies)

R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [119536 2014-04-14] (Condusiv Technologies)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()

R3 farflt; C:\WINDOWS\system32\drivers\farflt.sys [73600 2016-06-29] (Malwarebytes)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-06-29] (Malwarebytes)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-02-14] (Sophos Limited)

S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2016-02-14] (Sophos Limited)

S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2016-02-14] (Sophos Limited)

R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2016-02-22] (Sophos Limited)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-06-29] (Zemana Ltd.)

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-06-29] (Zemana Ltd.)

U3 idsvc; no ImagePath

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-06-29 21:01 - 2016-06-29 21:02 - 02390016 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (2).exe

2016-06-29 20:58 - 2016-06-29 20:58 - 00000000 ___SH C:\DkHyperbootSync

2016-06-29 20:56 - 2016-06-29 20:56 - 00005137 _____ C:\Users\Brian\Desktop\AdwCleaner[C1].txt

2016-06-29 20:43 - 2016-06-29 20:44 - 03703360 _____ C:\Users\Brian\Downloads\adwcleaner_5.200 (1).exe

2016-06-29 19:34 - 2016-06-29 20:50 - 00000000 ____D C:\AdwCleaner

2016-06-29 19:33 - 2016-06-29 19:33 - 03703360 _____ C:\Users\Brian\Downloads\adwcleaner_5.200.exe

2016-06-29 19:29 - 2016-06-29 21:05 - 00243245 _____ C:\WINDOWS\ZAM.krnl.trace

2016-06-29 19:29 - 2016-06-29 21:05 - 00075189 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

2016-06-29 19:29 - 2016-06-29 19:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys

2016-06-29 19:29 - 2016-06-29 19:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys

2016-06-29 19:29 - 2016-06-29 19:29 - 00001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk

2016-06-29 19:29 - 2016-06-29 19:29 - 00000000 ____D C:\Users\Brian\AppData\Local\Zemana

2016-06-29 19:29 - 2016-06-29 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

2016-06-29 19:29 - 2016-06-29 19:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware

2016-06-29 19:27 - 2016-06-29 19:28 - 05603840 _____ ( ) C:\Users\Brian\Downloads\Zemana.AntiMalware.Setup.exe

2016-06-29 19:26 - 2016-06-29 20:30 - 00000000 ____D C:\ProgramData\HitmanPro

2016-06-29 19:25 - 2016-06-29 19:26 - 11438608 _____ (SurfRight B.V.) C:\Users\Brian\Downloads\hitmanpro_x64.exe

2016-06-29 19:07 - 2016-06-29 19:07 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-06-29 19:05 - 2016-06-29 19:06 - 22851472 _____ (Malwarebytes ) C:\Users\Brian\Downloads\mbam-setup-2.2.1.1043.exe

2016-06-29 18:59 - 2016-06-29 19:24 - 00002734 _____ C:\Users\Brian\Desktop\Rkill.txt

2016-06-29 18:59 - 2016-06-29 18:59 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Brian\Downloads\rkill.exe

2016-06-29 18:56 - 2016-06-29 18:59 - 00126376 _____ C:\TDSSKiller.3.1.0.9_29.06.2016_18.56.13_log.txt

2016-06-29 18:55 - 2016-06-29 18:56 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller (1).exe

2016-06-29 18:53 - 2016-06-29 18:54 - 00126448 _____ C:\TDSSKiller.3.1.0.9_29.06.2016_18.53.21_log.txt

2016-06-29 18:52 - 2016-06-29 18:53 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller.exe

2016-06-29 18:17 - 2016-06-29 18:17 - 00347040 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-06-28 19:51 - 2016-06-28 19:51 - 00001150 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk

2016-06-28 19:50 - 2016-06-28 19:50 - 04291320 _____ (BrightFort LLC ) C:\Users\Brian\Downloads\spywareblastersetup55 (1).exe

2016-06-28 19:48 - 2016-06-28 19:50 - 04291320 _____ (BrightFort LLC ) C:\Users\Brian\Downloads\spywareblastersetup55.exe

2016-06-28 19:47 - 2016-06-28 19:52 - 00000258 __RSH C:\ProgramData\ntuser.pol

2016-06-28 19:40 - 2016-06-28 19:43 - 00002418 _____ C:\RannohDecryptor.1.9.1.1_28.06.2016_19.40.14_log.txt

2016-06-28 19:05 - 2016-06-28 19:06 - 37566080 _____ (Malwarebytes ) C:\Users\Brian\Downloads\MBARW_Setup (1).exe

2016-06-28 11:21 - 2016-02-22 11:17 - 00032512 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys

2016-06-26 15:55 - 2016-06-26 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2016-06-26 15:50 - 2016-06-29 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

2016-06-26 15:50 - 2016-06-26 15:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

2016-06-26 15:48 - 2016-06-26 15:54 - 01858888 _____ (Malwarebytes ) C:\Users\Brian\Downloads\mbae-setup-1.08.1.2563.exe

2016-06-26 14:27 - 2016-06-26 14:27 - 00001124 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2016-06-25 21:52 - 2016-06-25 22:14 - 00004276 _____ C:\RannohDecryptor.1.9.1.1_25.06.2016_21.52.24_log.txt

2016-06-25 21:51 - 2016-06-25 21:52 - 00648344 _____ (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\rannohdecryptor.exe

2016-06-25 19:28 - 2016-06-29 20:54 - 00073600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2016-06-25 19:28 - 2016-06-28 19:11 - 00001948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk

2016-06-25 19:28 - 2016-06-28 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2016-06-25 19:28 - 2016-06-25 19:28 - 00000000 ____D C:\Program Files\Malwarebytes

2016-06-25 19:27 - 2016-06-28 19:10 - 37566080 _____ (Malwarebytes ) C:\Users\Brian\Downloads\MBARW_Setup.exe

2016-06-25 18:32 - 2016-06-25 18:35 - 02387456 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (1).exe

2016-06-25 15:58 - 2016-06-25 18:40 - 01794606 _____ C:\Users\Brian\Downloads\Shortcut.txt

2016-06-25 15:55 - 2016-06-25 15:58 - 00049113 _____ C:\Users\Brian\Downloads\Addition.txt

2016-06-25 15:51 - 2016-06-29 21:05 - 00062870 _____ C:\Users\Brian\Downloads\FRST.txt

2016-06-25 15:51 - 2016-06-29 21:03 - 00000000 ____D C:\FRST

2016-06-25 15:50 - 2016-06-25 15:51 - 02387456 _____ (Farbar) C:\Users\Brian\Downloads\FRST64.exe

2016-06-21 18:58 - 2016-06-21 18:58 - 06995720 _____ (Piriform Ltd) C:\Users\Brian\Downloads\ccsetup519.exe

2016-06-21 18:58 - 2016-06-21 18:58 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-06-17 21:22 - 2016-05-28 01:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-06-17 21:22 - 2016-05-28 01:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-06-17 21:22 - 2016-05-28 01:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2016-06-17 21:22 - 2016-05-28 00:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll

2016-06-17 21:22 - 2016-05-28 00:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-06-17 21:22 - 2016-05-28 00:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll

2016-06-17 21:22 - 2016-05-28 00:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll

2016-06-17 21:22 - 2016-05-28 00:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-06-17 21:22 - 2016-05-28 00:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-06-17 21:22 - 2016-05-28 00:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-06-17 21:22 - 2016-05-28 00:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-06-17 21:22 - 2016-05-28 00:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-06-17 21:22 - 2016-05-28 00:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2016-06-17 21:22 - 2016-05-28 00:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2016-06-17 21:22 - 2016-05-28 00:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

2016-06-17 21:22 - 2016-05-28 00:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2016-06-17 21:22 - 2016-05-27 23:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-06-17 21:22 - 2016-05-27 23:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-06-17 21:22 - 2016-05-27 23:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2016-06-17 21:22 - 2016-05-27 23:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2016-06-17 21:22 - 2016-05-27 23:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll

2016-06-17 21:22 - 2016-05-27 23:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll

2016-06-17 21:22 - 2016-05-27 23:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2016-06-17 21:22 - 2016-05-27 23:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2016-06-17 21:22 - 2016-05-27 23:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2016-06-17 21:22 - 2016-05-27 23:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2016-06-17 21:22 - 2016-05-27 23:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-06-17 21:22 - 2016-05-27 23:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe

2016-06-17 21:22 - 2016-05-27 23:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll

2016-06-17 21:22 - 2016-05-27 23:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys

2016-06-17 21:22 - 2016-05-27 23:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe

2016-06-17 21:22 - 2016-05-27 23:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll

2016-06-17 21:22 - 2016-05-27 23:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-06-17 21:22 - 2016-05-27 23:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-06-17 21:22 - 2016-05-27 23:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2016-06-17 21:22 - 2016-05-27 23:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll

2016-06-17 21:22 - 2016-05-27 23:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll

2016-06-17 21:22 - 2016-05-27 23:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll

2016-06-17 21:22 - 2016-05-27 23:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll

2016-06-17 21:22 - 2016-05-27 23:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-06-17 21:22 - 2016-05-27 23:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2016-06-17 21:22 - 2016-05-27 23:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll

2016-06-17 21:22 - 2016-05-27 23:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll

2016-06-17 21:22 - 2016-05-27 23:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2016-06-17 21:22 - 2016-05-27 23:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll

2016-06-17 21:22 - 2016-05-27 23:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll

2016-06-17 21:22 - 2016-05-27 23:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2016-06-17 21:22 - 2016-05-27 23:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-06-17 21:22 - 2016-05-27 23:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2016-06-17 21:22 - 2016-05-27 23:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-06-17 21:22 - 2016-05-27 23:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2016-06-17 21:22 - 2016-05-27 23:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2016-06-17 21:22 - 2016-05-27 23:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2016-06-17 21:22 - 2016-05-27 23:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2016-06-17 21:22 - 2016-05-27 23:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-06-17 21:22 - 2016-05-27 23:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2016-06-17 21:22 - 2016-05-27 23:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2016-06-17 21:22 - 2016-05-27 23:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-06-17 21:22 - 2016-05-27 23:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll

2016-06-17 21:22 - 2016-05-27 23:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll

2016-06-17 21:22 - 2016-05-27 23:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2016-06-17 21:22 - 2016-05-27 23:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2016-06-17 21:22 - 2016-05-27 23:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2016-06-17 21:22 - 2016-05-27 23:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2016-06-17 21:22 - 2016-05-27 23:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2016-06-17 21:22 - 2016-05-27 23:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-06-17 21:22 - 2016-05-27 23:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll

2016-06-17 21:22 - 2016-05-27 23:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll

2016-06-17 21:22 - 2016-05-27 23:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2016-06-17 21:22 - 2016-05-27 23:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2016-06-17 21:22 - 2016-05-27 23:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2016-06-17 21:22 - 2016-05-27 23:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2016-06-17 21:22 - 2016-05-27 23:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2016-06-17 21:22 - 2016-05-27 23:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2016-06-17 21:22 - 2016-05-27 23:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll

2016-06-17 21:22 - 2016-05-27 23:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2016-06-17 21:22 - 2016-05-27 23:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2016-06-17 21:22 - 2016-05-27 23:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll

2016-06-17 21:22 - 2016-05-27 23:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2016-06-17 21:22 - 2016-05-27 23:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

2016-06-17 21:22 - 2016-05-27 23:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2016-06-17 21:22 - 2016-05-27 23:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2016-06-17 21:22 - 2016-05-27 23:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2016-06-17 21:22 - 2016-05-27 23:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-06-17 21:22 - 2016-05-27 23:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2016-06-17 21:22 - 2016-05-27 23:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-06-17 21:22 - 2016-05-27 23:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2016-06-17 21:22 - 2016-05-27 23:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll

2016-06-17 21:22 - 2016-05-27 23:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2016-06-17 21:22 - 2016-05-27 23:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-06-17 21:22 - 2016-05-27 23:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-06-17 21:22 - 2016-05-27 23:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll

2016-06-17 21:22 - 2016-05-27 23:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2016-06-17 21:22 - 2016-05-27 23:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2016-06-17 21:22 - 2016-05-27 23:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2016-06-17 21:22 - 2016-05-27 23:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2016-06-17 21:22 - 2016-05-27 23:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll

2016-06-17 21:22 - 2016-05-27 23:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-06-17 21:22 - 2016-05-27 23:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-06-17 21:22 - 2016-05-27 23:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2016-06-17 21:22 - 2016-05-27 23:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-06-17 21:22 - 2016-05-27 23:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll

2016-06-17 21:22 - 2016-05-27 23:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-06-17 21:22 - 2016-05-27 23:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-06-17 21:22 - 2016-05-27 23:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll

2016-06-17 21:22 - 2016-05-27 23:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-06-17 21:22 - 2016-05-27 23:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-06-17 21:22 - 2016-05-27 23:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-06-17 21:22 - 2016-05-27 23:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2016-06-17 21:22 - 2016-05-27 22:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-06-17 21:22 - 2016-05-27 22:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-06-17 21:22 - 2016-05-27 22:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-06-17 21:22 - 2016-05-27 22:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2016-06-17 21:22 - 2016-05-27 22:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-06-17 21:22 - 2016-05-27 22:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-06-17 21:21 - 2016-05-28 01:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-06-17 21:21 - 2016-05-28 01:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-06-17 21:21 - 2016-05-28 01:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-06-17 21:21 - 2016-05-28 00:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll

2016-06-17 21:21 - 2016-05-28 00:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll

2016-06-17 21:21 - 2016-05-28 00:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2016-06-17 21:21 - 2016-05-28 00:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys

2016-06-17 21:21 - 2016-05-28 00:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys

2016-06-17 21:21 - 2016-05-28 00:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll

2016-06-17 21:21 - 2016-05-28 00:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2016-06-17 21:21 - 2016-05-28 00:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe

2016-06-17 21:21 - 2016-05-28 00:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-06-17 21:21 - 2016-05-28 00:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys

2016-06-17 21:21 - 2016-05-28 00:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-06-17 21:21 - 2016-05-28 00:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-06-17 21:21 - 2016-05-28 00:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2016-06-17 21:21 - 2016-05-28 00:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-06-17 21:21 - 2016-05-28 00:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2016-06-17 21:21 - 2016-05-28 00:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe

2016-06-17 21:21 - 2016-05-28 00:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe

2016-06-17 21:21 - 2016-05-28 00:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-06-17 21:21 - 2016-05-28 00:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2016-06-17 21:21 - 2016-05-28 00:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2016-06-17 21:21 - 2016-05-28 00:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2016-06-17 21:21 - 2016-05-28 00:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll

2016-06-17 21:21 - 2016-05-28 00:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll

2016-06-17 21:21 - 2016-05-28 00:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll

2016-06-17 21:21 - 2016-05-27 23:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-06-17 21:21 - 2016-05-27 23:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2016-06-17 21:21 - 2016-05-27 23:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

2016-06-17 21:21 - 2016-05-27 23:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll

2016-06-17 21:21 - 2016-05-27 23:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2016-06-17 21:21 - 2016-05-27 23:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll

2016-06-17 21:21 - 2016-05-27 23:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe

2016-06-17 21:21 - 2016-05-27 23:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe

2016-06-17 21:21 - 2016-05-27 23:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll

2016-06-17 21:21 - 2016-05-27 23:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys

2016-06-17 21:21 - 2016-05-27 23:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2016-06-17 21:21 - 2016-05-27 23:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll

2016-06-17 21:21 - 2016-05-27 23:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll

2016-06-17 21:21 - 2016-05-27 23:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys

2016-06-17 21:21 - 2016-05-27 23:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll

2016-06-17 21:21 - 2016-05-27 23:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2016-06-17 21:21 - 2016-05-27 23:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2016-06-17 21:21 - 2016-05-27 23:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys

2016-06-17 21:21 - 2016-05-27 23:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll

2016-06-17 21:21 - 2016-05-27 23:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2016-06-17 21:21 - 2016-05-27 23:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll

2016-06-17 21:21 - 2016-05-27 23:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-06-17 21:21 - 2016-05-27 23:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll

2016-06-17 21:21 - 2016-05-27 23:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll

2016-06-17 21:21 - 2016-05-27 23:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll

2016-06-17 21:21 - 2016-05-27 23:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll

2016-06-17 21:21 - 2016-05-27 23:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll

2016-06-17 21:21 - 2016-05-27 23:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll

2016-06-17 21:21 - 2016-05-27 23:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll

2016-06-17 21:21 - 2016-05-27 23:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll

2016-06-17 21:21 - 2016-05-27 23:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2016-06-17 21:21 - 2016-05-27 23:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll

2016-06-17 21:21 - 2016-05-27 23:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL

2016-06-17 21:21 - 2016-05-27 23:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll

2016-06-17 21:21 - 2016-05-27 23:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2016-06-17 21:21 - 2016-05-27 23:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

2016-06-17 21:21 - 2016-05-27 23:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2016-06-17 21:21 - 2016-05-27 23:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2016-06-17 21:21 - 2016-05-27 23:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2016-06-17 21:21 - 2016-05-27 23:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2016-06-17 21:21 - 2016-05-27 23:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll

2016-06-17 21:21 - 2016-05-27 23:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll

2016-06-17 21:21 - 2016-05-27 23:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2016-06-17 21:21 - 2016-05-27 23:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll

2016-06-17 21:21 - 2016-05-27 23:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2016-06-17 21:21 - 2016-05-27 23:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2016-06-17 21:21 - 2016-05-27 23:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2016-06-17 21:21 - 2016-05-27 23:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2016-06-17 21:21 - 2016-05-27 23:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-06-17 21:21 - 2016-05-27 23:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-06-17 21:21 - 2016-05-27 23:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll

2016-06-17 21:21 - 2016-05-27 23:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2016-06-17 21:21 - 2016-05-27 23:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2016-06-17 21:21 - 2016-05-27 23:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2016-06-17 21:21 - 2016-05-27 23:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll

2016-06-17 21:21 - 2016-05-27 23:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll

2016-06-17 21:21 - 2016-05-27 23:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll

2016-06-17 21:21 - 2016-05-27 23:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2016-06-17 21:21 - 2016-05-27 23:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2016-06-17 21:21 - 2016-05-27 23:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2016-06-17 21:21 - 2016-05-27 23:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-06-17 21:21 - 2016-05-27 23:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2016-06-17 21:21 - 2016-05-27 23:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2016-06-17 21:21 - 2016-05-27 23:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2016-06-17 21:21 - 2016-05-27 22:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2016-06-17 21:21 - 2016-05-27 22:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-06-17 21:21 - 2016-05-27 22:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll

2016-06-17 21:20 - 2016-05-27 23:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-06-17 21:20 - 2016-05-27 23:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-06-17 21:20 - 2016-05-27 23:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-06-17 21:20 - 2016-05-27 23:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-06-17 21:20 - 2016-05-27 23:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-06-17 21:20 - 2016-05-27 23:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-06-17 19:33 - 2016-06-17 19:33 - 20461248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

2016-06-14 17:41 - 2016-06-14 17:41 - 00038662 _____ C:\Users\Brian\Downloads\We_Energies_bill_2016_06_13_0780.pdf

2016-06-05 16:51 - 2016-06-26 23:42 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBrian.job

2016-06-05 16:51 - 2016-06-26 18:28 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBrian

2016-06-03 18:33 - 2016-06-03 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2016-06-03 18:32 - 2016-06-03 18:33 - 00000000 ____D C:\Program Files\iTunes

2016-06-03 18:32 - 2016-06-03 18:32 - 00000000 ____D C:\Program Files\iPod

2016-06-03 18:32 - 2016-06-03 18:32 - 00000000 ____D C:\Program Files (x86)\iTunes

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-06-29 21:06 - 2015-12-09 18:52 - 00000000 ____D C:\ProgramData\IDrive

2016-06-29 21:05 - 2016-03-21 18:25 - 00000000 ____D C:\ProgramData\Adguard

2016-06-29 20:54 - 2015-11-09 23:24 - 00217328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-06-29 20:53 - 2016-03-21 18:25 - 00000000 ____D C:\Program Files (x86)\Adguard

2016-06-29 20:53 - 2016-02-20 19:17 - 00000000 ____D C:\Program Files (x86)\ATT

2016-06-29 20:53 - 2015-11-08 17:49 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-06-29 20:52 - 2015-11-29 22:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-06-29 20:51 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

2016-06-29 20:35 - 2016-05-09 13:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-06-29 20:04 - 2015-11-09 19:12 - 00000000 ____D C:\Users\Brian\Documents\Outlook Files

2016-06-29 20:01 - 2015-11-08 16:29 - 00000000 ____D C:\Users\Brian\AppData\Local\Packages

2016-06-29 19:07 - 2015-11-09 23:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-06-29 18:26 - 2015-11-08 17:16 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A90AF15-7882-4AC8-940B-8F4B42CF74AC}

2016-06-29 11:02 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-06-29 11:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-06-28 20:14 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF

2016-06-28 19:53 - 2011-07-15 01:05 - 00000000 ____D C:\ProgramData\Temp

2016-06-28 19:52 - 2015-11-11 17:41 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2016-06-28 19:51 - 2015-11-11 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2016-06-26 14:42 - 2015-11-08 17:49 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-06-26 14:27 - 2015-11-11 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2016-06-25 20:13 - 2015-11-15 13:58 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Dashlane

2016-06-25 19:28 - 2015-11-09 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-06-25 19:04 - 2016-05-25 18:34 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job

2016-06-25 16:29 - 2015-11-29 22:40 - 00000000 ____D C:\Users\Brian

2016-06-25 15:45 - 2015-11-08 15:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-06-25 15:45 - 2015-11-08 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-06-25 13:19 - 2015-11-08 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-06-23 07:41 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-06-23 07:35 - 2011-07-15 01:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2016-06-19 19:08 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-06-18 04:24 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-06-18 04:14 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs

2016-06-18 04:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2016-06-18 04:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-06-18 04:08 - 2015-11-08 05:17 - 00003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBRIAN-HP$

2016-06-18 04:08 - 2015-11-08 05:17 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBRIAN-HP$.job

2016-06-18 03:12 - 2015-11-08 05:53 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-06-18 03:01 - 2015-11-08 05:53 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-06-17 19:34 - 2016-05-25 18:34 - 00003968 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier

2016-06-15 15:40 - 2010-11-20 22:27 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2016-06-14 13:33 - 2015-10-30 02:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-06-14 13:33 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2016-06-03 18:37 - 2016-02-07 04:20 - 00000000 ____D C:\Users\Brian\AppData\Roaming\brave

2016-06-03 18:32 - 2015-11-09 18:16 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-06-02 22:18 - 2016-03-05 22:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-06-02 18:32 - 2016-01-22 23:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

 

==================== Files in the root of some directories =======

 

2016-03-17 20:24 - 2016-03-17 20:24 - 0007602 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg

2015-11-08 17:13 - 2015-11-08 17:13 - 0000057 _____ () C:\ProgramData\Ament.ini

2016-03-21 18:26 - 2016-03-21 18:26 - 0000258 _____ () C:\ProgramData\fontcacheev1.dat

 

Files to move or delete:

====================

C:\ProgramData\fontcacheev1.dat

 

 

Some files in TEMP:

====================

C:\Users\Brian\AppData\Local\Temp\libeay32.dll

C:\Users\Brian\AppData\Local\Temp\msvcr120.dll

C:\Users\Brian\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-06-19 15:35

 

==================== End of FRST.txt ============================

 


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggTdgpdUg4TERgRcg5eTA1BF1EOIVpbBxRIEVdHJgEJAl8UQwQFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"

 

 

This is probably the evildoer.

