ProblemsRBad

Members
  • Content count

    747
  • Joined

  • Last visited

  • Time Online

    23d 22h 3m 47s

About ProblemsRBad

  • Rank
    Member

Profile Information

  • Gender
  • OS Windows 10

Profile Fields

  • Country
  1. ok finished here you go thanks,   Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016 Ran by r (2016-02-06 20:10:42) Run:1 Running from C:\Users\r\Desktop Loaded Profiles: r (Available Profiles: r) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM-x32\...\Run: [] => [X] FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> F:\VLC\npvlc.dll [No File] S3 mfeaack01; \Device\mfeaack01.sys [X] 2016-02-06 10:03 - 2015-05-14 01:13 - 00000000 ____D C:\ProgramData\McAfee 2016-02-06 09:46 - 2015-07-03 01:22 - 00000000 ____D C:\Windows\System32\Tasks\McAfee 2015-09-17 16:04 - 2015-04-13 14:56 - 0016659 _____ () C:\Program Files\AUTHORS.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0861120 _____ () C:\Program Files\axvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000294 _____ () C:\Program Files\axvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0018092 _____ () C:\Program Files\COPYING.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0143296 _____ () C:\Program Files\libvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000283 _____ () C:\Program Files\libvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 15:00 - 2631616 _____ () C:\Program Files\libvlccore.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0155516 _____ () C:\Program Files\NEWS.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0662464 _____ (VideoLAN) C:\Program Files\npvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000294 _____ () C:\Program Files\npvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0002759 _____ () C:\Program Files\README.txt 2015-09-17 16:04 - 2015-04-13 14:56 - 0005605 _____ () C:\Program Files\THANKS.txt 2015-09-17 16:04 - 2015-04-13 15:00 - 0123840 _____ (VideoLAN) C:\Program Files\vlc-cache-gen.exe 2015-09-17 16:04 - 2015-04-13 14:57 - 0137152 _____ (VideoLAN) C:\Program Files\vlc.exe 2015-09-17 16:04 - 2015-04-13 14:56 - 0000825 _____ () C:\Program Files\vlc.exe.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0073164 _____ () C:\Program Files\vlc.ico 2015-12-13 23:57 - 2015-12-13 23:57 - 0980171 _____ () C:\Users\r\AppData\Local\AVI-Player_724.rar 2015-12-20 13:28 - 2015-12-13 23:57 - 1031205 _____ (Internet Program Installer                                  ) C:\Users\r\AppData\Local\aviplayer_setup.exe 2015-07-09 17:56 - 2015-07-09 17:56 - 0003584 _____ () C:\Users\r\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-30 20:50 - 2015-07-17 11:46 - 0007605 _____ () C:\Users\r\AppData\Local\Resmon.ResmonCfg 2015-05-14 01:01 - 2015-05-14 01:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-29 23:47 - 2016-02-04 21:37 - 0002612 _____ () C:\ProgramData\hpzinstall.log 2015-05-14 01:09 - 2015-05-14 01:10 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-05-14 01:07 - 2015-05-14 01:08 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-05-14 01:08 - 2015-05-14 01:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-05-14 01:09 - 2015-05-14 01:09 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-05-14 01:07 - 2015-05-14 01:07 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log C:\Users\r\AppData\Local\Temp\dbdfcafb-4859-467a-90bf-eff61df40b48.exe C:\Users\r\AppData\Local\Temp\dllnt_dump.dll C:\Users\r\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdlp_v1.dll C:\Users\r\AppData\Local\Temp\HPInstaller.exe C:\Users\r\AppData\Local\Temp\i4jdel0.exe C:\Users\r\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\r\AppData\Local\Temp\McCSPInstall.dll C:\Users\r\AppData\Local\Temp\mccspuninstall.exe C:\Users\r\AppData\Local\Temp\RoboForm-Setup.exe C:\Users\r\AppData\Local\Temp\Second_Life_3_8_3_304115_i686_Setup.exe C:\Users\r\AppData\Local\Temp\sqlite3.dll AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Users\r\Desktop\adwcleaner_5.032.exe:$CmdTcID AlternateDataStreams: C:\Users\r\Desktop\adwcleaner_5.032.exe:$CmdZnID AlternateDataStreams: