Jump to content

Malwarebytes will not open


Recommended Posts

Hello trauts14,

Run the following and post the two produced logs...

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2016
Ran by Stuart (administrator) on STUART-HP (04-12-2016 14:42:15)
Running from C:\Users\Stuart\Desktop
Loaded Profiles: Stuart (Available Profiles: Stuart & QBPOSDBSrvUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\AvrcpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(Node.js) C:\Windows\Prey\versions\1.6.4\bin\node.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.4\node_modules\triggers\bin\lightevt.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\RtkBleServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\pia_manager\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Stuart\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7574896 2014-04-16] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818288 2014-04-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [419512 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-09-16] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2014-02-05] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\Run: [Microsoft Host] => C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe [32768 2014-03-20] (Microsoft Corporation)
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\Policies\Explorer: [] 
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {314cbd70-782e-11e5-9af7-38b1dbb7d787} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {441913eb-5028-11e5-aae8-3464a97bb6dc} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {66da070c-4fed-11e5-a839-3464a97bb6dc} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {b109f5a9-8c0e-11e4-a51a-38b1dbb7d788} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\...\MountPoints2: {f0be3690-a7ff-11e4-a96e-38b1dbb7d788} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-890830538-3602730652-670256873-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-09-08]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{BA6C7892-C1FC-4FCF-9B7C-8F61FDAD5BD0}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{D77F764B-A99E-4F1D-9274-6473BF938A12}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F433712C-6EB1-4AB8-B308-E99810D42066}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
HKU\S-1-5-21-890830538-3602730652-670256873-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-02-05] (Hewlett-Packard)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~2\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)
DPF: HKLM-x32 {DB7ACFA2-9634-4C98-BC9D-FB9416153022} hxxp://192.168.1.115:6020/nvEPLMedia.cab
DPF: HKLM-x32 {E19E79EC-F62E-40A0-952D-E49AEC7BEC2F} hxxp://192.168.1.4:6010/control/nvA1Media.cab
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Stuart\AppData\Roaming\KompoZer\Profiles\cy7lg9xc.default [2016-10-20]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-09-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com => not found
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @samsungtechwin.com/npwViewer -> c:\SamsungTechwin\Ipolis\npwViewer_lib.dll [2014-07-28] (Samsung Techwin)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-28] (DigitalPersona, Inc.)
FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [2011-10-28] (DVR)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-07-11] ()

Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> hxxp://google.com/
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default [2016-12-02]
CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Cast) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-03-06]
CHR Extension: (Abine TACO) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-11]
CHR Extension: (Pushbullet) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-17]
CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-01-01]
CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04]
CHR Extension: (Robot Theme, inspired by Android™) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj [2015-03-22]
CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2014-12-22]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-31]
CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-12-05]
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2 [2015-12-05]
CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-17]
CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Cast) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-11]
CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-15]
CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-03-22]
CHR Extension: (Google Play Music) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-08-14]
CHR Extension: (Facebook Friends Mapper) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ikfdhlkcdllmkklmdbhfjkofjmehionn [2015-06-29]
CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2015-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-03-22]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-03-22]
CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-04]
CHR Extension: (Flash Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-03]
CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Play Music) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-11-11]
CHR Extension: (FBDown Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2016-05-01]
CHR Extension: (Flixster) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-09-04]
CHR Extension: (Bananatag Email Tracking) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2016-10-22]
CHR Extension: (Autodesk Homestyler) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-08-17]
CHR Extension: (UglyEmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2016-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Fast Video Downloader) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-08-31]
CHR Extension: (Neater Bookmarks) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-08-31]
CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-10-02] (Fork, Ltd.) [File not signed]
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-03-31] () [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-04-03] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)
S2 AdAppMgrSvc; "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe"  [X]
S2 Intuit Entitlement Service v8; "C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe" [X]
S2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X]
S2 QBPOSDBServiceV11; "C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2014-02-03] (WinMagic Inc.)
S3 RtkAvrcp; C:\Windows\system32\drivers\RtkAvrcp.sys [61152 2012-12-28] (Realtek Semiconductor Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [552448 2014-04-01] (Realtek Semiconductor Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3402968 2014-04-11] (Realtek Semiconductor Corporation                           )
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-02-03] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2014-02-03] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-03-18] (Duplex Secure Ltd.)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1519520 2014-03-13] (Sunplus)
S2 SADP_NPF; \??\C:\Windows\SysWOW64\drivers\sadp_npf64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-04 14:42 - 2016-12-04 14:42 - 00030498 _____ C:\Users\Stuart\Desktop\FRST.txt
2016-12-04 14:40 - 2016-12-04 14:40 - 02419200 _____ (Farbar) C:\Users\Stuart\Desktop\FRST64 (1).exe
2016-12-04 13:40 - 2016-12-04 13:40 - 00010466 _____ C:\Users\Stuart\Desktop\Tiny Price Label Template.odt
2016-12-04 07:42 - 2016-12-04 07:42 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-03 17:40 - 2016-12-03 17:40 - 03968464 _____ C:\Users\Stuart\Desktop\adwcleaner_6.040.exe
2016-12-03 11:39 - 2016-12-03 11:39 - 00000000 ____D C:\Users\Stuart\Impostazioni locali
2016-12-02 19:51 - 2016-12-04 14:42 - 00000000 ____D C:\FRST
2016-12-02 19:31 - 2016-12-02 19:31 - 00000000 ____D C:\Users\Stuart\AppData\Local\ElevatedDiagnostics
2016-12-02 15:30 - 2016-12-03 17:41 - 00000000 ____D C:\AdwCleaner
2016-12-02 14:27 - 2016-12-02 14:27 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Stuart\Desktop\esetonlinescanner_enu.exe
2016-12-02 08:53 - 2016-12-02 09:19 - 235011967 _____ C:\Users\Stuart\Desktop\Pure.Genius.S01E06.HDTV.x264-KILLERS.mkv
2016-12-02 06:49 - 2016-12-03 12:25 - 00000000 ____D C:\Users\Stuart\AppData\Local\ESET
2016-12-02 06:39 - 2016-12-02 19:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-02 06:16 - 2016-12-04 07:44 - 01830176 _____ C:\Windows\ntbtlog.txt
2016-11-24 07:32 - 2016-11-24 08:07 - 1320941244 _____ C:\Users\Stuart\Downloads\Recording01_20161124_030000_3600_5624.raw
2016-11-20 15:17 - 2016-11-20 15:17 - 00000000 ____D C:\Users\Stuart\AppData\LocalLow\Google
2016-11-20 15:17 - 2016-11-20 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-11-08 17:43 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 17:43 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 17:43 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 17:43 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 17:43 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 17:43 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 17:43 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 17:43 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 17:43 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 17:43 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 17:43 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 17:43 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 17:43 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 17:43 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 17:43 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 17:43 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 17:43 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 17:43 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 17:43 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 17:43 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 