Jump to content

malware kicks me offline.


Recommended Posts

malware prevents me from accessing internet unless im in safe mode. malwarebytes detects nothing. chameleon will not fully scan.

 

log below: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2016
Ran by Stuart (administrator) on STUART-HP (02-12-2016 19:51:18)
Running from C:\Users\Stuart\Desktop
Loaded Profiles: Stuart (Available Profiles: Stuart & QBPOSDBSrvUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7574896 2014-04-16] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818288 2014-04-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [419512 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-09-16] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2014-02-05] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\Run: [Microsoft Host] => C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe [32768 2014-03-20] (Microsoft Corporation)
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\Policies\Explorer: [] 
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {314cbd70-782e-11e5-9af7-38b1dbb7d787} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {441913eb-5028-11e5-aae8-3464a97bb6dc} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {66da070c-4fed-11e5-a839-3464a97bb6dc} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {b109f5a9-8c0e-11e4-a51a-38b1dbb7d788} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {f0be3690-a7ff-11e4-a96e-38b1dbb7d788} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-09-08]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BA6C7892-C1FC-4FCF-9B7C-8F61FDAD5BD0}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{D77F764B-A99E-4F1D-9274-6473BF938A12}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F433712C-6EB1-4AB8-B308-E99810D42066}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
HKU\S-1-5-21-890830538-3602730652-670256873-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-02-05] (Hewlett-Packard)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~2\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)
DPF: HKLM-x32 {DB7ACFA2-9634-4C98-BC9D-FB9416153022} hxxp://192.168.1.115:6020/nvEPLMedia.cab
DPF: HKLM-x32 {E19E79EC-F62E-40A0-952D-E49AEC7BEC2F} hxxp://192.168.1.4:6010/control/nvA1Media.cab
Handler-x32: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll [2012-11-01] (Intuit Inc.)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Stuart\AppData\Roaming\KompoZer\Profiles\cy7lg9xc.default [2016-10-20]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-09-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com => not found
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @samsungtechwin.com/npwViewer -> c:\SamsungTechwin\Ipolis\npwViewer_lib.dll [2014-07-28] (Samsung Techwin)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-28] (DigitalPersona, Inc.)
FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [2011-10-28] (DVR)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-07-11] ()

Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> hxxp://google.com/
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default [2016-12-02]
CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Cast) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-03-06]
CHR Extension: (Abine TACO) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-11]
CHR Extension: (Pushbullet) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-17]
CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-01-01]
CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04]
CHR Extension: (Robot Theme, inspired by Android™) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj [2015-03-22]
CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2014-12-22]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-31]
CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-12-05]
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2 [2015-12-05]
CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-17]
CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Cast) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-11]
CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-15]
CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-03-22]
CHR Extension: (Google Play Music) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-08-14]
CHR Extension: (Facebook Friends Mapper) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ikfdhlkcdllmkklmdbhfjkofjmehionn [2015-06-29]
CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2015-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-03-22]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-03-22]
CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-02]
CHR Extension: (Flash Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-01]
CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Play Music) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-11-11]
CHR Extension: (FBDown Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2016-05-01]
CHR Extension: (Flixster) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-09-04]
CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2016-10-22]
CHR Extension: (Autodesk Homestyler) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-08-17]
CHR Extension: (UglyEmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2016-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Fast Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-08-31]
CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
S2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-10-02] (Fork, Ltd.) [File not signed]
S2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-03-31] () [File not signed]
S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-04-03] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
S2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
S2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
S2 Intuit Entitlement Service v8; C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [24680 2011-12-23] (Intuit, Inc.)
S2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-06] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 QBPOSDBServiceV11; C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe [3140744 2012-11-01] (Intuit Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)
S2 AdAppMgrSvc; "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe"  [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
S3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-08-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2014-02-03] (WinMagic Inc.)
S3 RtkAvrcp; C:\Windows\system32\drivers\RtkAvrcp.sys [61152 2012-12-28] (Realtek Semiconductor Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [552448 2014-04-01] (Realtek Semiconductor Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3402968 2014-04-11] (Realtek Semiconductor Corporation                           )
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-02-03] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2014-02-03] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-03-18] (Duplex Secure Ltd.)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1519520 2014-03-13] (Sunplus)
S2 SADP_NPF; \??\C:\Windows\SysWOW64\drivers\sadp_npf64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-02 19:51 - 2016-12-02 19:51 - 00025742 _____ C:\Users\Stuart\Desktop\FRST.txt
2016-12-02 19:51 - 2016-12-02 19:51 - 00000000 ____D C:\FRST
2016-12-02 19:50 - 2016-12-02 19:51 - 02411520 _____ (Farbar) C:\Users\Stuart\Desktop\FRST64.exe
2016-12-02 19:31 - 2016-12-02 19:31 - 00000000 ____D C:\Users\Stuart\AppData\Local\ElevatedDiagnostics
2016-12-02 15:30 - 2016-12-02 15:33 - 00000000 ____D C:\AdwCleaner
2016-12-02 15:29 - 2016-12-02 15:29 - 03910208 _____ C:\Users\Stuart\Desktop\AdwCleaner.exe
2016-12-02 15:25 - 2016-12-02 19:10 - 00002872 _____ C:\Users\Stuart\Desktop\Rkill.txt
2016-12-02 14:27 - 2016-12-02 14:27 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Stuart\Desktop\esetonlinescanner_enu.exe
2016-12-02 08:53 - 2016-12-02 09:19 - 235011967 _____ C:\Users\Stuart\Desktop\Pure.Genius.S01E06.HDTV.x264-KILLERS.mkv
2016-12-02 06:49 - 2016-12-02 16:49 - 00000000 ____D C:\Users\Stuart\AppData\Local\ESET
2016-12-02 06:39 - 2016-12-02 19:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-02 06:16 - 2016-12-02 19:43 - 01169654 _____ C:\Windows\ntbtlog.txt
2016-11-24 07:32 - 2016-11-24 08:07 - 1320941244 _____ C:\Users\Stuart\Downloads\Recording01_20161124_030000_3600_5624.raw
2016-11-20 15:17 - 2016-11-20 15:17 - 00000000 ____D C:\Users\Stuart\AppData\LocalLow\Google
2016-11-20 15:17 - 2016-11-20 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-11-08 17:43 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 17:43 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 17:43 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 17:43 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 17:43 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 17:43 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 17:43 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 17:43 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 17:43 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 17:43 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 17:43 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 17:43 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 17:43 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 17:43 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 17:43 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 17:43 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 17:43 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 17:43 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 17:43 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 17:43 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 17:43 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 17:43 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 17:43 