C:\Users\r\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\r\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\r\Desktop\RogueKiller.exe:$CmdZnID ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => key removed successfully mfeaack01 => service removed successfully C:\ProgramData\McAfee => moved successfully C:\Windows\System32\Tasks\McAfee => moved successfully C:\Program Files\AUTHORS.txt => moved successfully C:\Program Files\axvlc.dll => moved successfully C:\Program Files\axvlc.dll.manifest => moved successfully C:\Program Files\COPYING.txt => moved successfully C:\Program Files\libvlc.dll => moved successfully C:\Program Files\libvlc.dll.manifest => moved successfully C:\Program Files\libvlccore.dll => moved successfully C:\Program Files\NEWS.txt => moved successfully C:\Program Files\npvlc.dll => moved successfully C:\Program Files\npvlc.dll.manifest => moved successfully C:\Program Files\README.txt => moved successfully C:\Program Files\THANKS.txt => moved successfully C:\Program Files\vlc-cache-gen.exe => moved successfully C:\Program Files\vlc.exe => moved successfully C:\Program Files\vlc.exe.manifest => moved successfully C:\Program Files\vlc.ico => moved successfully C:\Users\r\AppData\Local\AVI-Player_724.rar => moved successfully C:\Users\r\AppData\Local\aviplayer_setup.exe => moved successfully C:\Users\r\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully C:\Users\r\AppData\Local\Resmon.ResmonCfg => moved successfully C:\ProgramData\DP45977C.lfl => moved successfully C:\ProgramData\hpzinstall.log => moved successfully C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log => moved successfully C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully C:\Users\r\AppData\Local\Temp\dbdfcafb-4859-467a-90bf-eff61df40b48.exe => moved successfully C:\Users\r\AppData\Local\Temp\dllnt_dump.dll => moved successfully C:\Users\r\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdlp_v1.dll => moved successfully C:\Users\r\AppData\Local\Temp\HPInstaller.exe => moved successfully C:\Users\r\AppData\Local\Temp\i4jdel0.exe => moved successfully C:\Users\r\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully C:\Users\r\AppData\Local\Temp\McCSPInstall.dll => moved successfully C:\Users\r\AppData\Local\Temp\mccspuninstall.exe => moved successfully C:\Users\r\AppData\Local\Temp\RoboForm-Setup.exe => moved successfully C:\Users\r\AppData\Local\Temp\Second_Life_3_8_3_304115_i686_Setup.exe => moved successfully C:\Users\r\AppData\Local\Temp\sqlite3.dll => moved successfully "C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found. "C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found. "C:\Users\r\Desktop\adwcleaner_5.032.exe" => ":$CmdTcID" ADS not found. C:\Users\r\Desktop\adwcleaner_5.032.exe => ":$CmdZnID" ADS removed successfully. C:\Users\r\Desktop\FRST64.exe => ":$CmdZnID" ADS removed successfully. C:\Users\r\Desktop\JRT.exe => ":$CmdZnID" ADS removed successfully. C:\Users\r\Desktop\RogueKiller.exe => ":$CmdZnID" ADS removed successfully. ==== End of Fixlog 20:10:44 ====
  2. Ok thanks here is the FRST logs:   Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016 Ran by r (administrator) on MYPC (06-02-2016 17:22:52) Running from C:\Users\r\Desktop Loaded Profiles: r (Available Profiles: r) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-08-17] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Qualcomm®Atheros®) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [BingSvc] => C:\Users\r\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-18] (Siber Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-29] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 Tcpip\..\Interfaces\{0AFB2531-3F52-4F94-B5DB-9FA0100A878F}: [DhcpNameServer] 75.75.76.76 75.75.75.75 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SL5M_FRPage SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {E7BFD48D-04EE-4CEF-B4FA-51E560A66B44} URL = hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q={searchTerms}&src=IE-SearchBox BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-26] (Oracle Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) FireFox: ======== FF ProfilePath: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default FF DefaultSearchEngine: Yahoo FF DefaultSearchEngine.US: Google FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Yahoo FF Homepage: hxxp://google.com FF Session Restore: -> is enabled. FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> F:\VLC\npvlc.