17:43 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 17:43 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 17:43 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 17:43 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 17:43 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 17:43 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 17:43 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 17:43 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 17:43 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 17:43 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 17:43 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 17:43 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 17:43 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 17:43 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 17:43 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 17:43 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 17:43 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 17:43 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 17:43 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 17:43 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 17:43 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 17:43 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 17:43 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 17:43 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 17:43 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 17:43 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 17:43 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 17:43 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 17:43 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 17:43 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 17:43 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 17:43 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 17:43 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 17:43 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 17:43 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 17:43 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 17:43 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 17:43 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 17:43 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 17:43 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 17:43 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 17:43 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 17:43 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 17:43 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 17:43 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 17:43 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 17:43 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 17:43 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 17:43 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 17:43 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 17:43 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 17:43 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 17:43 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 17:43 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 17:43 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 17:43 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 17:43 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 17:43 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 17:43 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 17:43 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 17:43 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 17:43 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 17:43 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 17:43 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 17:43 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 17:43 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 17:43 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 17:43 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 17:43 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 17:43 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 17:43 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 17:43 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 17:43 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 17:43 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 17:43 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 17:43 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 17:43 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 17:43 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 17:43 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 17:43 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 17:43 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 17:43 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 17:43 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 17:43 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 17:43 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 17:43 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 17:43 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 17:43 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 17:43 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 17:43 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 17:43 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 17:43 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 17:43 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 17:43 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 17:43 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 17:43 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 17:43 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 17:43 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 17:43 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 17:43 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 17:43 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 17:43 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 17:43 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 17:43 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 17:43 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 17:43 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 17:43 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 17:43 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 17:43 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 17:43 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 17:43 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 17:43 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 17:43 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 17:43 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-04 14:41 - 2015-01-22 15:21 - 00000000 ____D C:\Users\Stuart\AppData\Local\CrashDumps