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 17:43 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 17:43 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 17:43 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 17:43 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 17:43 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 17:43 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 17:43 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 17:43 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 17:43 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 17:43 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 17:43 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 17:43 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 17:43 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 17:43 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 17:43 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 17:43 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 17:43 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 17:43 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 17:43 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 17:43 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 17:43 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 17:43 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 17:43 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 17:43 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 17:43 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 17:43 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 17:43 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 17:43 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 17:43 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 17:43 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 17:43 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 17:43 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 17:43 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 17:43 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 17:43 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 17:43 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 17:43 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 17:43 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 17:43 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 17:43 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 17:43 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 17:43 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 17:43 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 17:43 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 17:43 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 17:43 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 17:43 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 17:43 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 17:43 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 17:43 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 17:43 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 17:43 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 17:43 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 17:43 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 17:43 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 17:43 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 17:43 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 17:43 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 17:43 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 17:43 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 17:43 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 17:43 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 17:43 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 17:43 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 17:43 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 17:43 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 17:43 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 17:43 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 17:43 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 17:43 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 17:43 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 17:43 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 17:43 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 17:43 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 17:43 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 17:43 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 17:43 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 17:43 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 17:43 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 17:43 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 17:43 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 17:43 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 17:43 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 17:43 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 17:43 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 17:43 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 17:43 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 17:43 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 17:43 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 17:43 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 17:43 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 17:43 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 17:43 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 17:43 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 17:43 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 17:43 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 17:43 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 17:43 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 17:43 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 17:43 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 17:43 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 17:43 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 17:43 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 17:43 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 17:43 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 17:43 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-05 20:18 - 2016-11-06 04:25 - 895116800 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103132254_20161103132635.avi
2016-11-05 20:18 - 2016-11-06 04:22 - 2070645248 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103131432_20161103132254.avi
2016-11-05 20:18 - 2016-11-06 04:15 - 2071195136 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103131231_20161103131432.avi
2016-11-05 20:18 - 2016-11-06 04:12 - 2079110656 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103131011_20161103131231.avi
2016-11-05 20:18 - 2016-11-06 04:09 - 2047384064 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103130714_20161103131011.avi