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems) FF Plugin HKU\S-1-5-21-4097768012-1274822476-2557327463-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\r\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.) FF Extension: InvisibleHand - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi [2015-11-25] FF Extension: Add to Amazon Wish List Button - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\amznUWL2@amazon.com.xpi [2015-11-29] FF Extension: Adblock Plus Pop-up Addon - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-01-03] FF Extension: LastPass - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\support@lastpass.com [2016-01-06] FF Extension: Ebates Cash Back - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-01-22] FF Extension: WOT - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-02-06] FF Extension: Bing Search - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\bingsearch.full@microsoft.com [2016-02-06] [not signed] FF Extension: AdBlock for Gmail™ - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\jid1-dswFGkUjb2SIHv@jetpack.xpi [2015-07-11] FF Extension: Adblock Plus - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-09-18] [not signed] FF HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR Profile: C:\Users\r\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09] CHR Extension: (Google Docs) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09] CHR Extension: (Google Drive) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09] CHR Extension: (YouTube) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09] CHR Extension: (Google Search) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09] CHR Extension: (Google Sheets) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09] CHR Extension: (SiteAdvisor) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-01-09] CHR Extension: (Google Docs Offline) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09] CHR Extension: (Gmail) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows (R) Win 7 DDK provider) [File not signed] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO) S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.) S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.) S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2015-12-07] (Dell) S4 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-08-24] () S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.) S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.) S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 HPSLPSVC; C:\Users\r\AppData\Local\Temp\7zS070B\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) S4 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1169232 2009-09-24] (Lavasoft) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2016-02-06] (Malwarebytes) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) S4 ScsiAccess; C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe [181312 2015-10-02] () [File not signed] S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) S4 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc) S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.) S4 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2016-02-06] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2016-02-06] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [24688 2016-02-06] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 mfeaack01; \Device\mfeaack01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-06 17:22 - 2016-02-06 17:23 - 00028174 _____ C:\Users\r\Desktop\FRST.txt 2016-02-06 17:13 - 2016-02-06 17:17 - 00000056 _____ C:\Users\r\Desktop\coach.txt 2016-02-06 15:49 - 2016-02-06 15:49 - 00000000 ___RD C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-02-06 15:16 - 2016-02-06 