2016-12-04 14:07 - 2014-12-22 19:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-04 13:50 - 2014-12-22 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-04 13:09 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-04 13:09 - 2009-07-13 23:45 - 00026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-04 13:06 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-04 13:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-04 13:01 - 2015-08-12 15:46 - 00000000 ____D C:\Windows\Prey
2016-12-04 13:01 - 2014-12-22 19:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-04 13:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-04 12:37 - 2014-12-22 19:18 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1635E4DC-7E0A-46A3-B13B-1CE0E703D475}
2016-12-04 12:04 - 2014-12-26 08:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-04 12:04 - 2014-12-22 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-12-04 10:49 - 2015-07-04 15:22 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-04 07:42 - 2016-08-02 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-04 07:42 - 2016-08-02 16:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-03 18:54 - 2014-12-24 14:23 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\vlc
2016-12-03 18:16 - 2014-05-21 21:32 - 00001945 _____ C:\Windows\epplauncher.mif
2016-12-03 11:39 - 2014-12-22 19:17 - 00000000 ____D C:\Users\Stuart
2016-12-02 14:24 - 2015-07-04 15:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-02 09:47 - 2016-10-29 15:33 - 00000000 ____D C:\Users\Stuart\Ubiquiti UniFi
2016-12-01 08:49 - 2015-11-17 18:24 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForStuart
2016-12-01 08:49 - 2015-11-17 18:24 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForStuart.job
2016-11-27 15:01 - 2014-05-21 21:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-22 17:30 - 2014-09-08 04:42 - 00000000 ____D C:\ProgramData\Realtek
2016-11-20 15:17 - 2014-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-15 17:35 - 2014-12-22 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-15 17:35 - 2014-12-22 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-14 19:09 - 2014-12-22 19:29 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-09 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 03:24 - 2009-07-13 23:45 - 00445960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 03:06 - 2014-12-26 09:20 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 03:01 - 2014-12-26 09:20 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 18:50 - 2014-12-22 19:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 18:50 - 2014-12-22 19:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 18:50 - 2014-12-22 19:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 18:50 - 2014-12-22 19:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 18:50 - 2014-12-22 19:28 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 06:26 - 2009-07-14 00:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2016-05-26 15:14 - 2016-05-26 15:36 - 112407166 _____ () C:\Program Files (x86)\20958.mp4
2015-01-23 16:38 - 2011-04-22 19:28 - 636745237 _____ () C:\Program Files (x86)\AWESOME VIDEO.mov
2015-01-23 16:37 - 2006-06-24 05:58 - 298684218 _____ () C:\Program Files (x86)\Barbara, Jackie and Michelle.wmv
2015-01-23 16:37 - 2009-06-01 16:41 - 1451862066 _____ () C:\Program Files (x86)\Butterfly.avi
2015-02-19 14:25 - 2015-02-19 15:56 - 1535461525 _____ () C:\Program Files (x86)\good sexart movie.mp4
2015-09-09 15:54 - 2015-08-24 12:53 - 1514845509 _____ () C:\Program Files (x86)\hhh.mp4
2015-08-24 12:44 - 2015-08-24 12:53 - 1514845509 _____ () C:\Program Files (x86)\Kari.A.And.Linda.Sweet.Chef.mp4
2015-04-29 14:13 - 2015-04-27 07:22 - 177655867 _____ () C:\Program Files (x86)\Lesbea good vid.mp4
2015-04-05 08:23 - 2015-04-05 08:17 - 1046962468 _____ () C:\Program Files (x86)\lesbea ivy & shelly, how it should be.mp4
2015-03-26 16:18 - 2015-03-26 16:22 - 172932634 _____ () C:\Program Files (x86)\lesbea1.mp4
2015-03-25 17:10 - 2015-02-15 09:34 - 1017039995 _____ () C:\Program Files (x86)\lesbea8.mov
2015-01-23 16:38 - 2006-04-27 13:25 - 420732928 _____ () C:\Program Files (x86)\lesbian clip.avi
2015-04-12 16:26 - 2015-04-12 10:42 - 282471328 _____ () C:\Program Files (x86)\metart brunette on brunette.mp4
2015-07-15 16:00 - 2015-07-15 17:14 - 1596521696 _____ () C:\Program Files (x86)\Tracy.Lindsay.And.Anabelle.Linger.mp4
2015-01-23 16:38 - 2005-11-27 08:56 - 366952448 _____ () C:\Program Files (x86)\Viv Thomas - All About Eve  - Scn 01 - Sandra Shine.avi
2015-02-02 08:50 - 2015-02-02 08:56 - 198956092 _____ () C:\Program Files (x86)\viv thomas.mp4
2015-02-13 17:06 - 2015-02-13 17:21 - 839529679 _____ () C:\Program Files (x86)\www.0xxx.in_VivThomas.15.02.13.Kari.A.And.Tracy.Smile.Lady.Scene.3.Marquise.XXX.1080p.MP4-KTR.mp4
2015-08-02 18:51 - 2015-08-02 20:39 - 1655945770 _____ () C:\Program Files (x86)\www.0xxx.in_VivThomas.15.07.31.Erica.Fontes.And.Talia.Mint.Proclivity.mp4
2015-01-23 16:37 - 2006-04-27 13:24 - 442327040 _____ () C:\Program Files (x86)\_Peaches_&_Eve.avi
2014-03-20 06:53 - 2014-03-20 06:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-12-31 18:18 - 2014-12-31 18:18 - 7907217 _____ (Aimersoft Software                                          ) C:\Users\Stuart\AppData\Roaming\dvdcopy_setup.exe
2016-03-27 07:53 - 2016-03-27 08:46 - 0099384 _____ () C:\Users\Stuart\AppData\Roaming\inst.exe
2016-03-27 07:53 - 2016-03-27 08:46 - 0007859 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.cat
2016-03-27 07:53 - 2016-03-27 08:46 - 0001167 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.inf
2016-03-27 07:53 - 2016-03-27 08:46 - 0000055 _____ () C:\Users\Stuart\AppData\Roaming\pcouffin.log
2016-03-27 07:53 - 2016-03-27 08:46 - 0082816 _____ (VSO Software) C:\Users\Stuart\AppData\Roaming\pcouffin.sys
2014-12-22 19:17 - 2016-12-04 13:24 - 10916389 _____ () C:\Users\Stuart\AppData\Local\BTServer.log
2014-09-08 04:29 - 2014-09-08 04:31 - 8905842 _____ () C:\ProgramData\hpcsmmsilogs.log
2014-09-08 04:53 - 2014-09-08 04:54 - 1278098 _____ () C:\ProgramData\hpdam_install_log.txt
2014-09-08 04:53 - 2014-09-08 04:53 - 0543736 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2016-04-27 17:41 - 2016-04-27 17:45 - 0000306 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-11-01 15:07 - 2012-11-01 15:07 - 0002507 _____ () C:\ProgramData\regid.1983-04.com.intuit,IFS,POS_E1171703-BD05-428F-99A1-7FE2FC879DE2.swidtag