2016-11-05 20:18 - 2016-11-06 04:06 - 2066130944 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103130545_20161103130714.avi
2016-11-05 20:18 - 2016-11-06 04:04 - 2048870912 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103130253_20161103130545.avi
2016-11-05 20:18 - 2016-11-06 04:01 - 2048315392 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103130038_20161103130253.avi
2016-11-05 20:18 - 2016-11-06 03:58 - 2076597248 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103125631_20161103130038.avi
2016-11-05 20:18 - 2016-11-06 03:54 - 2059469824 _____ C:\Users\Stuart\Desktop\Recording01_20161103_000000_86400_7789_20161103125320_20161103125631.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-02 19:38 - 2015-08-12 15:46 - 00000000 ____D C:\Windows\Prey
2016-12-02 19:36 - 2014-12-22 19:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-02 19:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-02 19:29 - 2015-01-22 15:21 - 00000000 ____D C:\Users\Stuart\AppData\Local\CrashDumps
2016-12-02 19:28 - 2015-07-04 15:22 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-02 19:09 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-02 19:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-02 15:09 - 2014-12-22 19:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-02 14:50 - 2014-12-22 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-02 14:31 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-02 14:31 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-02 14:24 - 2015-07-04 15:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-02 09:47 - 2016-10-29 15:33 - 00000000 ____D C:\Users\Stuart\Ubiquiti UniFi
2016-12-02 06:04 - 2014-12-26 08:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-02 01:03 - 2014-12-22 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-12-01 19:11 - 2014-12-22 19:18 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1635E4DC-7E0A-46A3-B13B-1CE0E703D475}
2016-12-01 14:56 - 2014-12-24 14:23 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\vlc
2016-12-01 08:49 - 2015-11-17 18:24 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForStuart
2016-12-01 08:49 - 2015-11-17 18:24 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForStuart.job
2016-11-27 15:01 - 2014-05-21 21:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-22 17:30 - 2014-09-08 04:42 - 00000000 ____D C:\ProgramData\Realtek
2016-11-20 15:17 - 2014-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-15 17:35 - 2014-12-22 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-15 17:35 - 2014-12-22 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-14 19:09 - 2014-12-22 19:29 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-09 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 03:24 - 2009-07-13 23:45 - 00445960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 03:06 - 2014-12-26 09:20 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 03:01 - 2014-12-26 09:20 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 18:50 - 2014-12-22 19:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 18:50 - 2014-12-22 19:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 18:50 - 2014-12-22 19:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 18:50 - 2014-12-22 19:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 18:50 - 2014-12-22 19:28 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 06:26 - 2009-07-14 00:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2016-05-26 15:14 - 2016-05-26 15:36 - 112407166 _____ () C:\Program Files (x86)\20958.mp4
2015-01-23 16:38 - 2011-04-22 19:28 - 636745237 _____ () C:\Program Files (x86)\AWESOME VIDEO.mov
2015-01-23 16:37 - 2006-06-24 05:58 - 298684218 _____ () C:\Program Files (x86)\Barbara, Jackie and Michelle.wmv
2015-01-23 16:37 - 2009-06-01 16:41 - 1451862066 _____ () C:\Program Files (x86)\Butterfly.avi
2015-02-19 14:25 - 2015-02-19 15:56 - 1535461525 _____ () C:\Program Files (x86)\good sexart movie.mp4
2015-09-09 15:54 - 2015-08-24 12:53 - 1514845509 _____ () C:\Program Files (x86)\hhh.mp4
2015-08-24 12:44 - 2015-08-24 12:53 - 1514845509 _____ () C:\Program Files (x86)\Kari.A.And.Linda.Sweet.Chef.mp4
2015-04-29 14:13 - 2015-04-27 07:22 - 177655867 _____ () C:\Program Files (x86)\Lesbea good vid.mp4
2015-04-05 08:23 - 2015-04-05 08:17 - 1046962468 _____ () C:\Program Files (x86)\lesbea ivy & shelly, how it should be.mp4
2015-03-26 16:18 - 2015-03-26 16:22 - 172932634 _____ () C:\Program Files (x86)\lesbea1.mp4
2015-03-25 17:10 - 2015-02-15 09:34 - 1017039995 _____ () C:\Program Files (x86)\lesbea8.mov
2015-01-23 16:38 - 2006-04-27 13:25 - 420732928 _____ () C:\Program Files (x86)\lesbian clip.avi
2015-04-12 16:26 - 2015-04-12 10:42 - 282471328 _____ () C:\Program Files (x86)\metart brunette on brunette.mp4
2015-07-15 16:00 - 2015-07-15 17:14 - 1596521696 _____ () C:\Program Files (x86)\Tracy.Lindsay.And.Anabelle.Linger.mp4
2015-01-23 16:38 - 2005-11-27 08:56 - 366952448 _____ () C:\Program Files (x86)\Viv Thomas - All About Eve  - Scn 01 - Sandra Shine.avi
2015-02-02 08:50 - 2015-02-02 08:56 - 198956092 _____ () C:\Program Files (x86)\viv thomas.mp4
2015-02-13 17:06 - 2015-02-13 17:21 - 839529679 _____ () C:\Program Files (x86)\www.0xxx.in_VivThomas.15.02.13.Kari.A.And.Tracy.Smile.Lady.Scene.3.Marquise.XXX.1080p.MP4-KTR.mp4
2015-08-02 18:51 - 2015-08-02 20:39 - 1655945770 _____ () C:\Program Files (x86)\www.0xxx.in_VivThomas.15.07.31.Erica.Fontes.And.Talia.Mint.Proclivity.mp4
2015-01-23 16:37 - 2006-04-27 13:24 - 442327040 _____ () C:\Program Files (x86)\_Peaches_&_Eve.avi
2014-03-20 06:53 - 2014-03-20 06:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-12-31 18:18 - 2014-12-31 18:18 - 7907217 _____ (Aimersoft Software                                          ) C:\Users\Stuart\AppData\Roaming\dvdcopy_setup.exe
2016-03-27 07:53 - 2016-03-27 08:46 - 0099384 _____ () C:\Users\Stuart\AppData\Roaming\inst.exe
2016-03-27 07:53 - 2016-03-27 08:46 - 0007859 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.cat
2016-03-27 07:53 - 2016-03-27 08:46 - 0001167 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.inf
2016-03-27 07:53 - 2016-03-27 08:46 - 0000055 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.log
2016-03-27 07:53 - 2016-03-27 08:46 - 0082816 _____ (VSO Software) C:\Users\Stuart\AppData\Roaming\pcouffin.sys
2014-12-22 19:17 - 2016-12-02 19:37 - 10885652 _____ () C:\Users\Stuart\AppData\Local\BTServer.log
2014-09-08 04:29 - 2014-09-08 04:31 - 8905842 _____ () C:\ProgramData\hpcsmmsilogs.log
2014-09-08 04:53 - 2014-09-08 04:54 - 1278098 _____ () C:\ProgramData\hpdam_install_log.txt
2014-09-08 04:53 - 2014-09-08 04:53 - 0543736 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2016-04-27 17:41 - 2016-04-27 17:45 - 0000306 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-11-01 15:07 - 2012-11-01 15:07 - 0002507 _____ () C:\ProgramData\regid.1983-04.com.intuit,IFS,POS_E1171703-BD05-428F-99A1-7FE2FC879DE2.swidtag