15:17 - 00001403 _____ C:\Users\r\Desktop\JRT.txt 2016-02-06 15:06 - 2016-02-06 15:06 - 00002220 _____ C:\Users\r\Desktop\AdwCleaner[C1].txt 2016-02-06 15:03 - 2016-02-06 15:05 - 00000000 ____D C:\AdwCleaner 2016-02-06 15:03 - 2016-02-06 15:03 - 00001313 _____ C:\Users\r\Desktop\mbam.txt 2016-02-06 14:50 - 2016-02-06 14:50 - 00014194 _____ C:\Users\r\Desktop\rkillog.txt 2016-02-06 14:30 - 2016-02-06 14:50 - 00000000 ____D C:\ProgramData\RogueKiller 2016-02-06 14:30 - 2016-02-06 14:30 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-02-06 14:28 - 2016-02-06 14:28 - 20943432 _____ C:\Users\r\Desktop\RogueKiller.exe 2016-02-06 14:28 - 2016-02-06 14:28 - 01609032 _____ (Malwarebytes) C:\Users\r\Desktop\JRT.exe 2016-02-06 14:28 - 2016-02-06 14:28 - 01508352 _____ C:\Users\r\Desktop\adwcleaner_5.032.exe 2016-02-06 10:54 - 2016-02-06 17:22 - 00000000 ____D C:\FRST 2016-02-06 10:54 - 2016-02-06 10:54 - 02370560 _____ (Farbar) C:\Users\r\Desktop\FRST64.exe 2016-02-06 10:23 - 2016-02-06 10:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-02-06 10:21 - 2016-02-06 17:22 - 00000000 ____D C:\Program Installers 2016-02-06 10:09 - 2016-02-06 17:15 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2016-02-06 10:09 - 2016-02-06 10:09 - 00001888 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk 2016-02-06 10:09 - 2016-02-06 10:09 - 00000000 ____D C:\Windows\System32\Tasks\COMODO 2016-02-06 10:09 - 2016-02-06 10:09 - 00000000 ____D C:\ProgramData\Shared Space 2016-02-06 10:09 - 2016-02-06 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-02-06 10:09 - 2016-02-06 10:09 - 00000000 ____D C:\Program Files\COMODO 2016-02-06 10:08 - 2016-02-06 10:08 - 00000000 ____D C:\ProgramData\Comodo Downloader 2016-02-06 10:06 - 2016-02-06 10:06 - 00000000 ____D C:\ProgramData\ANDREA VACONDIO 2016-02-06 10:03 - 2016-02-06 10:09 - 00000000 ____D C:\ProgramData\Comodo 2016-02-06 10:02 - 2016-02-06 10:02 - 217812536 _____ (COMODO) C:\Users\r\Downloads\cav_installer_5951_60.exe 2016-02-06 09:59 - 2015-12-08 22:39 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-02-04 23:30 - 2016-02-04 23:30 - 00000000 ___RD C:\Users\r\Documents\RocketLifeNetwork 2016-02-04 23:14 - 2016-02-06 16:56 - 00000388 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2016-02-04 23:14 - 2016-02-04 23:30 - 00003358 _____ C:\Windows\System32\Tasks\HP Photo Creations Communicator 2016-02-04 23:14 - 2016-02-04 23:30 - 00000000 ____D C:\Users\r\AppData\Roaming\Visan 2016-02-04 23:14 - 2016-02-04 23:29 - 00001973 _____ C:\Users\r\Desktop\HP Photo Creations.lnk 2016-02-04 23:14 - 2016-02-04 23:29 - 00000000 ____D C:\Users\r\AppData\Roaming\HP Photo Creations 2016-02-04 23:14 - 2016-02-04 23:14 - 00000000 ____D C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2016-02-04 21:37 - 2016-02-04 21:37 - 00002349 _____ C:\Users\Public\Desktop\Add a Device - All-In-One Series.lnk 2016-02-04 19:41 - 2016-02-04 19:41 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk 2016-02-04 19:40 - 2016-02-04 19:40 - 00001179 _____ C:\Users\Public\Desktop\Shop for HP Supplies.lnk 2016-02-04 19:25 - 2016-01-30 00:04 - 00189969 ____N C:\Windows\hpoins18.dat.temp 2016-02-04 19:25 - 2012-10-14 11:32 - 00006071 ____N C:\Windows\hpomdl18.dat.temp 2016-02-04 19:20 - 2016-02-04 19:20 - 02474920 _____ C:\Users\r\Downloads\hppiw.exe 2016-02-04 18:55 - 2016-02-04 18:55 - 00000000 ____D C:\Windows\LastGood 2016-02-04 15:31 - 2016-02-04 15:31 - 07384608 _____ C:\Users\r\Downloads\HPPSdr.exe 2016-02-04 15:22 - 2016-02-04 15:33 - 02444958 _____ C:\Users\r\AppData\Local[j0002]-[p01].bmp 2016-02-04 15:22 - 2016-02-04 15:23 - 02444958 _____ C:\Users\r\AppData\Local[j0002]-[p02].bmp 2016-02-04 14:28 - 2016-02-04 14:28 - 02444958 _____ C:\Users\r\AppData\Local[j0006]-[p02].bmp 2016-02-04 14:28 - 2016-02-04 14:28 - 02444958 _____ C:\Users\r\AppData\Local[j0006]-[p01].bmp 2016-02-03 13:42 - 2016-02-03 13:42 - 02993905 _____ C:\Users\r\Downloads\gw-weekly-ad-557f3d(1).pdf 2016-02-01 15:37 - 2016-02-01 15:37 - 00000000 ____T C:\Users\r\Desktop\WW coupon.prn 2016-01-31 17:51 - 2016-01-31 17:51 - 02993905 _____ C:\Users\r\Downloads\gw-weekly-ad-557f3d.pdf 