Some files in TEMP:
====================
C:\Users\Stuart\AppData\Local\Temp\AcDeltree.exe
C:\Users\Stuart\AppData\Local\Temp\AdAppMgrUpdater.exe
C:\Users\Stuart\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Stuart\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Stuart\AppData\Local\Temp\snappy-1.0.5-snappyjava.dll
C:\Users\Stuart\AppData\Local\Temp\vlc-2.2.4-win32.exe
C:\Users\Stuart\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-24 11:11

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2016
Ran by Stuart (04-12-2016 14:42:53)
Running from C:\Users\Stuart\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-12-23 00:17:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-890830538-3602730652-670256873-500 - Administrator - Disabled)
Guest (S-1-5-21-890830538-3602730652-670256873-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-890830538-3602730652-670256873-1003 - Limited - Enabled)
QBPOSDBSrvUser (S-1-5-21-890830538-3602730652-670256873-1004 - Limited - Enabled) => C:\Users\QBPOSDBSrvUser
Stuart (S-1-5-21-890830538-3602730652-670256873-1002 - Administrator - Enabled) => C:\Users\Stuart

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
AnyMP4 Video Converter Platinum 6.1.50 (HKLM-x32\...\{3E48324E-4843-4818-834D-C5219B51248E}_is1) (Version: 6.1.50 - AnyMP4 Studio)
Ashampoo Burning Studio 15 v.15.0.2 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG)
AutoCAD LT 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brackets (HKLM-x32\...\{0DA290D2-0583-4967-9EC0-93C1F603DD13}) (Version: 1.6 - brackets.io)
calibre (HKLM-x32\...\{D28D6EE4-3319-49B7-BEE5-1D5B2AC3FF30}) (Version: 2.30.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3920 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4513 - CyberLink Corp.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Foxit PhantomPDF (HKLM-x32\...\{5F3E0897-97AA-4FC2-A0A9-130A39D0FDFB}) (Version: 6.0.16.324 - Foxit Corporation)
GiliSoft Video Editor 7.0.0 (HKLM-x32\...\{3908B421-EF03-4389-A38C-DBAF6252E312}_is1) (Version: 7.0.0 - GiliSoft International LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hallmark Card Studio 2015 Bonus Pack (HKLM-x32\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home)
Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.4.1811 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{53AE55F3-8E99-4776-A347-06222894ECD3}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.7.27 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.41 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{88D3964A-59BE-412B-B61F-6EF5FBB33707}) (Version: 6.0.12.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{34FF930E-DBF9-4858-BAB5-BAC957BF616E}) (Version: 3.5.1.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP System Default Settings (HKLM-x32\...\{B5BEF5F8-BD76-4174-A47D-05A06EA62615}) (Version: 2.7.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
ImTOO DVD Creator (HKLM-x32\...\ImTOO DVD Creator) (Version: 7.1.3.20130709 - ImTOO)
inSSIDer 4 (HKLM-x32\...\{23A7D3D7-D312-4549-B349-2226AF6C6A83}) (Version: 4.1.0.60 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{978B5476-EAF9-4EB0-AD34-92689249A016}) (Version: 4.2.41.2499 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie DVD Copy 1.4.3 (HKLM-x32\...\Movie DVD Copy_is1) (Version:  - movie-dvd-copy.com)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
NetDvrPlugin 1.0 (HKLM-x32\...\NetDvrPlugin) (Version: 1.0 - )
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PeaZip 5.5.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Prey Anti-Theft (x32 Version: 1.6.3 - Prey, Inc.) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.7 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.83.328.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7225 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Setup (HKLM-x32\...\{FB2CA23A-3F6F-4E94-8A92-3DBA61A7092D}) (Version: 1.0.35 - Microsoft)
Skitch (HKLM-x32\...\Skitch 2.3.2.173) (Version: 2.3.2.173 - Evernote Corp.)
Slingplayer for Web Installer (x32 Version: 1.2.7.358 - Sling Media) Hidden
SlingplayerForWeb (HKLM-x32\...\{62a74667-8e59-4fbc-9417-ad041a630066}) (Version: 1.2.7.358 - Sling Media)
Snagit 12 (HKLM-x32\...\{e8720e7e-08a2-4a30-9bce-70aa27c2a3dc}) (Version: 12.2.2.2107 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.2.2 - TechSmith Corporation) Hidden
STWWebViewer for Windows 1.0.150 (HKLM-x32\...\STWWebViewer for Windows) (Version: 1.0.150 - Samsung Techwin)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.8.1 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version:  - )
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-890830538-3602730652-670256873-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E937FC4-A260-4030-9950-FB095745776E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {28AF43EA-62E6-4A8E-9DA2-804BCE20515F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {349B7FFD-6FB1-41FC-B88C-3D7EADB57B0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe
Task: {57F486EB-42E0-4B8D-BFB4-591EF149FEC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {72112010-607E-48A6-A255-F24B0E481275} - System32\Tasks\HPCeeScheduleForStuart => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {84ABFAEB-8797-4597-9A90-C8B3D65D9AFC} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-12-22] ()