 

We'll remove it and some dead wood with a fixlist.

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   5.69KB   51 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Did that help?
 
 
 

  • 0

#5
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

It seems to have worked. However, I have gone as long as two days without any problems and then it hits. So I am cautiously optimistic, but I won't be in the clear for about two more days.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Brian (2016-06-30 22:51:12) Run:2
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian & DefaultAppPool (Available Profiles: Brian & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
FF Plugin HKU\S-1-5-21-1563961910-250262785-1644635927-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]
FF HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Brian\AppData\Roaming\Dashlane\3.6.0.97092\Extensions\JetPack_expanded\[email protected] => not found
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggTdgpdUg4TERgRcg5eTA1BF1EOIVpbBxRIEVdHJgEJAl8UQwQFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE6T1pU"
U3 idsvc; no ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
Task: {21A8972F-F82B-439F-950B-2B0A8A4B4EB7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D26EA5F5-70FD-4338-9E4D-493EEB5AF8AC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D96448E4-FD9F-41FE-8DAC-AA34F46B8DFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E43372F5-C9FD-400E-8679-530A33C405E9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3405A3D3-8CA2-4CA9-8BE6-43537AE3CE04} - System32\Tasks\ModemBooster_networkMonitor => C:\Program Files (x86)\inKline Global\Modem Booster\mbtray.exe
Task: {F4527842-FB71-44AD-BC7E-8B82C84A2247} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {EC38A472-87B2-4E3E-8034-92E250279398} - System32\Tasks\ModemBooster_notification => C:\Program Files (x86)\inKline Global\Modem Booster\ModemBooster.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBRIAN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBrian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&tp=onlinesvs&s=quickenfc&pf=cndt&c=113&TYPE=4EC:\Program Files (x86)\Online Services\quickenfc\financial_center.ico (No File)
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by Brian (administrator) on BRIAN-HP (30-06-2016 23:25:10)
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\MAHostService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\node.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Repkasoft) C:\Program Files (x86)\YoWindow\yowindow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.5.1.16\ma\bin\pcTrayApp.exe [2943488 2015-12-11] (Alcatel-Lucent)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13708016 2016-06-28] (Zemana Ltd.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286992 2015-11-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [72736 2016-01-18] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1985056 2016-01-18] (Prosoftnet)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1596200 2016-01-15] (Sophos Limited)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\dashlane.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\dashlane.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\dashlane\procdump.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\dashlaneplugin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\dashlane\dashlaneplugin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\procdump.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\dashlane\dashlane.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\dashlaneplugin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\procdump.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\dashlane\procdump.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\dashlane\dashlane.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\dashlane\dashlaneplugin.exe <====== ATTENTION
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-06-02] (SUPERAntiSpyware)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Dashlane] => C:\Users\Brian\AppData\Roaming\Dashlane\Dashlane.exe [227200 2016-06-03] ()
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [DashlanePlugin] => C:\Users\Brian\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-06-03] ()
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5578232 2016-04-18] (Performix LLC)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\RunOnce: [Uninstall C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\yowindow.scr [859080 2015-12-21] (repkasoft)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [275352 2016-02-22] (Sophos Limited)
ShellIconOverlayIdentifiers: [  0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-06-28]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-11-15]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk [2016-01-22]
ShortcutTarget: YoWindow.lnk -> C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2015-11-29] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{136f715d-1007-4cf1-8adb-aa43da411b61}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {C46296C9-9FB6-4509-8294-68FA8F44E6DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {F2B5E2C6-4DFD-420A-80B7-6DDC3D8989CA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {F813F595-1DA6-4476-915D-E3C2FDF0B758} URL = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Brian\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-06-03] (Dashlane)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Brian\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-06-03] (Dashlane)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [2015-12-11] (AT&T)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-11-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-11-15] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: AT&T Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2016-04-02] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-12]
CHR Extension: (No Name) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (No Name) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-08]
CHR Extension: (Assassin's Creed III) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn [2015-11-08]
CHR Extension: (No Name) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-30]
CHR Extension: (Yahoo Partner) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-06-30]
CHR Extension: (No Name) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-08]
CHR HKLM\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [149496 2016-04-18] (Performix LLC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\MAHostService.exe [321024 2015-12-11] (Alcatel-Lucent) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe [2695920 2015-03-05] (Condusiv Technologies)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [154656 2016-01-18] (Prosoftnet)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3143648 2016-06-07] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [370176 2015-08-13] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [462336 2015-08-13] (Alcatel-Lucent) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2015-11-15] (RealNetworks, Inc.)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2016-02-14] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2016-02-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [636224 2016-01-15] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [331048 2016-02-14] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [909608 2016-02-14] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341768 2016-02-14] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [307848 2016-02-22] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3285640 2016-02-22] (Sophos Limited)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13708016 2016-06-28] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [60528 2016-03-29] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [41744 2013-05-06] (Condusiv Technologies)
R3 DKRtWrt; C:\WINDOWS\system32\drivers\DKRtWrt.sys [53520 2014-10-24] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [119536 2014-04-14] (Condusiv Technologies)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()
R3 farflt; C:\WINDOWS\system32\drivers\farflt.sys [73600 2016-06-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-06-30] (Malwarebytes)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-02-14] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2016-02-14] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2016-02-14] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2016-02-22] (Sophos Limited)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-06-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-06-29] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 23:03 - 2016-06-30 23:03 - 02390016 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (6).exe
2016-06-30 22:53 - 2016-06-30 22:53 - 00000000 ____D C:\Users\Brian\AppData\Local\Macromedia
2016-06-30 22:43 - 2016-06-30 22:43 - 00005826 _____ C:\Users\Brian\Downloads\fixlist (1).txt
2016-06-30 22:42 - 2016-06-30 22:53 - 00007310 _____ C:\Users\Brian\Desktop\Fixlog.txt
2016-06-30 22:42 - 2016-06-30 22:41 - 02390016 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe
2016-06-30 22:39 - 2016-06-30 22:39 - 02390016 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (5).exe
2016-06-30 22:38 - 2016-06-30 22:38 - 02390016 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (4).exe
2016-06-30 22:36 - 2016-06-30 22:36 - 02390016 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (3).exe
2016-06-30 22:24 - 2016-06-30 22:24 - 00005826 _____ C:\Users\Brian\Downloads\fixlist.txt
2016-06-30 21:35 - 2016-06-30 23:24 - 00000000 ___SH C:\DkHyperbootSync
2016-06-29 21:12 - 2016-06-30 23:26 - 00055480 _____ C:\Users\Brian\Desktop\FRST.txt
2016-06-29 21:01 - 2016-06-29 21:02 - 02390016 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (2).exe
2016-06-29 20:56 - 2016-06-29 20:56 - 00005137 _____ C:\Users\Brian\Desktop\AdwCleaner[C1].txt
2016-06-29 20:43 - 2016-06-29 20:44 - 03703360 _____ C:\Users\Brian\Downloads\adwcleaner_5.200 (1).exe
2016-06-29 19:34 - 2016-06-29 20:50 - 00000000 ____D C:\AdwCleaner
2016-06-29 19:33 - 2016-06-29 19:33 - 03703360 _____ C:\Users\Brian\Downloads\adwcleaner_5.200.exe
2016-06-29 19:29 - 2016-06-30 23:26 - 00145481 _____ C:\WINDOWS\ZAM.krnl.trace
2016-06-29 19:29 - 2016-06-30 23:26 - 00049271 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-06-29 19:29 - 2016-06-29 19:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-06-29 19:29 - 2016-06-29 19:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-06-29 19:29 - 2016-06-29 19:29 - 00001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-06-29 19:29 - 2016-06-29 19:29 - 00000000 ____D C:\Users\Brian\AppData\Local\Zemana
2016-06-29 19:29 - 2016-06-29 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-06-29 19:29 - 2016-06-29 19:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-06-29 19:27 - 2016-06-29 19:28 - 05603840 _____ ( ) C:\Users\Brian\Downloads\Zemana.AntiMalware.Setup.exe
2016-06-29 19:26 - 2016-06-29 20:30 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-29 19:25 - 2016-06-29 19:26 - 11438608 _____ (SurfRight B.V.) C:\Users\Brian\Downloads\hitmanpro_x64.exe
2016-06-29 19:07 - 2016-06-29 19:07 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-29 19:05 - 2016-06-29 19:06 - 22851472 _____ (Malwarebytes ) C:\Users\Brian\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-29 18:59 - 2016-06-29 19:24 - 00002734 _____ C:\Users\Brian\Desktop\Rkill.txt
2016-06-29 18:59 - 2016-06-29 18:59 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Brian\Downloads\rkill.exe
2016-06-29 18:56 - 2016-06-29 18:59 - 00126376 _____ C:\TDSSKiller.3.1.0.9_29.06.2016_18.56.13_log.txt
2016-06-29 18:55 - 2016-06-29 18:56 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller (1).exe
2016-06-29 18:53 - 2016-06-29 18:54 - 00126448 _____ C:\TDSSKiller.3.1.0.9_29.06.2016_18.53.21_log.txt