2016-01-31 14:25 - 2016-01-31 14:25 - 00000000 ____D C:\Users\r\AppData\Local\HP 2016-01-30 00:06 - 2016-01-31 14:25 - 00000000 ____D C:\Users\r\AppData\Roaming\HP 2016-01-30 00:06 - 2016-01-30 00:06 - 00000000 ____D C:\ProgramData\WEBREG 2016-01-29 23:57 - 2016-02-06 00:22 - 00000000 ____D C:\Users\r\AppData\Roaming\HpUpdate 2016-01-29 23:56 - 2016-02-04 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2016-01-29 23:56 - 2016-01-29 23:56 - 00001343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk 2016-01-29 23:56 - 2016-01-29 23:56 - 00001337 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2016-01-29 23:56 - 2016-01-29 23:56 - 00000000 ____D C:\Windows\SysWOW64\spool 2016-01-29 23:56 - 2016-01-29 23:56 - 00000000 ____D C:\ProgramData\HP Product Assistant 2016-01-29 23:54 - 2016-02-04 19:40 - 00000000 ____D C:\Program Files (x86)\HP 2016-01-29 23:54 - 2016-01-29 23:54 - 00000000 ____D C:\Windows\LastGood.Tmp 2016-01-29 23:47 - 2016-02-04 21:37 - 00190089 _____ C:\Windows\hpoins18.dat 2016-01-29 23:47 - 2016-02-04 20:35 - 00000000 ____D C:\ProgramData\HP 2016-01-29 23:47 - 2012-10-14 11:32 - 00006071 ____N C:\Windows\hpomdl18.dat 2016-01-29 23:47 - 2012-08-21 01:56 - 01421312 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotiop1.dll 2016-01-29 23:46 - 2016-01-29 23:46 - 00000000 ____D C:\Users\r\AppData\Roaming\Hewlett-Packard 2016-01-29 23:42 - 2016-01-30 00:10 - 00000000 ____D C:\Users\r\AppData\Local\Hewlett-Packard 2016-01-29 23:42 - 2016-01-29 23:42 - 00000000 ____D C:\Users\r\Downloads\HP Downloads 2016-01-29 23:39 - 2016-01-29 23:39 - 00002249 _____ C:\Users\r\Desktop\HP Support Assistant.lnk 2016-01-29 23:39 - 2016-01-29 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2016-01-29 23:38 - 2016-01-29 23:38 - 00000000 ____D C:\Users\r\AppData\Roaming\hpqLog 2016-01-29 23:38 - 2016-01-29 23:38 - 00000000 ____D C:\System.sav 2016-01-29 23:37 - 2016-01-29 23:38 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-01-29 23:37 - 2016-01-29 23:37 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2016-01-29 23:36 - 2016-01-29 23:36 - 03762808 _____ (Oleg N. Scherbakov) C:\Users\r\Downloads\HPSupportSolutionsFramework-12.0.30.473.exe 2016-01-28 23:37 - 2016-02-01 14:43 - 00000000 ____D C:\Users\r\Desktop\house 2016-01-28 21:07 - 2016-01-28 21:09 - 00000000 ____D C:\Users\r\Desktop\2016-01-28 driverslice 2016-01-28 14:02 - 2016-01-28 14:02 - 00003326 _____ C:\Windows\System32\Tasks\PCDDataUploadTask 2016-01-28 14:02 - 2016-01-28 14:02 - 00003202 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2016-01-28 14:02 - 2016-01-28 14:02 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2016-01-28 14:02 - 2016-01-28 14:02 - 00000000 ____D C:\Program Files\Dell Support Center 2016-01-27 17:43 - 2016-02-03 17:43 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software 2016-01-27 17:43 - 2016-01-27 17:43 - 00001308 _____ C:\Users\Public\Desktop\NCH Suite.lnk 2016-01-27 17:43 - 2016-01-27 17:43 - 00001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk 2016-01-27 17:43 - 2016-01-27 17:43 - 00000000 ____D C:\ProgramData\NCH Software 2016-01-27 17:43 - 2016-01-27 17:43 - 00000000 ____D C:\Program Files (x86)\NCH Software 2016-01-27 17:42 - 2016-01-27 17:51 - 00000000 ____D C:\Users\r\AppData\Roaming\NCH Software 2016-01-27 17:42 - 2016-01-27 17:42 - 00896256 _____ (NCH Software) C:\Users\r\Downloads\ppadsetup.exe 2016-01-26 14:27 - 2016-01-26 14:27 - 00059746 _____ C:\Users\r\Downloads\Medicaid-VisionCareProvidersDirectory.pdf 2016-01-25 19:54 - 2016-01-25 19:54 - 00000264 _____ C:\Users\r\Desktop\httpenjoycountryfresh.compagescoupons55c-off-16oz-sour-cream-dip-cottage-cheese.URL 2016-01-25 19:49 - 2016-01-25 19:51 - 00000000 ____D C:\Users\r\Downloads\Chelsea.Does.S01E01.Marriage.WebRip.x264-[2Maverick] 2016-01-25 15:25 - 2016-01-25 15:25 - 00047983 _____ C:\Users\r\Downloads\FHA EEM Mortgagee Letter 5-05.pdf 2016-01-24 14:24 - 2016-01-24 14:24 - 00035671 _____ C:\Users\r\Downloads\order_100003943_2016-01-24_09-24-48.pdf 2016-01-24 00:31 - 2016-01-24 00:31 - 00035671 _____ C:\Users\r\Downloads\order_100003943_2016-01-23_19-31-55.pdf 