Some files in TEMP:
====================
C:\Users\Stuart\AppData\Local\Temp\AcDeltree.exe
C:\Users\Stuart\AppData\Local\Temp\AdAppMgrUpdater.exe
C:\Users\Stuart\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Stuart\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Stuart\AppData\Local\Temp\libeay32.dll
C:\Users\Stuart\AppData\Local\Temp\msvcr120.dll
C:\Users\Stuart\AppData\Local\Temp\snappy-1.0.5-snappyjava.dll
C:\Users\Stuart\AppData\Local\Temp\sqlite3.dll
C:\Users\Stuart\AppData\Local\Temp\vlc-2.2.4-win32.exe
C:\Users\Stuart\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-24 11:11

==================== End of FRST.txt ============================

 

----------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016
Ran by Stuart (02-12-2016 19:52:17)
Running from C:\Users\Stuart\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-12-23 00:17:01)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-890830538-3602730652-670256873-500 - Administrator - Disabled)
Guest (S-1-5-21-890830538-3602730652-670256873-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-890830538-3602730652-670256873-1003 - Limited - Enabled)
QBPOSDBSrvUser (S-1-5-21-890830538-3602730652-670256873-1004 - Limited - Enabled) => C:\Users\QBPOSDBSrvUser
Stuart (S-1-5-21-890830538-3602730652-670256873-1002 - Administrator - Enabled) => C:\Users\Stuart