Task: {8743F999-5A58-46C3-A043-BAE004C8D486} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {AAFA4149-531B-4022-9C37-A2F310DE84D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {EB0D11B1-47E6-4D1A-A520-258AB3909B4B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForStuart.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 3" --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Stuart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2013-05-22 15:21 - 2013-05-22 15:21 - 00299832 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2014-12-02 13:52 - 2014-12-02 13:52 - 00029184 _____ () C:\Windows\System32\ssm4mlm.dll
2014-09-08 04:42 - 2014-03-05 20:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-03-31 15:28 - 2014-03-31 15:28 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2014-12-08 05:10 - 2014-12-08 05:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-02-05 13:56 - 2014-02-05 13:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2016-03-28 13:07 - 2016-03-28 13:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-09-06 19:06 - 2013-09-06 19:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-09-06 19:06 - 2013-09-06 19:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-09-06 19:05 - 2013-09-06 19:05 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-12-22 19:35 - 2014-12-22 19:35 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-12-02 13:52 - 2014-12-02 13:52 - 01199104 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssm4mdu.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-12-22 19:35 - 2014-12-22 19:35 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-11-29 14:31 - 2016-11-29 14:31 - 00899584 _____ () \\?\C:\Windows\Prey\versions\1.6.4\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2014-09-08 04:49 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-08 04:41 - 2013-12-09 20:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-19 10:00 - 2014-03-19 10:00 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2016-11-14 19:09 - 2016-11-08 15:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 19:09 - 2016-11-08 15:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-12-04 13:25 - 2016-12-04 13:25 - 00012800 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00009728 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00014848 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00094208 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\src\rgloader\rgloader193.mswin.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00009216 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00094208 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00126976 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00087552 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00016384 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00127316 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\bin\libffi-6.dll
2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00013312 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00095744 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00026624 _____ () C:\Users\Stuart\AppData\Local\Temp\ocrFE8A.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00012800 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00009728 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00014848 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00094208 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\src\rgloader\rgloader193.mswin.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00094208 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00118784 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00069120 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00083968 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\bin\zlib1.dll
2016-12-04 13:25 - 2016-12-04 13:25 - 00026624 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00275968 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00015360 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00008192 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00009216 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00023552 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00008704 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00036352 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00126976 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00087552 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00016384 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00127316 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\bin\libffi-6.dll
2016-12-04 13:25 - 2016-12-04 13:25 - 00013312 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-12-04 13:25 - 2016-12-04 13:25 - 00095744 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-12-04 13:25 - 2016-12-04 13:26 - 00026624 _____ () C:\Users\Stuart\AppData\Local\Temp\ocr128.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-12-22 19:35 - 2014-12-22 19:35 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-12-22 19:35 - 2014-12-22 19:35 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:264B2CC4 [121]