2016-06-29 18:52 - 2016-06-29 18:53 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller.exe
2016-06-29 18:17 - 2016-06-29 18:17 - 00347040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-28 19:51 - 2016-06-28 19:51 - 00001150 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2016-06-28 19:50 - 2016-06-28 19:50 - 04291320 _____ (BrightFort LLC ) C:\Users\Brian\Downloads\spywareblastersetup55 (1).exe
2016-06-28 19:48 - 2016-06-28 19:50 - 04291320 _____ (BrightFort LLC ) C:\Users\Brian\Downloads\spywareblastersetup55.exe
2016-06-28 19:47 - 2016-06-28 19:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-28 19:40 - 2016-06-28 19:43 - 00002418 _____ C:\RannohDecryptor.1.9.1.1_28.06.2016_19.40.14_log.txt
2016-06-28 19:05 - 2016-06-28 19:06 - 37566080 _____ (Malwarebytes ) C:\Users\Brian\Downloads\MBARW_Setup (1).exe
2016-06-28 11:21 - 2016-02-22 11:17 - 00032512 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2016-06-26 15:55 - 2016-06-26 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-06-26 15:50 - 2016-06-30 22:27 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-26 15:50 - 2016-06-26 15:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-06-26 15:48 - 2016-06-26 15:54 - 01858888 _____ (Malwarebytes ) C:\Users\Brian\Downloads\mbae-setup-1.08.1.2563.exe
2016-06-26 14:27 - 2016-06-26 14:27 - 00001124 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-06-25 21:52 - 2016-06-25 22:14 - 00004276 _____ C:\RannohDecryptor.1.9.1.1_25.06.2016_21.52.24_log.txt
2016-06-25 21:51 - 2016-06-25 21:52 - 00648344 _____ (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\rannohdecryptor.exe
2016-06-25 19:28 - 2016-06-30 23:18 - 00073600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-06-25 19:28 - 2016-06-28 19:11 - 00001948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-06-25 19:28 - 2016-06-28 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-06-25 19:28 - 2016-06-25 19:28 - 00000000 ____D C:\Program Files\Malwarebytes
2016-06-25 19:27 - 2016-06-28 19:10 - 37566080 _____ (Malwarebytes ) C:\Users\Brian\Downloads\MBARW_Setup.exe
2016-06-25 18:32 - 2016-06-25 18:35 - 02387456 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (1).exe
2016-06-25 15:58 - 2016-06-25 18:40 - 01794606 _____ C:\Users\Brian\Downloads\Shortcut.txt
2016-06-25 15:55 - 2016-06-29 21:09 - 00054149 _____ C:\Users\Brian\Downloads\Addition.txt
2016-06-25 15:51 - 2016-06-30 23:25 - 00000000 ____D C:\FRST
2016-06-25 15:51 - 2016-06-29 21:11 - 00100150 _____ C:\Users\Brian\Downloads\FRST.txt
2016-06-25 15:50 - 2016-06-25 15:51 - 02387456 _____ (Farbar) C:\Users\Brian\Downloads\FRST64.exe
2016-06-21 18:58 - 2016-06-21 18:58 - 06995720 _____ (Piriform Ltd) C:\Users\Brian\Downloads\ccsetup519.exe
2016-06-21 18:58 - 2016-06-21 18:58 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-17 21:22 - 2016-05-28 01:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-17 21:22 - 2016-05-28 01:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-17 21:22 - 2016-05-28 01:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-17 21:22 - 2016-05-28 00:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-17 21:22 - 2016-05-28 00:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-17 21:22 - 2016-05-28 00:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-17 21:22 - 2016-05-28 00:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-17 21:22 - 2016-05-28 00:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-17 21:22 - 2016-05-28 00:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-17 21:22 - 2016-05-28 00:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-17 21:22 - 2016-05-28 00:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-17 21:22 - 2016-05-28 00:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-17 21:22 - 2016-05-28 00:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-17 21:22 - 2016-05-28 00:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-17 21:22 - 2016-05-28 00:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-17 21:22 - 2016-05-28 00:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-17 21:22 - 2016-05-27 23:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-17 21:22 - 2016-05-27 23:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-17 21:22 - 2016-05-27 23:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-17 21:22 - 2016-05-27 23:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-17 21:22 - 2016-05-27 23:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-17 21:22 - 2016-05-27 23:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-17 21:22 - 2016-05-27 23:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-17 21:22 - 2016-05-27 23:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-17 21:22 - 2016-05-27 23:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-17 21:22 - 2016-05-27 23:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-17 21:22 - 2016-05-27 23:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-17 21:22 - 2016-05-27 23:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-17 21:22 - 2016-05-27 23:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-17 21:22 - 2016-05-27 23:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-17 21:22 - 2016-05-27 23:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-17 21:22 - 2016-05-27 23:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-17 21:22 - 2016-05-27 23:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-17 21:22 - 2016-05-27 23:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-17 21:22 - 2016-05-27 23:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-17 21:22 - 2016-05-27 23:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-17 21:22 - 2016-05-27 23:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-17 21:22 - 2016-05-27 23:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-17 21:22 - 2016-05-27 23:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-17 21:22 - 2016-05-27 23:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-17 21:22 - 2016-05-27 23:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-17 21:22 - 2016-05-27 23:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-17 21:22 - 2016-05-27 23:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-17 21:22 - 2016-05-27 23:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-17 21:22 - 2016-05-27 23:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-17 21:22 - 2016-05-27 23:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-17 21:22 - 2016-05-27 23:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-17 21:22 - 2016-05-27 23:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-17 21:22 - 2016-05-27 23:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-17 21:22 - 2016-05-27 23:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-17 21:22 - 2016-05-27 23:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-17 21:22 - 2016-05-27 23:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-17 21:22 - 2016-05-27 23:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-17 21:22 - 2016-05-27 23:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-17 21:22 - 2016-05-27 23:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-17 21:22 - 2016-05-27 23:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-17 21:22 - 2016-05-27 23:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-17 21:22 - 2016-05-27 23:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-17 21:22 - 2016-05-27 23:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-17 21:22 - 2016-05-27 23:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-17 21:22 - 2016-05-27 23:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-17 21:22 - 2016-05-27 23:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-17 21:22 - 2016-05-27 23:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-17 21:22 - 2016-05-27 23:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-17 21:22 - 2016-05-27 23:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-17 21:22 - 2016-05-27 23:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-17 21:22 - 2016-05-27 23:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-17 21:22 - 2016-05-27 23:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-17 21:22 - 2016-05-27 23:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-17 21:22 - 2016-05-27 23:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-17 21:22 - 2016-05-27 23:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-17 21:22 - 2016-05-27 23:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-17 21:22 - 2016-05-27 23:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-17 21:22 - 2016-05-27 23:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-17 21:22 - 2016-05-27 23:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-17 21:22 - 2016-05-27 23:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-17 21:22 - 2016-05-27 23:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-17 21:22 - 2016-05-27 23:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-17 21:22 - 2016-05-27 23:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-17 21:22 - 2016-05-27 23:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-17 21:22 - 2016-05-27 23:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-17 21:22 - 2016-05-27 23:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-17 21:22 - 2016-05-27 23:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-17 21:22 - 2016-05-27 23:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-17 21:22 - 2016-05-27 23:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-17 21:22 - 2016-05-27 23:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-17 21:22 - 2016-05-27 23:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-17 21:22 - 2016-05-27 23:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-17 21:22 - 2016-05-27 23:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-17 21:22 - 2016-05-27 23:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-17 21:22 - 2016-05-27 23:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-17 21:22 - 2016-05-27 23:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-17 21:22 - 2016-05-27 23:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-17 21:22 - 2016-05-27 23:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-17 21:22 - 2016-05-27 23:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-17 21:22 - 2016-05-27 23:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-17 21:22 - 2016-05-27 23:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-17 21:22 - 2016-05-27 23:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-17 21:22 - 2016-05-27 23:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-17 21:22 - 2016-05-27 23:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-17 21:22 - 2016-05-27 23:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-17 21:22 - 2016-05-27 23:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-17 21:22 - 2016-05-27 23:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-17 21:22 - 2016-05-27 23:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-17 21:22 - 2016-05-27 23:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-17 21:22 - 2016-05-27 23:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-17 21:22 - 2016-05-27 23:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-17 21:22 - 2016-05-27 23:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-17 21:22 - 2016-05-27 23:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-17 21:22 - 2016-05-27 22:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-17 21:22 - 2016-05-27 22:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-17 21:22 - 2016-05-27 22:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-17 21:22 - 2016-05-27 22:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-17 21:22 - 2016-05-27 22:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-17 21:22 - 2016-05-27 22:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-17 21:21 - 2016-05-28 01:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-17 21:21 - 2016-05-28 01:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-17 21:21 - 2016-05-28 01:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-17 21:21 - 2016-05-28 00:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-17 21:21 - 2016-05-28 00:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-17 21:21 - 2016-05-28 00:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-17 21:21 - 2016-05-28 00:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-17 21:21 - 2016-05-28 00:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-17 21:21 - 2016-05-28 00:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-17 21:21 - 2016-05-28 00:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-17 21:21 - 2016-05-28 00:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-17 21:21 - 2016-05-28 00:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-17 21:21 - 2016-05-28 00:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-17 21:21 - 2016-05-28 00:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-17 21:21 - 2016-05-28 00:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-17 21:21 - 2016-05-28 00:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-17 21:21 - 2016-05-28 00:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-17 21:21 - 2016-05-28 00:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-17 21:21 - 2016-05-28 00:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-17 21:21 - 2016-05-28 00:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-17 21:21 - 2016-05-28 00:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-17 21:21 - 2016-05-28 00:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-17 21:21 - 2016-05-28 00:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-17 21:21 - 2016-05-28 00:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-17 21:21 - 2016-05-28 00:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-17 21:21 - 2016-05-28 00:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-17 21:21 - 2016-05-28 00:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-17 21:21 - 2016-05-27 23:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-17 21:21 - 2016-05-27 23:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-17 21:21 - 2016-05-27 23:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-17 21:21 - 2016-05-27 23:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-17 21:21 - 2016-05-27 23:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-17 21:21 - 2016-05-27 23:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-17 21:21 - 2016-05-27 23:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-17 21:21 - 2016-05-27 23:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-17 21:21 - 2016-05-27 23:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-17 21:21 - 2016-05-27 23:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-17 21:21 - 2016-05-27 23:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-17 21:21 - 2016-05-27 23:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-17 21:21 - 2016-05-27 23:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-17 21:21 - 2016-05-27 23:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-17 21:21 - 2016-05-27 23:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-17 21:21 - 2016-05-27 23:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-17 21:21 - 2016-05-27 23:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-17 21:21 - 2016-05-27 23:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-17 21:21 - 2016-05-27 23:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-17 21:21 - 2016-05-27 23:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-17 21:21 - 2016-05-27 23:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-17 21:21 - 2016-05-27 23:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-17 21:21 - 2016-05-27 23:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-17 21:21 - 2016-05-27 23:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-17 21:21 - 2016-05-27 23:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-17 21:21 - 2016-05-27 23:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-17 21:21 - 2016-05-27 23:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-17 21:21 - 2016-05-27 23:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-17 21:21 - 2016-05-27 23:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-17 21:21 - 2016-05-27 23:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-17 21:21 - 2016-05-27 23:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-17 21:21 - 2016-05-27 23:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-17 21:21 - 2016-05-27 23:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-17 21:21 - 2016-05-27 23:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-17 21:21 - 2016-05-27 23:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-17 21:21 - 2016-05-27 23:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-17 21:21 - 2016-05-27 23:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-17 21:21 - 2016-05-27 23:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-17 21:21 - 2016-05-27 23:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-17 21:21 - 2016-05-27 23:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-17 21:21 - 2016-05-27 23:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-17 21:21 - 2016-05-27 23:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-17 21:21 - 2016-05-27 23:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-17 21:21 - 2016-05-27 23:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-17 21:21 - 2016-05-27 23:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-17 21:21 - 2016-05-27 23:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-17 21:21 - 2016-05-27 23:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-17 21:21 - 2016-05-27 23:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-17 21:21 - 2016-05-27 23:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-17 21:21 - 2016-05-27 23:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-17 21:21 - 2016-05-27 23:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-17 21:21 - 2016-05-27 23:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-17 21:21 - 2016-05-27 23:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-17 21:21 - 2016-05-27 23:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-17 21:21 - 2016-05-27 23:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-17 21:21 - 2016-05-27 23:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-17 21:21 - 2016-05-27 23:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-17 21:21 - 2016-05-27 23:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-17 21:21 - 2016-05-27 23:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-17 21:21 - 2016-05-27 23:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-17 21:21 - 2016-05-27 23:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-17 21:21 - 2016-05-27 23:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-17 21:21 - 2016-05-27 23:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-17 21:21 - 2016-05-27 23:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-17 21:21 - 2016-05-27 22:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-17 21:21 - 2016-05-27 22:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-17 21:21 - 2016-05-27 22:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-17 21:20 - 2016-05-27 23:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-17 21:20 - 2016-05-27 23:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-17 21:20 - 2016-05-27 23:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-17 21:20 - 2016-05-27 23:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-17 21:20 - 2016-05-27 23:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-17 21:20 - 2016-05-27 23:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-17 19:33 - 2016-06-17 19:33 - 20461248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-06-14 17:41 - 2016-06-14 17:41 - 00038662 _____ C:\Users\Brian\Downloads\We_Energies_bill_2016_06_13_0780.pdf
2016-06-05 16:51 - 2016-06-30 18:28 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBrian
2016-06-03 18:33 - 2016-06-03 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-03 18:32 - 2016-06-03 18:33 - 00000000 ____D C:\Program Files\iTunes
2016-06-03 18:32 - 2016-06-03 18:32 - 00000000 ____D C:\Program Files\iPod
2016-06-03 18:32 - 2016-06-03 18:32 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 23:27 - 2016-03-21 18:25 - 00000000 ____D C:\ProgramData\Adguard
2016-06-30 23:27 - 2015-12-09 18:52 - 00000000 ____D C:\ProgramData\IDrive
2016-06-30 23:18 - 2016-03-21 18:25 - 00000000 ____D C:\Program Files (x86)\Adguard
2016-06-30 23:18 - 2015-11-09 23:24 - 00217328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-30 23:17 - 2016-02-20 19:17 - 00000000 ____D C:\Program Files (x86)\ATT
2016-06-30 23:17 - 2015-11-29 22:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-30 23:16 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-30 23:00 - 2015-11-08 17:16 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A90AF15-7882-4AC8-940B-8F4B42CF74AC}
2016-06-30 22:40 - 2016-02-07 04:20 - 00000000 ____D C:\Users\Brian\AppData\Roaming\brave
2016-06-30 22:33 - 2015-11-09 19:12 - 00000000 ____D C:\Users\Brian\Documents\Outlook Files
2016-06-30 22:26 - 2015-11-08 16:29 - 00000000 ____D C:\Users\Brian\AppData\Local\Packages
2016-06-30 22:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-30 18:47 - 2015-11-08 16:33 - 00002405 _____ C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-30 18:47 - 2015-11-08 16:33 - 00000000 ___RD C:\Users\Brian\OneDrive
2016-06-30 07:36 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-29 19:07 - 2015-11-09 23:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-28 20:14 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-28 19:53 - 2011-07-15 01:05 - 00000000 ____D C:\ProgramData\Temp
2016-06-28 19:52 - 2015-11-11 17:41 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-06-28 19:51 - 2015-11-11 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-06-26 14:42 - 2015-11-08 17:49 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-26 14:27 - 2015-11-11 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-06-25 20:13 - 2015-11-15 13:58 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Dashlane
2016-06-25 19:28 - 2015-11-09 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-25 16:29 - 2015-11-29 22:40 - 00000000 ____D C:\Users\Brian
2016-06-25 15:45 - 2015-11-08 15:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 15:45 - 2015-11-08 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-25 13:19 - 2015-11-08 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 07:41 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-23 07:35 - 2011-07-15 01:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-19 19:08 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-18 04:24 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-18 04:14 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-18 04:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-18 04:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-18 04:08 - 2015-11-08 05:17 - 00003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBRIAN-HP$
2016-06-18 03:12 - 2015-11-08 05:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-18 03:01 - 2015-11-08 05:53 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-17 19:34 - 2016-05-25 18:34 - 00003968 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-06-15 15:40 - 2010-11-20 22:27 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-14 13:33 - 2015-10-30 02:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 13:33 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-03 18:32 - 2015-11-09 18:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-02 22:18 - 2016-03-05 22:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 18:32 - 2016-01-22 23:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