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
AnyMP4 Video Converter Platinum 6.1.50 (HKLM-x32\...\{3E48324E-4843-4818-834D-C5219B51248E}_is1) (Version: 6.1.50 - AnyMP4 Studio)
Ashampoo Burning Studio 15 v.15.0.2 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG)
AutoCAD LT 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brackets (HKLM-x32\...\{0DA290D2-0583-4967-9EC0-93C1F603DD13}) (Version: 1.6 - brackets.io)
calibre (HKLM-x32\...\{D28D6EE4-3319-49B7-BEE5-1D5B2AC3FF30}) (Version: 2.30.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3920 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4513 - CyberLink Corp.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Foxit PhantomPDF (HKLM-x32\...\{5F3E0897-97AA-4FC2-A0A9-130A39D0FDFB}) (Version: 6.0.16.324 - Foxit Corporation)
GiliSoft Video Editor 7.0.0 (HKLM-x32\...\{3908B421-EF03-4389-A38C-DBAF6252E312}_is1) (Version: 7.0.0 - GiliSoft International LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hallmark Card Studio 2015 Bonus Pack (HKLM-x32\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home)
Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.4.1811 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{53AE55F3-8E99-4776-A347-06222894ECD3}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.7.27 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.41 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{88D3964A-59BE-412B-B61F-6EF5FBB33707}) (Version: 6.0.12.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{34FF930E-DBF9-4858-BAB5-BAC957BF616E}) (Version: 3.5.1.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP System Default Settings (HKLM-x32\...\{B5BEF5F8-BD76-4174-A47D-05A06EA62615}) (Version: 2.7.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
ImTOO DVD Creator (HKLM-x32\...\ImTOO DVD Creator) (Version: 7.1.3.20130709 - ImTOO)
inSSIDer 4 (HKLM-x32\...\{23A7D3D7-D312-4549-B349-2226AF6C6A83}) (Version: 4.1.0.60 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{978B5476-EAF9-4EB0-AD34-92689249A016}) (Version: 4.2.41.2499 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie DVD Copy 1.4.3 (HKLM-x32\...\Movie DVD Copy_is1) (Version:  - movie-dvd-copy.com)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
NetDvrPlugin 1.0 (HKLM-x32\...\NetDvrPlugin) (Version: 1.0 - )
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PeaZip 5.5.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Prey Anti-Theft (x32 Version: 1.6.3 - Prey, Inc.) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickBooks Point of Sale 2013 (HKLM-x32\...\{2F6FE8E0-A61C-4C2D-A601-F5731D8F7EF0}) (Version: 22.3.1029 - Intuit Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.7 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.83.328.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7225 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Setup (HKLM-x32\...\{FB2CA23A-3F6F-4E94-8A92-3DBA61A7092D}) (Version: 1.0.35 - Microsoft)
Skitch (HKLM-x32\...\Skitch 2.3.2.173) (Version: 2.3.2.173 - Evernote Corp.)
Slingplayer for Web Installer (x32 Version: 1.2.7.358 - Sling Media) Hidden
SlingplayerForWeb (HKLM-x32\...\{62a74667-8e59-4fbc-9417-ad041a630066}) (Version: 1.2.7.358 - Sling Media)
Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.2.2 - TechSmith Corporation) Hidden
STWWebViewer for Windows 1.0.150 (HKLM-x32\...\STWWebViewer for Windows) (Version: 1.0.150 - Samsung Techwin)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.8.1 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version:  - )
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-890830538-3602730652-670256873-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E937FC4-A260-4030-9950-FB095745776E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {28AF43EA-62E6-4A8E-9DA2-804BCE20515F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {349B7FFD-6FB1-41FC-B88C-3D7EADB57B0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe
Task: {57F486EB-42E0-4B8D-BFB4-591EF149FEC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {72112010-607E-48A6-A255-F24B0E481275} - System32\Tasks\HPCeeScheduleForStuart => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {84ABFAEB-8797-4597-9A90-C8B3D65D9AFC} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-12-22] ()
Task: {8743F999-5A58-46C3-A043-BAE004C8D486} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {AAFA4149-531B-4022-9C37-A2F310DE84D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {EB0D11B1-47E6-4D1A-A520-258AB3909B4B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForStuart.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 3" --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2014-12-08 05:10 - 2014-12-08 05:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-02-05 13:56 - 2014-02-05 13:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2016-03-28 13:07 - 2016-03-28 13:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-12-02 06:44 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-12-02 06:44 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:264B2CC4 [121]
AlternateDataStreams: C:\ProgramData\Temp:C05ABBB5 [250]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-890830538-3602730652-670256873-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gNjZHC.vbs => C:\Windows\pss\gNjZHC.vbs.Startup
MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro.lnk => C:\Windows\pss\OptimizerPro.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SlingplayerForWebShortcut.lnk => C:\Windows\pss\SlingplayerForWebShortcut.lnk.Startup
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: HP Camera Driver_Monitor => "C:\Program Files (x86)\HP Camera Driver\monitor.exe"
MSCONFIG\startupreg: Skitch => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2A59FA7A-482C-47D9-A70B-9FA741B788DF}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12911CC8-2F25-4DFB-BD49-D4135325B5E2}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{34C41F39-93DD-42A8-A11D-2A2C3547EEE4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{31ABE01A-FA44-48A6-B0AB-2893A702E9B8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E5741AB-4F86-41B5-A203-51A91DD361DE}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D263C9A9-9D6C-4487-A5B8-56B9869567E9}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{E5190284-FC99-4CA1-BEAE-33DD8B785B77}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A61000F9-8C39-4FCF-A539-1F5356C29BED}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{2A154F1F-AEDE-4190-974D-55820F5ADE6B}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{FD02CCB9-2D91-43B8-B3DC-A8B1B75F98D0}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{EE2CAC8A-8419-4F84-AF15-E662E968C04D}] => LPort=8298
FirewallRules: [TCP Query User{A9F5BBBA-5E67-4177-9935-3071F6E3329E}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{0FB126CB-1746-4DAD-A3D9-7D71F3C0AD54}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [{01AE9375-F4AC-4F14-8232-0E1CD6F0B80B}] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [{3A586712-7DBF-4D7A-83E2-A88FDC465D67}] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{7D43E712-1D45-40F5-BB77-7D3DDFEACE9C}C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe
FirewallRules: [UDP Query User{50319A32-099D-4A15-803E-67C2712C317B}C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe
FirewallRules: [{16A118BE-427E-4EEC-A343-745B706CA249}] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe
FirewallRules: [{8B53EED9-0A37-456D-AA78-7C416884F075}] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe
FirewallRules: [TCP Query User{83C29B25-FB86-4929-BAA7-917FB0550FBF}C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe] => C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe
FirewallRules: [UDP Query User{E0F96008-3D66-43BC-92A8-04C9B9F05CF8}C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe] => C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe
FirewallRules: [TCP Query User{37ED1B18-5DEE-426E-A308-D572152939CF}C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe] => C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{6D093600-A053-4DAB-BB06-569EA9A5ED1D}C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe] => C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{FBF78116-6C66-428E-9B4B-679928EB232D}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [UDP Query User{E1D99A83-932A-4527-874B-E29D697F8BE7}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [TCP Query User{181A6549-C532-4B2E-BE42-12F789C61F28}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [UDP Query User{59FBD0F3-1D40-49D0-AC72-475A64C1EEAB}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [{84D0D1D9-1FF8-4700-BA75-A26C9F8B7F73}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7891E0E7-B562-4383-AE94-74B7394A6A47}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{594E0781-75FC-4F93-A895-0079F2A4E7A8}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E216FBCF-2878-460A-97B6-2197B1DCFCFA}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B8D9DAE6-174D-45AE-BB8C-B6FC3746A40A}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8396DCA5-DF47-4D97-BA3F-57BC10C65D02}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A20EBB08-E54C-466F-ACA0-1A1AA8EB0137}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E1CD9A8F-A99D-4930-B438-23F0B54AEDEB}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BA8F2BC8-5984-4878-8993-E1B792E6236E}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe
FirewallRules: [{BD618F48-76B8-42A5-B5A0-254D4FD21FCA}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe
FirewallRules: [{DEC3FE58-DBC1-42F1-8FEA-317E09D8AA3A}] => C:\Users\Stuart\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{DC57C0D3-C4E9-4C18-BA3C-FC4DCB2C464A}] => C:\Users\Stuart\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{A9F29751-C383-47E2-BBDF-9C3C9E837DCB}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{7CA75C56-82BB-48B7-A8D4-C9161FF3069C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{44F9C19F-3F1C-4C76-8F5E-F2BA87094C09}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7E54455-60B1-4FAD-A03E-FA1F124B8ACE}] => C:\Windows\Prey\versions\1.6.4\bin\node.exe