AlternateDataStreams: C:\ProgramData\Temp:C05ABBB5 [250]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-890830538-3602730652-670256873-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gNjZHC.vbs => C:\Windows\pss\gNjZHC.vbs.Startup
MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro.lnk => C:\Windows\pss\OptimizerPro.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Stuart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SlingplayerForWebShortcut.lnk => C:\Windows\pss\SlingplayerForWebShortcut.lnk.Startup
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: HP Camera Driver_Monitor => "C:\Program Files (x86)\HP Camera Driver\monitor.exe"
MSCONFIG\startupreg: Skitch => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2A59FA7A-482C-47D9-A70B-9FA741B788DF}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12911CC8-2F25-4DFB-BD49-D4135325B5E2}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{34C41F39-93DD-42A8-A11D-2A2C3547EEE4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{31ABE01A-FA44-48A6-B0AB-2893A702E9B8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E5741AB-4F86-41B5-A203-51A91DD361DE}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D263C9A9-9D6C-4487-A5B8-56B9869567E9}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{E5190284-FC99-4CA1-BEAE-33DD8B785B77}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A61000F9-8C39-4FCF-A539-1F5356C29BED}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{2A154F1F-AEDE-4190-974D-55820F5ADE6B}] => c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{FD02CCB9-2D91-43B8-B3DC-A8B1B75F98D0}] => c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{EE2CAC8A-8419-4F84-AF15-E662E968C04D}] => LPort=8298
FirewallRules: [TCP Query User{A9F5BBBA-5E67-4177-9935-3071F6E3329E}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{0FB126CB-1746-4DAD-A3D9-7D71F3C0AD54}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [{01AE9375-F4AC-4F14-8232-0E1CD6F0B80B}] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [{3A586712-7DBF-4D7A-83E2-A88FDC465D67}] => C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{7D43E712-1D45-40F5-BB77-7D3DDFEACE9C}C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe
FirewallRules: [UDP Query User{50319A32-099D-4A15-803E-67C2712C317B}C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe
FirewallRules: [{16A118BE-427E-4EEC-A343-745B706CA249}] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe
FirewallRules: [{8B53EED9-0A37-456D-AA78-7C416884F075}] => C:\program files (x86)\acti corporation\edgerecorderclient\edgerecorderclient.exe
FirewallRules: [TCP Query User{83C29B25-FB86-4929-BAA7-917FB0550FBF}C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe] => C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe
FirewallRules: [UDP Query User{E0F96008-3D66-43BC-92A8-04C9B9F05CF8}C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe] => C:\users\stuart\desktop\ip_utility_v.4.3.08_20140702\ip_utility.exe
FirewallRules: [TCP Query User{37ED1B18-5DEE-426E-A308-D572152939CF}C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe] => C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{6D093600-A053-4DAB-BB06-569EA9A5ED1D}C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe] => C:\users\stuart\desktop\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{FBF78116-6C66-428E-9B4B-679928EB232D}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [UDP Query User{E1D99A83-932A-4527-874B-E29D697F8BE7}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [TCP Query User{181A6549-C532-4B2E-BE42-12F789C61F28}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [UDP Query User{59FBD0F3-1D40-49D0-AC72-475A64C1EEAB}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [{84D0D1D9-1FF8-4700-BA75-A26C9F8B7F73}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7891E0E7-B562-4383-AE94-74B7394A6A47}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{594E0781-75FC-4F93-A895-0079F2A4E7A8}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E216FBCF-2878-460A-97B6-2197B1DCFCFA}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B8D9DAE6-174D-45AE-BB8C-B6FC3746A40A}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8396DCA5-DF47-4D97-BA3F-57BC10C65D02}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A20EBB08-E54C-466F-ACA0-1A1AA8EB0137}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E1CD9A8F-A99D-4930-B438-23F0B54AEDEB}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BA8F2BC8-5984-4878-8993-E1B792E6236E}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe
FirewallRules: [{BD618F48-76B8-42A5-B5A0-254D4FD21FCA}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe
FirewallRules: [{DEC3FE58-DBC1-42F1-8FEA-317E09D8AA3A}] => C:\Users\Stuart\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{DC57C0D3-C4E9-4C18-BA3C-FC4DCB2C464A}] => C:\Users\Stuart\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{A9F29751-C383-47E2-BBDF-9C3C9E837DCB}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{7CA75C56-82BB-48B7-A8D4-C9161FF3069C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{44F9C19F-3F1C-4C76-8F5E-F2BA87094C09}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7E54455-60B1-4FAD-A03E-FA1F124B8ACE}] => C:\Windows\Prey\versions\1.6.4\bin\node.exe

==================== Restore Points =========================

27-11-2016 15:01:03 Revo Uninstaller Pro's restore point - Blue Iris 4
27-11-2016 15:01:30 Removed Blue Iris 4
29-11-2016 04:14:38 Windows Update
03-12-2016 12:01:21 Windows Update
03-12-2016 18:15:54 Revo Uninstaller Pro's restore point - Microsoft Security Essentials
04-12-2016 12:58:25 Windows Update

==================== Faulty Device Manager Devices =============

Name: Realtek Bluetooth 4.0 Adapter
Description: Realtek Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Realtek Semiconductor Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Sadp Driver (SADP_NPF)
Description: Sadp Driver (SADP_NPF)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SADP_NPF
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2016 02:41:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1f18
Faulting application start time: 0x01d24e665e55e624
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 9df83d86-ba59-11e6-828e-3464a97bb6dc

Error: (12/04/2016 01:05:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1b10
Faulting application start time: 0x01d24e58f88a141d
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 3880f55c-ba4c-11e6-828e-3464a97bb6dc

Error: (12/04/2016 12:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xffc
Faulting application start time: 0x01d24e57c5ebe764
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 0588e782-ba4b-11e6-b6cc-3464a97bb6dc

Error: (12/04/2016 11:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012

Error: (12/04/2016 11:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012

Error: (12/04/2016 11:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2016 11:50:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (12/04/2016 11:50:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (12/04/2016 11:50:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2016 11:45:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999


System errors:
=============
Error: (12/04/2016 01:03:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error: 
The system cannot find the file specified.

Error: (12/04/2016 01:02:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2016 01:01:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sadp Driver (SADP_NPF) service failed to start due to the following error: 
The system cannot find the file specified.

Error: (12/04/2016 01:01:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Entitlement Service v8 service failed to start due to the following error: 
The system cannot find the file specified.

Error: (12/04/2016 01:01:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Desktop App Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (12/04/2016 10:49:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (12/04/2016 10:49:06 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Stuart\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/04/2016 10:49:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (12/04/2016 10:49:05 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Stuart\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/04/2016 10:49:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading


CodeIntegrity:
===================================
  Date: 2015-08-27 13:49:35.447
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.437
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.427
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.138
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.044
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:35.033
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:34.834
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:34.829
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:34.825
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-27 13:49:34.564
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 36%
Total physical RAM: 8064.11 MB
Available physical RAM: 5127.24 MB
Total Virtual: 16126.4 MB
Available Virtual: 12660.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.28 GB) (Free:792.52 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.22 GB) (Free:1.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 20A63BC4)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


Download & install the newset MBAM version.

Please download user posted imageMalwarebytes Anti-Malware
 
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp
Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/4/2016
Scan Time: 3:24 PM
Logfile: scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.04.08
Rootkit Database: v2016.11.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stuart

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326550
Time Elapsed: 19 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Run the following to remove FRST and its files and folders...

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure only the following item is checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.