==================== Files in the root of some directories =======

2016-03-17 20:24 - 2016-03-17 20:24 - 0007602 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
2015-11-08 17:13 - 2015-11-08 17:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-03-21 18:26 - 2016-03-21 18:26 - 0000258 _____ () C:\ProgramData\fontcacheev1.dat

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-19 15:35

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Brian (2016-06-30 23:28:08)
Running from C:\Users\Brian\Desktop
Windows 10 Home Version 1511 (X64) (2015-11-30 03:56:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1563961910-250262785-1644635927-500 - Administrator - Disabled)
Brian (S-1-5-21-1563961910-250262785-1644635927-1001 - Administrator - Enabled) => C:\Users\Brian
DefaultAccount (S-1-5-21-1563961910-250262785-1644635927-503 - Limited - Disabled)
Guest (S-1-5-21-1563961910-250262785-1644635927-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1563961910-250262785-1644635927-1002 - Limited - Enabled)
SophosSAUBRIAN-HP0 (S-1-5-21-1563961910-250262785-1644635927-1009 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Home (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Home (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adguard (HKLM-x32\...\{277af691-7c0f-478e-9fb6-62efeead0faa}) (Version: 6.0.226.1108 - Performix LLC)
Adguard (x32 Version: 6.0.226.1108 - Performix LLC) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.196 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{18BBF24A-6D04-4CA4-B6B4-1CF372162EEC}) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.5.1.16 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Brave) (Version: 0.10.0 - Brave Software)
ccc-core-static (x32 Version: 2010.1123.1002.17926 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Dashlane) (Version: 4.5.0.13208 - Dashlane SAS)
DetectorTools (HKLM-x32\...\{E8F0431A-A158-49F6-96AC-7C1380D9AF21}) (Version: 1.11.60 - Escort)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
Diskeeper 15 (HKLM\...\{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}) (Version: 18.0.1104.64 - Condusiv Technologies)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{22FCD3B0-CAA7-444A-84AC-75716545EAB9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710a-f Product Improvement Study (HKLM\...\{8F3591D0-074B-4F7B-A269-39FE61C9CB5C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.16.484 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.16.484 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NirSoft RegScanner (HKLM-x32\...\NirSoft RegScanner) (Version:  - )
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
[email protected] (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
[email protected] (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis)
Pale Moon 26.1.1 (x86 en-US) (HKLM-x32\...\Pale Moon 26.1.1 (x86 en-US)) (Version: 26.1.1 - Moonchild Productions)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Should I Remove It (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.5.4 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520}) (Version: 5.3.0.516 - Sophos Limited)
Sophos Management Communications System (HKLM-x32\...\{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}) (Version: 2.0.1 - Sophos Limited)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
TunesKit Audiobook Converter 2.3.2.10 (HKLM-x32\...\TunesKit Audiobook Converter_is1) (Version:  - TunesKit, Inc.)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Driver Package - ESCORT Inc. (WinUSB) MyDeviceClass  (07/22/2014 ) (HKLM\...\D0C35FE98CEDEF60A59F31DC022A63EFCF48559E) (Version: 07/22/2014  - ESCORT Inc.)
Windows Driver Package - ESCORT, Inc. (usbser) Ports  (04/24/2013 1.0.0.0) (HKLM\...\81CF09C262F2AF50FED94F55B77F731D76C948F2) (Version: 04/24/2013 1.0.0.0 - ESCORT, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinX DVD Ripper Platinum 7.5.12 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WonderFox DVD Video Converter 8.8 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 8.8 - WonderFox Soft, Inc.)
YoWindow (HKLM-x32\...\yowindow) (Version: 3 - RepkaSoft)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.94 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1563961910-250262785-1644635927-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {06D58ED9-2FD4-4825-B8AB-6324F047E5A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {087167D8-8230-4048-82DE-75D6C3B67431} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {0F276872-AB99-46F3-A08E-BA357BF36A48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {0F7CAE4F-9DE1-43E3-A6E8-C77313EB7E10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {18AD7D57-DFD5-4BCC-8EEA-E63435130B8D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2B790A28-F946-4A0F-97B5-0EB97BE9934C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {2FFE4161-BEA8-4525-AD0C-B51D9599167A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {341A5A91-8362-4F47-B457-2E871B4B19FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {35A3DFC4-1A30-4A10-98C6-8576DB5C31ED} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {5A78CE1F-C261-4943-93DC-B126D03DBEF3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {67BBD5B0-09A6-42B4-A932-D4A5B0DB3FBF} - System32\Tasks\HPCeeScheduleForBRIAN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {682DA36B-41EA-48BB-AD0E-5670EA640788} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7FA484FA-6FF3-4578-B7CD-EA43C11F09A0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {80B1311C-5F20-47B4-803A-7383240C33B8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {92741044-7CFA-4BF0-97B3-DF05B539CA26} - System32\Tasks\ModemBooster_Run => C:\Program Files (x86)\inKline Global\Modem Booster\ModemBooster.exe
Task: {9698E6B2-49B7-4EF8-A069-D6B07BD4B853} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A63B6B6F-2D18-48B7-9982-34DAF6000CC3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {A641C078-23E3-4655-A8EA-49043BDC528B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {A9B32E4E-00E9-4C0A-81EA-FAC4E87128FD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-11-04] (RealNetworks, Inc.)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AECF3AE5-8D63-4D4A-90F7-33B40365CD04} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {B4D4E86B-D688-44B1-BAC9-DE56CFA8FE85} - System32\Tasks\{4ABB3C9A-AA10-471F-BBDD-71AB9D4E726D} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {B76CEA16-D75C-4504-BEA2-5044FE5AA0F1} - System32\Tasks\HPCeeScheduleForBrian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B9F1C6BE-AD04-4C0E-B7BB-5A691C4175DF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C20D3F74-A273-407C-8621-C05C4C3635DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-18] (Microsoft Corporation)
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {CF077B7A-6F49-449F-BC12-B3A17BE7D4F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {D49161D9-1CF6-4461-958A-72743729BE58} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {D7C5CE96-D2C3-4346-9789-E2A1D5394191} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F31E9816-34F9-4F79-95EA-B0036CA1DAB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {F8934F0C-AEF2-4BC2-B941-09264B17B041} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {FC0FA31B-488F-4E7A-814B-0831FD99207C} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&tp=onlinesvs&s=quickenfc&pf=cndt&c=113&TYPE=4EC:\Program Files (x86)\Online Services\quickenfc\financial_center.ico (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cndt&s=hp_softwarestore&c=113&TYPE=4>C:\Program Files (x86)\Online Services\hpswstore\hpswstore.ico (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2011_usAC:\Program Files (x86)\Online Services\snapfish\SnapfishGreen.ico (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-25 19:28 - 2016-06-07 09:48 - 01126368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2016-04-13 18:52 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 18:52 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-30 18:46 - 2016-06-30 18:46 - 00959168 _____ () C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-15 05:24 - 2016-06-10 04:05 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-17 19:02 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-12 18:32 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-17 21:22 - 2016-05-27 22:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-17 21:21 - 2016-05-27 22:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-17 21:22 - 2016-05-27 22:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-17 21:22 - 2016-05-27 22:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-25 19:28 - 2016-04-14 18:38 - 00745984 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-01-18 20:16 - 2015-11-25 14:03 - 00412672 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll
2015-12-09 18:52 - 2016-01-18 17:27 - 00043520 _____ () C:\Program Files (x86)\IDriveWindows\RemoteManagement.dll
2015-12-09 18:52 - 2016-01-18 17:27 - 00013312 _____ () C:\Program Files (x86)\IDriveWindows\SqliteWrapper.dll
2015-12-09 18:52 - 2015-11-25 14:03 - 00834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2016-02-27 21:20 - 2016-02-27 21:20 - 01426424 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL
2016-02-27 21:20 - 2016-02-27 21:20 - 00140280 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL
2016-02-14 23:59 - 2016-02-14 23:59 - 00306472 _____ () C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\log4cplus.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00270336 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2015-12-07 18:44 - 2015-12-07 18:44 - 00244736 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\libxmljs\build\Release\xmljs.node
2015-12-07 18:44 - 2015-12-07 18:44 - 00237056 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-05-17 05:38 - 2016-05-17 05:40 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-17 05:38 - 2016-05-17 05:40 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\PROGRA~2\FOOLIS~1\CRYPTO~1\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "hpsysdrv"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ATT_McciTrayApp"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PDF Complete"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "Adguard"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{8369B9E8-5FA4-4416-BBE5-A8EF7F88E924}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8C7AB105-1E2B-49E0-AB30-840D93FDC9DA}] => (Allow) LPort=1900
FirewallRules: [{8BED5578-C934-4048-AAD5-155B6DDEEF4C}] => (Allow) LPort=2869
FirewallRules: [{CCAA96EF-A07B-43C4-84DD-B981062D9018}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F0D9FCE7-EF3E-4196-B325-1D48A840D57F}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{3891FB49-C0A7-4FEA-9173-CD7FDA1B270E}] => (Allow) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe
FirewallRules: [{3C9ADB16-4651-43E6-A16F-5DA8A6F633A7}] => (Allow) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe
FirewallRules: [{BA30E9F4-551F-48FE-97DD-51F816094B14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A932183-A324-47B1-AEA0-491CF24EEE92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{210C68F2-FD4B-4B44-881D-C19B3CDD415B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59E71CA3-D907-4901-AD38-3CD0275091A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CF4AF4F-11ED-43DF-81F8-B411B8CA292C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C3797A3C-FF3A-4AB6-8414-296B9EC2B15E}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{354983A1-B058-49B0-BD7A-3600286638B5}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{99A3625A-9B37-40DE-8FE7-4B10CBDEC956}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\SendAFax.exe
FirewallRules: [{862EB5B8-BD8F-4D35-98B2-4360EF2AEA89}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\DigitalWizards.exe
FirewallRules: [{FD948C44-7788-4694-9A59-BE5C9AE323E9}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\FaxApplications.exe
FirewallRules: [{0082FA77-F435-422F-B60F-3ACA819FE190}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{FF75E0B2-8507-49F6-83C0-C6071AEFC6D1}C:\program files (x86)\idrivewindows\cmd_util\idwutil_600.exe] => (Allow) C:\program files (x86)\idrivewindows\cmd_util\idwutil_600.exe
FirewallRules: [UDP Query User{92EE037D-C18A-406D-9C23-5B92587D2DE6}C:\program files (x86)\idrivewindows\cmd_util\idwutil_600.exe] => (Allow) C:\program files (x86)\idrivewindows\cmd_util\idwutil_600.exe
FirewallRules: [{A2FA46EE-AC6E-4063-8F11-584FC5831ED3}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe
FirewallRules: [{75A935F3-5BA9-436C-B60F-1AD94CFC5AAD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DA2CABDC-E5C1-41B1-8CE4-DD81B4EC849C}] => (Allow) LPort=15600
FirewallRules: [{80FE7B09-3934-4139-B53E-0221EAC3D58E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A58AF042-73AB-4190-884A-C55E39A4F4AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2016 11:09:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 29.6.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1a64

Start Time: 01d1d34e20828f0c

Termination Time: 6

Application Path: C:\Users\Brian\Desktop\FRST64.exe

Report Id: 82405c4d-3f41-11e6-8e4c-e06995dae38e

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2016 11:07:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 29.6.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3fc

Start Time: 01d1d34df7cc3c8b

Termination Time: 10

Application Path: C:\Users\Brian\Desktop\FRST64.exe

Report Id: 42e14639-3f41-11e6-8e4c-e06995dae38e

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2016 11:05:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 29.6.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1f98

Start Time: 01d1d34d394e2ac1

Termination Time: 8

Application Path: C:\Users\Brian\Desktop\FRST64.exe

Report Id: a2297fac-3f40-11e6-8e4c-e06995dae38e

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2016 11:01:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 29.6.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 110c

Start Time: 01d1d34c53365f90

Termination Time: 9

Application Path: C:\Users\Brian\Desktop\FRST64.exe

Report Id: 6a91ee84-3f40-11e6-8e4c-e06995dae38e

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (06/30/2016 11:25:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (06/30/2016 11:22:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (06/30/2016 11:17:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (06/30/2016 11:16:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Sync Host_378bb service, but this action failed with the following error:
%%1072 = The specified service has been marked for deletion.


Error: (06/30/2016 11:16:23 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (06/30/2016 11:16:23 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (06/30/2016 11:16:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (06/30/2016 11:16:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_378bb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/30/2016 11:12:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (06/30/2016 11:09:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_367c3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400S CPU @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 6126.53 MB
Available physical RAM: 3452.03 MB
Total Virtual: 9710.53 MB
Available Virtual: 7102.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.73 GB) (Free:623.38 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.25 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7EF8BB38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

OK. Let me know how it goes.


  • 0

#7
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

This is resolved. How do I close it?


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP