co-worker pc check

Jetter · October 24, 2015

Sorry, not too much info for you. Co-worker says she's getting pop-ups and pc running slower and so forth. Hoping you can help. Let me know what logs I can run and provide. Thank you very much.

LiquidTension · October 26, 2015

Hello Jetter, welcome to Malwarebytes' Malware Removal forum!

My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.

General P2P/Piracy Notice:

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean".
Ensure you are following this topic. Click at the top of the page.

======================================================

Please run the following scans so I can ascertain the state of your computer.

STEP 1
Malwarebytes Anti-Malware (MBAM)

Open Malwarebytes Anti-Malware and click Update Now.
Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
Click Copy to Clipboard and paste the log in your next reply.

STEP 2
Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe or FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

STEP 3
TDSSKiller Scan

Please download TDSSKiller and save the file to your Desktop.
Right-Click TDSSKiller.exe and select Run as administrator to run the programme.
Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
Click Start Scan. Do not use the computer during the scan.
If objects are found, change the action to skip.
Click Continue and close the window.
A log will be created and saved to the root directory (usually C:\). Attach (not copy/paste) the file in your next reply.

======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

MBAM log
FRST.txt
Addition.txt
TDSSKiller log (attached!)

Jetter · October 27, 2015

Thank you very much, LiquidTension. I worked 15 hours today. Going to get some rest. Have tomorrow off. Will get those logs to you straight away.

BTW, my name is Keith.

Jetter · October 27, 2015

Ok, here are the requested logs:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/27/2015

Scan Time: 11:58 AM

Logfile: mbam_ scan_log_1.txt

Administrator: Yes

Version: 2.2.0.1024

Malware Database: v2015.10.27.04

Rootkit Database: v2015.10.23.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Danielle

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 435886

Time Elapsed: 29 min, 19 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

********************************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02

Ran by Danielle (administrator) on ASUS-HP (27-10-2015 13:03:06)

Running from C:\Users\Danielle\Desktop

Loaded Profiles: Danielle (Available Profiles: Danielle)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor)

HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3042816 2012-11-22] ()

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)

HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-05]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{3F8A86ED-3A7D-4599-896F-BD9C8F5235BE}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{EB095738-BFB6-4567-8A4F-A7C4598005A7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM -> {9051C919-AF0F-4C5C-AA31-4290941024BD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-03] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-03] (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

Toolbar: HKU\S-1-5-21-3507488604-2405964740-3534435410-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-03] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-03] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

Chrome:

=======

CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"

CHR NewTab: Profile 1 -> "chrome-extension://cdbpjflelnapbhcfafncmhkhihdibegl/stubby.html"

CHR Profile: C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]

CHR Extension: (Google Docs) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]

CHR Extension: (Google Drive) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-05]

CHR Extension: (Rapport) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-09-05]

CHR Extension: (YouTube) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-01]

CHR Extension: (Adblock Plus) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-05]

CHR Extension: (Google Search) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]

CHR Extension: (Google Play Music) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-09-05]

CHR Extension: (Google Sheets) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]

CHR Extension: (Google Docs Offline) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-05]

CHR Extension: (Gmail) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]

CHR Profile: C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Docs) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-23]

CHR Extension: (Google Drive) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]

CHR Extension: (YouTube) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (GetFormsOnline) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cdbpjflelnapbhcfafncmhkhihdibegl [2015-10-13]

CHR Extension: (Google Search) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Docs Offline) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]

CHR Extension: (GameZooks) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdkpllchojjkbgephbbeacaahecgfpga [2015-09-05]

CHR Extension: (EasyDocMerge) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2015-10-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]

CHR Extension: (Gmail) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-23]

CHR HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)

R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe [2005504 2012-10-12] (ASUSTeK Computer Inc.) [File not signed]

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-09-16] (IBM Corp.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-27] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-09-22] (IBM Corp.)

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-09-16] (IBM Corp.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-09-16] (IBM Corp.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-09-16] (IBM Corp.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-09-16] (IBM Corp.)

S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-22] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-27 13:03 - 2015-10-27 13:03 - 00020780 _____ C:\Users\Danielle\Desktop\FRST.txt

2015-10-27 13:01 - 2015-10-27 13:01 - 02197504 _____ (Farbar) C:\Users\Danielle\Desktop\FRST64.exe

2015-10-27 12:48 - 2015-10-27 12:54 - 00000000 ____D C:\Users\Danielle\Desktop\Oct_2015_fix

2015-10-27 11:56 - 2015-10-27 12:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-10-27 11:54 - 2015-10-27 11:56 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-27 11:54 - 2015-10-27 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2015-10-24 17:41 - 2015-10-24 17:41 - 00037369 _____ C:\Users\Danielle\Downloads\Addition.txt

2015-10-24 17:39 - 2015-10-27 13:03 - 00000000 ____D C:\FRST

2015-10-17 15:03 - 2015-10-27 11:46 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForDanielle.job

2015-10-17 15:03 - 2015-10-24 17:43 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDanielle

2015-10-14 18:01 - 2015-09-18 15:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2015-10-14 18:01 - 2015-09-18 15:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-10-14 18:01 - 2015-09-18 15:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-10-14 18:01 - 2015-09-18 15:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-10-14 18:01 - 2015-09-18 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-10-14 18:01 - 2015-09-18 15:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-10-14 18:01 - 2015-09-18 15:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-10-13 18:08 - 2015-10-13 18:08 - 00000000 ____D C:\Users\Danielle\Downloads\New folder

2015-10-13 18:07 - 2015-10-13 18:08 - 00000000 ____D C:\Users\Danielle\AppData\Local\{24797B97-8AE2-4F60-9C62-CB0901C14B3B}

2015-10-13 17:46 - 2015-09-18 15:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-10-13 17:46 - 2015-09-18 14:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-10-13 17:46 - 2015-09-16 00:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-10-13 17:46 - 2015-09-16 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-10-13 17:46 - 2015-09-16 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-10-13 17:46 - 2015-09-16 00:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-10-13 17:46 - 2015-09-16 00:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-10-13 17:46 - 2015-09-16 00:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-10-13 17:46 - 2015-09-16 00:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-10-13 17:46 - 2015-09-16 00:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-10-13 17:46 - 2015-09-16 00:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-10-13 17:46 - 2015-09-16 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-10-13 17:46 - 2015-09-16 00:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-10-13 17:46 - 2015-09-16 00:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-10-13 17:46 - 2015-09-16 00:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-10-13 17:46 - 2015-09-16 00:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-10-13 17:46 - 2015-09-16 00:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-10-13 17:46 - 2015-09-16 00:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-10-13 17:46 - 2015-09-16 00:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-10-13 17:46 - 2015-09-16 00:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-10-13 17:46 - 2015-09-15 23:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-10-13 17:46 - 2015-09-15 23:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-10-13 17:46 - 2015-09-15 23:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-10-13 17:46 - 2015-09-15 23:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-10-13 17:46 - 2015-09-15 23:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-10-13 17:46 - 2015-09-15 23:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-10-13 17:46 - 2015-09-15 23:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-10-13 17:46 - 2015-09-15 23:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-10-13 17:46 - 2015-09-15 23:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-10-13 17:46 - 2015-09-15 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-10-13 17:46 - 2015-09-15 23:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-10-13 17:46 - 2015-09-15 23:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-10-13 17:46 - 2015-09-15 23:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-10-13 17:46 - 2015-09-15 23:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-10-13 17:46 - 2015-09-15 23:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-10-13 17:46 - 2015-09-15 23:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-10-13 17:46 - 2015-09-15 23:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-10-13 17:46 - 2015-09-15 23:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-10-13 17:46 - 2015-09-15 23:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-10-13 17:46 - 2015-09-15 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-10-13 17:46 - 2015-09-15 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-10-13 17:46 - 2015-09-15 23:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-10-13 17:46 - 2015-09-15 23:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-10-13 17:46 - 2015-09-15 23:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-10-13 17:46 - 2015-09-15 23:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-10-13 17:46 - 2015-09-15 23:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-10-13 17:46 - 2015-09-15 23:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-10-13 17:46 - 2015-09-15 23:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-10-13 17:46 - 2015-09-15 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-10-13 17:46 - 2015-09-15 23:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-10-13 17:46 - 2015-09-15 23:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-10-13 17:46 - 2015-09-15 23:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-10-13 17:46 - 2015-09-15 23:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-10-13 17:46 - 2015-09-15 23:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2015-10-13 17:46 - 2015-09-15 22:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-10-13 17:46 - 2015-09-15 22:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-10-13 17:46 - 2015-09-15 22:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-10-13 17:46 - 2015-09-15 22:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-10-13 17:46 - 2015-09-15 22:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-10-13 17:46 - 2015-09-15 22:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-10-13 17:46 - 2015-09-15 22:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-10-13 17:46 - 2015-09-15 22:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-10-13 17:46 - 2015-09-15 22:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-10-13 17:46 - 2015-09-15 22:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-10-13 17:46 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-10-13 17:46 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2015-10-13 17:46 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-10-13 17:46 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2015-10-13 17:44 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-10-13 17:44 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-10-13 17:44 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-10-13 17:44 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-10-13 17:44 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-10-13 17:44 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-10-13 17:44 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-10-13 17:44 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-10-13 17:44 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-10-13 17:44 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-10-13 17:44 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-10-13 17:44 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-10-13 17:44 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-10-13 17:44 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-10-13 17:44 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-10-13 17:44 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-10-13 17:44 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-10-13 17:44 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-10-13 17:44 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-10-13 17:44 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-10-13 17:44 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-10-13 17:44 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-10-13 17:44 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-10-13 17:44 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-10-13 17:44 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-10-13 17:44 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-10-13 17:44 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-10-13 17:44 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-10-13 17:44 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-10-13 17:44 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-10-13 17:44 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-10-13 17:44 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-10-13 17:44 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-10-13 17:44 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-10-13 17:44 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-10-13 17:44 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-10-13 17:44 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-10-13 17:44 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-10-13 17:44 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-10-13 17:44 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-10-13 17:44 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-10-13 17:44 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-10-13 17:44 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-10-13 17:44 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-10-13 17:44 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-10-13 17:44 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-10-13 17:44 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-10-13 17:44 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-10-13 17:44 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-10-13 17:44 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-10-13 17:44 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-10-13 17:44 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-10-13 17:44 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-10-13 17:44 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-10-13 17:44 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-10-13 17:44 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-10-13 17:44 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-10-13 17:44 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-10-13 17:44 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-10-13 17:44 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-10-13 17:44 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-10-13 17:44 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-10-13 17:44 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-10-13 17:44 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-10-13 17:44 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-10-13 17:44 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-10-13 17:44 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-10-13 17:44 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-10-13 17:44 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-10-13 17:44 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-10-13 17:43 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-10-13 17:43 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-10-13 17:43 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-10-13 17:43 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-10-13 17:43 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-10-13 17:43 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-10-13 17:43 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-10-13 17:43 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-10-13 17:43 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-10-13 17:43 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll

2015-10-13 17:43 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

2015-10-05 17:58 - 2015-10-05 17:58 - 00036352 _____ C:\Users\Danielle\Downloads\Chapter 4 Assignment Requirements (1).wiz

2015-10-04 13:01 - 2015-10-04 13:01 - 00036352 _____ C:\Users\Danielle\Downloads\Chapter 4 Assignment Requirements.wiz

2015-09-28 19:03 - 2015-09-28 19:03 - 00086016 _____ C:\Users\Danielle\Downloads\302015-COM-170-OLA.wiz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-27 12:46 - 2012-04-10 15:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-10-27 12:41 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-27 12:41 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-27 12:37 - 2013-11-26 00:17 - 01431614 _____ C:\Windows\WindowsUpdate.log

2015-10-27 12:36 - 2013-11-27 03:12 - 00000000 ____D C:\Users\Danielle\Lucidlogix

2015-10-27 12:36 - 2011-08-08 17:16 - 00000000 ____D C:\ProgramData\PDFC

2015-10-27 12:35 - 2015-04-01 19:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-27 12:35 - 2010-11-20 23:47 - 01013192 _____ C:\Windows\PFRO.log

2015-10-27 12:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-27 12:35 - 2009-07-14 00:51 - 00100767 _____ C:\Windows\setupact.log

2015-10-27 12:34 - 2014-09-13 09:38 - 00000000 ____D C:\Users\Danielle\AppData\LocalLow\Company

2015-10-27 12:19 - 2015-04-01 19:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f5f160efb81.job

2015-10-27 11:56 - 2015-03-14 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-27 11:56 - 2015-03-14 01:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-27 11:56 - 2013-11-30 17:37 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\Malwarebytes

2015-10-27 11:54 - 2013-11-30 17:37 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-24 17:42 - 2011-12-10 16:18 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2015-10-17 15:03 - 2012-04-10 15:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-10-17 15:03 - 2012-04-10 15:47 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-10-17 15:03 - 2011-08-08 17:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-16 15:05 - 2013-11-30 19:03 - 02051456 _____ C:\Users\Danielle\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_settings.cp.temp

2015-10-16 15:05 - 2011-12-07 22:58 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\SoftGrid Client

2015-10-15 22:23 - 2015-06-23 13:16 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-15 03:00 - 2014-12-11 04:20 - 00000000 ____D C:\Windows\system32\appraiser

2015-10-15 03:00 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-10-14 04:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2015-10-14 03:10 - 2013-08-09 17:23 - 00000000 ____D C:\Windows\system32\MRT

2015-10-14 03:05 - 2012-02-28 17:07 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-10-13 18:35 - 2015-08-31 15:52 - 00047762 _____ C:\Users\Danielle\Downloads\Otsego LK house.xlsx

2015-10-09 16:31 - 2015-04-07 03:00 - 00000000 ___SD C:\Windows\system32\GWX

2015-10-09 03:00 - 2015-04-07 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-10-08 17:40 - 2014-01-26 11:29 - 00000000 ____D C:\Users\Danielle\Documents\College Class

2015-10-05 09:50 - 2015-03-14 01:07 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-10-05 09:50 - 2015-03-14 01:07 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-10-05 09:50 - 2015-03-14 01:07 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-05-06 17:13 - 2014-08-29 12:51 - 0000074 _____ () C:\Users\Danielle\AppData\Roaming\evplay.prf

2014-09-12 17:15 - 2014-09-17 00:15 - 0000063 _____ () C:\Users\Danielle\AppData\Roaming\WB.CFG

2013-11-30 19:03 - 2015-10-16 15:05 - 2051456 _____ () C:\Users\Danielle\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_settings.cp.temp

2014-10-22 16:40 - 2014-11-02 17:05 - 0087200 _____ () C:\ProgramData\76705

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-24 18:31

==================== End of FRST.txt ============================

Jetter · October 27, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02

Ran by Danielle (2015-10-27 13:04:08)

Running from C:\Users\Danielle\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2013-11-25 20:22:11)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3507488604-2405964740-3534435410-500 - Administrator - Disabled)

Danielle (S-1-5-21-3507488604-2405964740-3534435410-1001 - Administrator - Enabled) => C:\Users\Danielle

Guest (S-1-5-21-3507488604-2405964740-3534435410-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3507488604-2405964740-3534435410-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.02 - ASUSTeK Computer Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)

Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)

Curse Client (HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

ExamView Player (HKLM-x32\...\ExamView Player) (Version: - )

Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

grillaprice (HKLM-x32\...\grillaprice) (Version: - )

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)

HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)

iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)

LucidWizard (HKLM-x32\...\{C1CC26DF-148A-4F68-BE42-EE5214686A71}) (Version: 1.00.14 - ASUSTeK Computer Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden

PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)

Rapport (x32 Version: 3.5.1507.77 - Trusteer) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)

Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.6 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden

Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.77 - Trusteer)

VIRTU MVP 2.1.221 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.221 - Lucidlogix Technologies LTD)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

08-10-2015 12:35:54 Windows Update

09-10-2015 03:00:20 Windows Update

12-10-2015 18:21:27 Windows Update

14-10-2015 03:00:33 Windows Update

15-10-2015 03:00:23 Windows Update

18-10-2015 16:49:50 Windows Update

27-10-2015 11:57:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-09-05 15:19 - 00000059 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {052AAC93-B75A-4B87-A22F-DAD825036471} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {1803AE8C-C88A-4FA2-A056-B86E46BC3F82} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)

Task: {27434D8D-87DD-4C8A-A12E-496D3E5A6D79} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()

Task: {3405CC5D-B5C1-46E3-B710-0CA867F0B328} - System32\Tasks\GoogleUpdateTaskMachineUA1ce7f5f160efb81 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)

Task: {3520C50E-93C6-46AD-B4AC-6FA54807FF19} - System32\Tasks\HPCeeScheduleForDanielle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {4739E93D-1602-4CA9-9ED0-FBD761E199A5} - System32\Tasks\{73A69503-12C5-411D-934F-8F06891DAD3D} => pcalua.exe -a F:\ASUS\ISCT_V30301526_Win7_8\ISCT_V30301526_Win7_8\Setup.exe -d F:\ASUS\ISCT_V30301526_Win7_8\ISCT_V30301526_Win7_8

Task: {475DE2FB-3E57-4C65-BD08-50E15A30F092} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {4D704642-C45D-4550-A34B-980C0CF93504} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {4E73BA83-6F02-4676-B7CA-9062FCC212B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)

Task: {510941C8-D571-403E-9836-6C6374C6DB34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {62FA7A67-2944-4AC3-8071-FFE5409782C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)

Task: {775D9DAE-78B3-4ADE-9C66-8CB08DBB8641} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)

Task: {80A31B90-69F3-4AEC-AF92-E49BBE48F180} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)

Task: {83D5D208-B8D5-41B5-9096-63C9E8673164} - System32\Tasks\{EDC5A6EF-48CE-4B95-9080-5BB075E9A23D} => pcalua.exe -a C:\Users\Danielle\AppData\Roaming\istart123\UninstallManager.exe -c -ptid=tugs

Task: {85B8BE1C-D46C-4B56-B4E9-77DBE5FFEA24} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)

Task: {9743E870-76C7-4D99-A0E1-E5DF23DC9DE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)

Task: {BB5879C8-CEEE-4C2A-B350-9420F0BECE51} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2012-11-09] ()

Task: {F1127C7C-0ABD-4249-B6D0-87A2B7214776} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f5f160efb81.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForDanielle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-06-01 05:42 - 2012-06-01 05:42 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

2013-11-27 00:23 - 2012-11-09 17:34 - 01406336 ____N () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe

2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-11-25 23:36 - 2015-10-27 12:35 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll

2013-11-25 21:39 - 2010-06-28 22:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

2013-11-27 00:23 - 2012-11-01 16:48 - 05771120 ____N () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll

2013-11-27 00:23 - 2010-06-21 16:21 - 00208896 ____N () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll

2013-11-25 21:41 - 2011-07-12 20:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll

2013-11-25 21:41 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll

2013-11-25 21:41 - 2012-10-08 18:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll

2013-11-27 00:23 - 2012-08-01 11:51 - 01040896 ____N () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll

2013-11-27 00:31 - 2012-06-19 13:56 - 01305600 ____N () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll

2013-11-27 00:32 - 2012-07-25 10:56 - 01124864 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll

2013-11-27 00:34 - 2012-07-20 10:39 - 01047040 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll

2013-11-25 21:41 - 2012-05-25 11:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll

2013-11-25 21:41 - 2012-05-28 22:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll

2013-11-25 21:41 - 2011-09-19 21:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll

2013-11-25 21:41 - 2011-07-21 10:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll

2013-11-25 21:41 - 2012-08-29 19:09 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll

2013-11-25 21:39 - 2010-08-22 22:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll

2013-11-25 21:41 - 2010-10-05 09:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll

2013-11-25 21:41 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

2013-11-27 00:32 - 2012-07-31 16:21 - 00152064 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll

2013-11-27 00:32 - 2012-08-08 17:45 - 00786432 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll

2013-11-27 00:32 - 2010-10-05 09:22 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll

2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2013-11-26 22:47 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Danielle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup

MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Danielle\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

MSCONFIG\startupreg: V-bates => C:\Program Files\V-bates\notifier64.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{26B0FE1E-AF50-4353-8A4C-256E8E4133BC}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe

FirewallRules: [{DD1B6D64-05FB-4D74-9EAA-002FEE983182}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe

FirewallRules: [{08018D50-88C2-4577-9C4B-3EB01BFB485F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe

FirewallRules: [{2234F142-1967-4919-9079-3566FD132AA5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe

FirewallRules: [{9DE55133-1429-4412-9CA2-F0BC52C04598}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe

FirewallRules: [{9163FA1D-779B-44DD-BA5C-CE72AAF9A1E1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe

FirewallRules: [{0D81446D-CED2-48D2-9C69-D3BC52DD31FE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe

FirewallRules: [{F1880826-309B-42DF-B20E-5C65DAC22381}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe

FirewallRules: [{EAB64A4A-D701-4E32-ABCC-9D3984E85142}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{52BE2B7D-495B-48FC-B454-6C62E420A185}] => (Allow) LPort=2869

FirewallRules: [{B8E561EA-ED48-4BB0-8A7A-3842F69618B8}] => (Allow) LPort=1900

FirewallRules: [{E9E6A3D2-87A9-41F7-99EE-B9FDA3A094C9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{5610426A-6B7B-4803-82C9-F8A8D35136C6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{178A88EB-5DD8-4313-B793-5AAC94AAF645}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe

FirewallRules: [{5B3F578D-5518-4CAF-9668-0F32E3508F94}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe

FirewallRules: [{C7B4CAD6-DEA2-49A4-A57C-576B180ECBEE}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe

FirewallRules: [{858EA6B1-2202-4802-A9B9-73930FD30D17}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe

FirewallRules: [{8891FE3E-A08C-4798-A7E5-E567F6D2E136}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{7D932677-18F4-4AEF-9736-F73422E18BA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{2E4D736D-279A-4411-8E65-60861EC26A15}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{15A092A7-5042-4A28-A299-1E144EC594FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{221D611D-C28B-40F1-A4D9-82C8C70B20CD}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

FirewallRules: [{8DE3CCC1-6589-4DCB-B316-AFBE9BD9C26D}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

FirewallRules: [{BDDF5E21-381A-43CC-AE43-1569C9E3F4AD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

FirewallRules: [{515C2811-E3E2-4E3E-8DEF-B4B18EEA17B1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{BCF2BA2C-5AF9-4C97-85CE-8147A1419862}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{F8CBF36A-8052-4189-9DF1-D3B141D4449A}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

FirewallRules: [{1DFC07B8-B8EF-4820-8BE2-D46FC81F4797}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

FirewallRules: [{97E2A1E9-5CAD-45DB-9C21-A326E8093A34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe

FirewallRules: [{F0AF30DF-73DC-48D2-AF6F-8DCBD2B19889}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe

FirewallRules: [{F6009C8B-9497-4655-BC3E-5D6BFB8A595D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe

FirewallRules: [{B6F54A89-F81F-455F-85E1-6D2A4F135DA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe

FirewallRules: [{0EE15016-3C52-4E03-81A0-F8AC8C0CD83A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe

FirewallRules: [{37BDA69B-81FC-4580-A85C-8F05142EDAEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe

FirewallRules: [{A63CB82E-9FC0-4BBC-9A36-2E46C551AC2E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{F1F51E6D-14D3-4866-8242-DDB8BC2651BC}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

FirewallRules: [{E2D0925B-4112-406F-8581-F5C2325A51B7}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{F491AE27-21E0-4D09-AFC1-131E19322D63}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (10/24/2015 05:12:24 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (10/17/2015 02:24:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7066

Error: (10/17/2015 02:24:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7066

Error: (10/17/2015 02:24:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2015 02:24:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6052

Error: (10/17/2015 02:24:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6052

Error: (10/17/2015 02:24:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2015 02:24:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5054

Error: (10/17/2015 02:24:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5054

Error: (10/17/2015 02:24:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

System errors:

=============

Error: (10/27/2015 12:36:16 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

Error: (10/27/2015 11:56:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for FailureCommand with the following error:

%%5

Error: (10/27/2015 11:56:03 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error:

%%5

Error: (10/27/2015 11:46:47 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 115.25.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/27/2015 11:46:47 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.207.3664.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/27/2015 11:46:47 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.207.3664.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/27/2015 11:46:47 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.207.3664.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/27/2015 11:46:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error:

%%5

Error: (10/27/2015 11:46:41 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )

Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x80070005

Error description: Access is denied.

Reason: %%892

Error: (10/27/2015 11:46:40 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80004005

CodeIntegrity:

===================================

Date: 2015-03-14 03:37:13.791

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-14 03:37:13.775

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-14 03:37:13.729

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-14 03:37:13.713

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-02 17:50:20.970

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-02 17:50:20.939

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-22 17:15:30.291

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-22 17:15:30.135

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-22 17:15:29.979

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i3-3240 CPU @ 3.40GHz

Percentage of memory in use: 23%

Total physical RAM: 7875.88 MB

Available physical RAM: 5994.58 MB

Total Virtual: 15749.97 MB

Available Virtual: 13826.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.29 GB) (Free:357.83 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:11.37 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1AB5B215)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=454.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

TDSSKiller.3.1.0.5_27.10.2015_13.07.46_log.txt

Jetter · October 27, 2015

Definitely getting adware pop-ups -- specifically, lower right-hand corner of screen with videos.

Thank you again for your help.

LiquidTension · October 27, 2015

Hi Keith,

Thank you for the logs. Please do the following:

STEP 1
Revo Uninstaller

Please download and install Revo Uninstaller.
Double-Click Revo Uninstaller to run the programme.
From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
- Coupon Printer for Windows
- grillaprice
Double-Click the programme.
When prompted if you want to uninstall click Yes.
Ensure the Moderate option is selected and click Next.
The programme uninstaller will run. If prompted again click Yes.
Work your way through the uninstaller, ensuring you read each page thoroughly.
Note: If you are offered the choice to install additional software, ensure you decline.
Once the built-in uninstaller is finished click Next.
Once the programme has searched for leftovers click Next.
Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
When prompted click Yes, followed by Next.
Click Select all, followed by Delete.
When prompted click Yes, followed by Next.
Upon completion, click Finish.
In your next reply, confirm you were successful in uninstalling all programmes listed above.

STEP 2
Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

startCreateRestorePoint:HKLM-x32\...\Run: [] => [X]SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = Toolbar: HKU\S-1-5-21-3507488604-2405964740-3534435410-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No FileCHR NewTab: Profile 1 -> "chrome-extension://cdbpjflelnapbhcfafncmhkhihdibegl/stubby.html"CHR Extension: (GetFormsOnline) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cdbpjflelnapbhcfafncmhkhihdibegl [2015-10-13]CHR Extension: (GameZooks) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdkpllchojjkbgephbbeacaahecgfpga [2015-09-05]CHR Extension: (EasyDocMerge) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2015-10-01]CHR HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crxFolder: C:\Users\Danielle\AppData\Local\{24797B97-8AE2-4F60-9C62-CB0901C14B3B}Folder: C:\Users\Danielle\AppData\LocalLow\CompanyTask: {4739E93D-1602-4CA9-9ED0-FBD761E199A5} - System32\Tasks\{73A69503-12C5-411D-934F-8F06891DAD3D} => pcalua.exe -a F:\ASUS\ISCT_V30301526_Win7_8\ISCT_V30301526_Win7_8\Setup.exe -d F:\ASUS\ISCT_V30301526_Win7_8\ISCT_V30301526_Win7_8Task: {83D5D208-B8D5-41B5-9096-63C9E8673164} - System32\Tasks\{EDC5A6EF-48CE-4B95-9080-5BB075E9A23D} => pcalua.exe -a C:\Users\Danielle\AppData\Roaming\istart123\UninstallManager.exe -c  -ptid=tugsC:\Users\Danielle\AppData\Roaming\ShopAtHomeC:\Program Files\V-bates[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeWatcher][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\V-bates]CMD: ipconfig /flushdnsEmptyTemp:end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 3
Junkware Removal Tool (JRT)

Please download Junkware Removal Tool and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Right-Click JRT.exe and select Run as administrator to run the programme.
Follow the prompts and allow the scan to run uninterrupted.
Upon completion, a log (JRT.txt) will open on your desktop.
Re-enable your anti-virus software.
Copy the contents of JRT.txt and paste in your next reply.

STEP 4
AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Logfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[s1].txt.

======================================================

STEP 5
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Did the programmes uninstall OK?
Fixlog.txt
JRT.txt
AdwCleaner[C1].txt

Jetter · October 27, 2015

The uninstall of Coupon Printer for Windows and gorillaprice seemed to have been completed successfully.

Here are the other logs:

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02

Ran by Danielle (2015-10-27 18:37:43) Run:1

Running from C:\Users\Danielle\Desktop

Loaded Profiles: Danielle (Available Profiles: Danielle)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]

SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =

Toolbar: HKU\S-1-5-21-3507488604-2405964740-3534435410-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

CHR NewTab: Profile 1 -> "chrome-extension://cdbpjflelnapbhcfafncmhkhihdibegl/stubby.html"

CHR Extension: (GetFormsOnline) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cdbpjflelnapbhcfafncmhkhihdibegl [2015-10-13]

CHR Extension: (GameZooks) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdkpllchojjkbgephbbeacaahecgfpga [2015-09-05]

CHR Extension: (EasyDocMerge) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2015-10-01]

CHR HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

Folder: C:\Users\Danielle\AppData\Local\{24797B97-8AE2-4F60-9C62-CB0901C14B3B}

Folder: C:\Users\Danielle\AppData\LocalLow\Company

Task: {4739E93D-1602-4CA9-9ED0-FBD761E199A5} - System32\Tasks\{73A69503-12C5-411D-934F-8F06891DAD3D} => pcalua.exe -a F:\ASUS\ISCT_V30301526_Win7_8\ISCT_V30301526_Win7_8\Setup.exe -d F:\ASUS\ISCT_V30301526_Win7_8\ISCT_V30301526_Win7_8

Task: {83D5D208-B8D5-41B5-9096-63C9E8673164} - System32\Tasks\{EDC5A6EF-48CE-4B95-9080-5BB075E9A23D} => pcalua.exe -a C:\Users\Danielle\AppData\Roaming\istart123\UninstallManager.exe -c -ptid=tugs

C:\Users\Danielle\AppData\Roaming\ShopAtHome

C:\Program Files\V-bates

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeWatcher]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\V-bates]

CMD: ipconfig /flushdns

EmptyTemp:

end

*****************

Restore point was successfully created.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully

HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found.

HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully

HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.

Chrome NewTab => removed successfully

C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cdbpjflelnapbhcfafncmhkhihdibegl => moved successfully

C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdkpllchojjkbgephbbeacaahecgfpga => moved successfully

C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp => moved successfully

"HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof" => key removed successfully

========================= Folder: C:\Users\Danielle\AppData\Local\{24797B97-8AE2-4F60-9C62-CB0901C14B3B} ========================

====== End of Folder: ======

========================= Folder: C:\Users\Danielle\AppData\LocalLow\Company ========================

====== End of Folder: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4739E93D-1602-4CA9-9ED0-FBD761E199A5}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4739E93D-1602-4CA9-9ED0-FBD761E199A5}" => key removed successfully

C:\Windows\System32\Tasks\{73A69503-12C5-411D-934F-8F06891DAD3D} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{73A69503-12C5-411D-934F-8F06891DAD3D}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83D5D208-B8D5-41B5-9096-63C9E8673164}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83D5D208-B8D5-41B5-9096-63C9E8673164}" => key removed successfully

C:\Windows\System32\Tasks\{EDC5A6EF-48CE-4B95-9080-5BB075E9A23D} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EDC5A6EF-48CE-4B95-9080-5BB075E9A23D}" => key removed successfully

"C:\Users\Danielle\AppData\Roaming\ShopAtHome" => not found.

"C:\Program Files\V-bates" => not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeWatcher => key removed successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\V-bates => key removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.3 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 18:38:48 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.4 (09.28.2015:1)

OS: Windows 7 Home Premium x64

Ran by Danielle on Tue 10/27/2015 at 18:49:24.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully deleted: [service] swdumon [Reboot required]

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Danielle\Appdata\Local\{0B9DB772-EA15-4572-A1A3-F6A525129E23}

Successfully deleted: [Empty Folder] C:\Users\Danielle\Appdata\Local\{24797B97-8AE2-4F60-9C62-CB0901C14B3B}

Successfully deleted: [Empty Folder] C:\Users\Danielle\Appdata\Local\{3C086009-0DC3-4654-AB9A-1B3E63A19275}

Successfully deleted: [Empty Folder] C:\Users\Danielle\Appdata\Local\{7E54703D-69F9-4973-9F6F-6853487D14E4}

Successfully deleted: [Folder] C:\Program Files\005

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\Local\com

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\Local\crashrpt

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\Local\installer

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\Local\pirates

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\Local\stormfall

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\Local\zbanalyticscore

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\Local\zeoinsight

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\LocalLow\company

Successfully deleted: [Folder] C:\Users\Danielle\Appdata\LocalLow\shopathome

Successfully deleted: [Folder] C:\Users\Danielle\AppData\Roaming\stormfall

Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers

Successfully deleted: [Folder] C:\Users\Danielle\AppData\Roaming\Pirates854

~~~ Chrome

[C:\Users\Danielle\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Danielle\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Danielle\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Danielle\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 10/27/2015 at 18:52:44.19

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.015 - Logfile created 27/10/2015 at 18:56:19

# Updated 26/10/2015 by Xplode

# Database : 2015-10-26.2 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Danielle - ASUS-HP

# Running from : C:\Users\Danielle\Downloads\adwcleaner_5.015.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Danielle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofimhbagaepoihkjgidfcgnjdjmoaeii

[!] Folder Not Deleted : C:\Users\Danielle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofimhbagaepoihkjgidfcgnjdjmoaeii

[-] Folder Deleted : C:\Users\Danielle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofimhbagaepoihkjgidfcgnjdjmoaeii

[!] Folder Not Deleted : C:\Users\Danielle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofimhbagaepoihkjgidfcgnjdjmoaeii

[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL

[-] Key Deleted : HKCU\Software\Classes\PepperZip

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

[-] Value Deleted : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]

[-] Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]

[-] Value Deleted : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Object Browser-bg.exe]

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]

[-] Key Deleted : HKLM\SOFTWARE\5109edc8-a403-467a-bc5c-17683dd69841

[-] Key Deleted : HKLM\SOFTWARE\7dfa4f8f-5fbb-4d84-9a52-110670e9897e

[-] Key Deleted : HKLM\SOFTWARE\e2ccaf20-3148-4770-a2d3-b1f826ac7b4a

[-] Key Deleted : HKLM\SOFTWARE\f3b975ea-0553-4cb5-9798-1236803840ed

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

[-] Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP

[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser

[-] Key Deleted : HKCU\Software\CleanerProConfig

[-] Key Deleted : HKCU\Software\CleanerProLanguage

[-] Key Deleted : HKCU\Software\SevereWeatherAlerts

[-] Key Deleted : HKCU\Software\Kromtech

[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc

[-] Key Deleted : HKCU\Software\AppDataLow\Software\SpeedChecker

[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

[!] Key Not Deleted : [x64] HKCU\Software\CleanerProConfig

[!] Key Not Deleted : [x64] HKCU\Software\CleanerProLanguage

[!] Key Not Deleted : [x64] HKCU\Software\SevereWeatherAlerts

[!] Key Not Deleted : [x64] HKCU\Software\Kromtech

[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc

[-] Key Deleted : [x64] HKLM\SOFTWARE\Kromtech

[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser

[!] Key Not Deleted : HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\Software\AppDataLow\Software\SpeedChecker

[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Object Browser

***** [ Web browsers ] *****

[-] [C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

[-] [C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

[-] [C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : tumblebugs.en.softonic.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7217 bytes] ##########

Didn't get any pop-ups this time. Don't notice anything wrong with pc now. Faster boot and operation as well.

LiquidTension · October 28, 2015

Didn't get any pop-ups this time. Don't notice anything wrong with pc now. Faster boot and operation as well.

Excellent.

Let's check for remnants.

ESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Open ESET Online Scan. The programme can be redownload here: ESET Online Scan.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click . If no threats were found, skip the next two bullet points.
Click and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to and click .
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Jetter · October 28, 2015

Ran ESET. No threats were found.

LiquidTension · October 28, 2015

Hello Keith,

Let's clean up the few items AdwCleaner did not delete, and update vulnerable software to reduce the risk of a reoccurrence.
We are just about finished at this stage.

STEP 1
Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

startCreateRestorePoint:2014-10-22 16:40 - 2014-11-02 17:05 - 0087200 _____ () C:\ProgramData\76705[-HKCU\Software\CleanerProConfig][-HKCU\Software\CleanerProLanguage][-HKCU\Software\SevereWeatherAlerts][-HKCU\Software\Kromtech][-HKCU\Software\SlimWare Utilities Inc][-HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser][-HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\Software\AppDataLow\Software\SpeedChecker][-HKU\S-1-5-18\Software\AppDataLow\Software\Object Browser]end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

Adobe Air
Java (watch out for "Optional Offers" or bundled software)
Follow these instructions to check for and download the latest Windows Updates.

STEP 3
Remove Outdated Software

Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the following programmes, right-click and click Uninstall one at a time.
Note: The programmes below may not be present. If this is the case, please skip to the next step.
- Java 8 Update 25
Follow the prompts, and reboot if necessary.

STEP 4
Security Check

Please download SecurityCheck and save the file to your Desktop.
Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
A log (checkup.txt) will automatically open on your Desktop.
Copy the contents of the log and paste in your next reply.

======================================================

STEP 5
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Fixlog.txt
checkup.txt
How is your computer performing? Are there any outstanding issues?

Jetter · October 28, 2015

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Danielle (2015-10-28 16:13:37) Run:2
Running from C:\Users\Danielle\Desktop
Loaded Profiles: Danielle (Available Profiles: Danielle)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
2014-10-22 16:40 - 2014-11-02 17:05 - 0087200 _____ () C:\ProgramData\76705
[-HKCU\Software\CleanerProConfig]
[-HKCU\Software\CleanerProLanguage]
[-HKCU\Software\SevereWeatherAlerts]
[-HKCU\Software\Kromtech]
[-HKCU\Software\SlimWare Utilities Inc]
[-HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser]
[-HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\Software\AppDataLow\Software\SpeedChecker]
[-HKU\S-1-5-18\Software\AppDataLow\Software\Object Browser]
end
*****************

Restore point was successfully created.
C:\ProgramData\76705 => moved successfully
HKCU\Software\CleanerProConfig => key not found.
HKCU\Software\CleanerProLanguage => key not found.
HKCU\Software\SevereWeatherAlerts => key not found.
HKCU\Software\Kromtech => key not found.
HKCU\Software\SlimWare Utilities Inc => key not found.
HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser => key not found.
HKU\S-1-5-21-3507488604-2405964740-3534435410-1001\Software\AppDataLow\Software\SpeedChecker => key not found.
HKU\S-1-5-18\Software\AppDataLow\Software\Object Browser => key not found.

==== End of Fixlog 16:14:09 ====

Results of screen317's Security Check version 1.011 --- 10/21/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 65
Adobe Flash Player 19.0.0.226
Google Chrome (46.0.2490.71)
Google Chrome (46.0.2490.80)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

PC seems to be running fine now. No issues to report.

LiquidTension · October 29, 2015

PC seems to be running fine now. No issues to report.

Great!

All Clean!

Congratulations, your computer appears clean!

I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful.

My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation.

DelFix

Please download DelFix and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset system settings
Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

======================================================

I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

The following programmes come highly recommended in the security community.

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.

======================================================

Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread.

Thank you for using Malwarebytes.

Safe Surfing.

Adam

Jetter · October 29, 2015

All is well, LiquidTension. Thank you so much for your help. It is greatly appreciated and a small donation is on the way. It is the least we can do. You rock!

Jetter · October 29, 2015

Not seeing a donation button but purchasing a Malwarebytes would be a good idea for this pc anyway I believe.

LiquidTension · October 29, 2015

Hi Keith,

Yes, purchasing Malwarebytes Anti-Malware Premium is a sure way of strengthening the security of the computer.

I will mark this topic as solved.

All the best,

Adam

exile360 · October 30, 2015

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

co-worker pc check

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information