==================== Restore Points =========================

25-11-2016 13:39:11 Windows Update
27-11-2016 15:01:03 Revo Uninstaller Pro's restore point - Blue Iris 4
27-11-2016 15:01:30 Removed Blue Iris 4
29-11-2016 04:14:38 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek Bluetooth 4.0 Adapter
Description: Realtek Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Realtek Semiconductor Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2016 07:37:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Intuit.Spc.Map.EntitlementClient.Server.Service.exe, version: 8.0.7.0, time stamp: 0x4ef5015f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23569, time stamp: 0x57f7bc1f
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0xc1c
Faulting application start time: 0x01d24cfd66a3ac8b
Faulting application path: C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: b4ace22b-b8f0-11e6-b373-3464a97bb6dc

Error: (12/02/2016 07:37:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Intuit.Spc.Map.EntitlementClient.Server.Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Intuit.Spc.Map.Features.EntitlementClient.Server.Service.EntitlementService.OnStartWorker()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (12/02/2016 07:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x49c
Faulting application start time: 0x01d24cfc39d29def
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 81c1417c-b8ef-11e6-be86-3464a97bb6dc

Error: (12/02/2016 07:28:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x7a4
Faulting application start time: 0x01d24cfc12be3ae3
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 5aae3e04-b8ef-11e6-be86-3464a97bb6dc

Error: (12/02/2016 07:26:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x778
Faulting application start time: 0x01d24cfbd900a743
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 20eb2c10-b8ef-11e6-be86-3464a97bb6dc

Error: (12/02/2016 07:25:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x440
Faulting application start time: 0x01d24cfba7e8568b
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: efd4b01f-b8ee-11e6-be86-3464a97bb6dc

Error: (12/02/2016 07:23:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5fc
Faulting application start time: 0x01d24cfb60e66b20
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: a8d0c8dd-b8ee-11e6-be86-3464a97bb6dc

Error: (12/02/2016 07:21:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1c0
Faulting application start time: 0x01d24cfb3931f52b
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 81268c3e-b8ee-11e6-be86-3464a97bb6dc

Error: (12/02/2016 07:20:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x560
Faulting application start time: 0x01d24cfb100fe01c
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 57fc60c0-b8ee-11e6-be86-3464a97bb6dc

Error: (12/02/2016 07:19:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x524
Faulting application start time: 0x01d24cfae8325dbd
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 30301cb2-b8ee-11e6-be86-3464a97bb6dc


System errors:
=============
Error: (12/02/2016 07:51:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:51:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:51:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:51:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:51:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:51:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:46:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:46:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:46:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (12/02/2016 07:45:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2015-08-27 13:49:35.447
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.437
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.427
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.138
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.044
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.033
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:34.834
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:34.829
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:34.825
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:34.564
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 16%
Total physical RAM: 8064.11 MB
Available physical RAM: 6702.15 MB
Total Virtual: 16126.4 MB
Available Virtual: 14554.19 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.28 GB) (Free:788.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.22 GB) (Free:1.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 20A63BC4)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.