2016-01-23 14:24 - 2016-01-23 14:24 - 00000241 _____ C:\Users\r\Desktop\milk coupon.URL 2016-01-21 17:15 - 2016-01-21 17:15 - 00655957 _____ C:\Users\r\Downloads\TaxReturn(1).pdf 2016-01-21 16:59 - 2016-01-21 16:59 - 00893668 _____ C:\Users\r\Desktop\TaxReturn(1).pdf 2016-01-20 21:56 - 2016-01-23 15:38 - 00010980 _____ C:\Users\r\Documents\bs log.odt 2016-01-20 21:56 - 2016-01-20 21:56 - 00014848 ___SH C:\Users\r\Documents\Thumbs.db 2016-01-20 21:45 - 2016-01-20 21:45 - 00000031 _____ C:\Users\r\Desktop\bs log.txt 2016-01-20 03:39 - 2016-01-20 03:39 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-01-19 22:20 - 2016-01-19 22:20 - 01682783 _____ C:\Users\r\Downloads\woodlands_siteplan.pdf 2016-01-19 09:56 - 2016-01-19 09:56 - 00011193 _____ C:\Users\r\Downloads\Sample_Letter_Rent_Increase_or_Rule_Change.pdf 2016-01-18 15:15 - 2016-01-18 15:15 - 00000000 ____D C:\ProgramData\Western Digital 2016-01-18 15:15 - 2016-01-18 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2016-01-18 15:14 - 2016-01-18 15:14 - 00000000 ____D C:\Program Files (x86)\Western Digital 2016-01-18 14:15 - 2016-01-18 14:15 - 00000000 ____D C:\Users\r\AppData\Roaming\Hard Disk Sentinel 2016-01-18 14:14 - 2016-01-19 00:00 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel 2016-01-18 14:14 - 2016-01-18 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel 2016-01-18 14:07 - 2016-01-18 14:08 - 20097096 _____ C:\Users\r\Downloads\hdsentinel_setup.zip 2016-01-18 13:52 - 2016-01-18 13:53 - 00000136 _____ C:\Windows\ODBC.INI 2016-01-13 17:19 - 2016-01-13 17:19 - 00648225 _____ C:\Users\r\Downloads\mshda_successful_lenders_list_165180_7.pdf 2016-01-13 17:15 - 2016-01-13 17:15 - 04989036 _____ C:\Users\r\Downloads\RD-DirectLimitMap.pdf 2016-01-13 16:18 - 2016-01-13 16:18 - 00085856 _____ C:\Users\r\Downloads\Map Michigan - SFH Offices.pdf 2016-01-13 16:02 - 2016-01-13 16:02 - 00138629 _____ C:\Users\r\Downloads\mshda_list_of_targeted_areas_230532_7.pdf 2016-01-13 06:44 - 2015-12-10 23:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-13 06:44 - 2015-12-10 23:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-13 06:44 - 2015-12-10 22:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-13 06:44 - 2015-12-10 22:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-13 06:44 - 2015-12-10 22:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-13 06:44 - 2015-12-10 22:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-13 06:44 - 2015-12-10 22:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-13 06:44 - 2015-12-10 22:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-01-13 06:44 - 2015-12-10 22:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-13 06:44 - 2015-12-10 22:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-13 06:44 - 2015-12-10 21:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-13 06:44 - 2015-12-10 21:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-13 06:44 - 2015-12-10 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-01-13 06:44 - 2015-12-10 21:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-13 06:44 - 2015-12-10 21:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-13 06:44 - 2015-12-10 21:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-13 06:44 - 2015-12-10 21:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-13 06:44 - 2015-12-10 21:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-01-13 06:44 - 2015-12-10 21:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-13 06:44 - 2015-12-10 21:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-13 06:44 - 2015-12-10 21:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-01-13 06:43 - 2015-12-30 14:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-13 06:43 - 2015-12-30 14:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-01-13 06:43 - 2015-12-30 14:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-01-13 06:43 - 2015-12-08 14:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-13 06:43 - 2015-12-08 14:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-13 06:43 - 2015-12-07 05:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01798480 ____C (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-13 06:43 - 2015-12-04 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-13 06:43 - 2015-12-03 14:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-01-13 06:43 - 2015-12-03 14:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-01-13 06:43 - 2015-12-03 14:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-01-13 06:43 - 2015-12-03 14:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2016-01-13 06:43 - 2015-12-03 14:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-01-13 06:43 - 2015-12-03 13:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-01-13 06:43 - 2015-12-03 13:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-01-13 06:43 - 2015-12-03 13:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2016-01-13 06:43 - 2015-12-03 13:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-01-13 06:43 - 2015-12-03 13:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-01-13 06:43 - 2015-12-03 13:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-13 06:43 - 2015-12-03 13:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-13 06:43 - 2015-12-03 13:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-13 06:43 - 2015-12-03 13:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-13 06:43 - 2015-12-03 13:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-13 06:43 - 2015-12-03 12:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-01-13 06:43 - 2015-12-03 12:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-01-13 06:43 - 2015-12-03 12:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-13 06:43 - 2015-12-03 12:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-13 06:43 - 2015-12-03 12:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-13 06:43 - 2015-12-03 12:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-13 06:43 - 2015-12-03 12:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-13 06:43 - 2015-12-03 12:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-13 06:43 - 2015-12-03 12:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-13 06:43 - 2015-12-03 12:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-01-13 06:43 - 2015-12-03 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-01-13 06:43 - 2015-12-03 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-01-13 06:43 - 2015-12-03 12:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-13 06:43 - 2015-12-03 12:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-13 06:43 - 2015-12-03 11:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-01-13 06:43 - 2015-12-03 11:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-13 06:43 - 2015-12-03 11:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-13 06:43 - 2015-12-02 10:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-13 06:43 - 2015-12-02 10:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-12 20:43 - 2016-01-12 20:43 - 01128231 _____ C:\Users\r\Downloads\nuvola_tb-1.37-tb.xpi 2016-01-12 20:41 - 2016-01-12 20:42 - 01130373 _____ C:\Users\r\Downloads\nuvola_tb-1.38.0.1-tb(1).xpi 2016-01-12 20:39 - 2016-01-12 20:39 - 01130373 _____ C:\Users\r\Downloads\nuvola_tb-1.38.0.1-tb.xpi 2016-01-11 14:00 - 2016-01-11 14:00 - 00013113 _____ C:\Users\r\Desktop\806751criminal-cic.pdf 2016-01-11 14:00 - 2016-01-11 14:00 - 00010411 _____ C:\Users\r\Desktop\806751eviction-cic.pdf 2016-01-11 13:55 - 2016-01-11 13:55 - 00025839 _____ C:\Users\r\Desktop\806751credit-connect.pdf 2016-01-10 21:33 - 2016-01-10 21:33 - 00917693 _____ C:\Users\r\Downloads\TaxReturn.pdf 2016-01-10 12:59 - 2016-01-10 12:59 - 01566179 _____ C:\Users\r\Desktop\enigmail-1.8.2-sm+tb.xpi 2016-01-09 18:50 - 2016-01-09 18:50 - 00000000 ____D C:\Users\r\AppData\Roaming\Nitro 2016-01-09 18:49 - 2016-01-10 18:26 - 00000000 ____D C:\Program Files\Nitro 2016-01-09 18:49 - 2016-01-09 18:49 - 00000000 ____D C:\Users\r\AppData\Roaming\Downloaded Installations 2016-01-09 18:49 - 2016-01-09 18:49 - 00000000 ____D C:\ProgramData\Nitro 2016-01-09 18:48 - 2016-01-09 18:48 - 01932688 _____ (Nitro) C:\Users\r\Downloads\nitro_pro10.exe 2016-01-09 16:54 - 2016-01-09 16:54 - 00483185 _____ C:\Users\r\Downloads\pdfsam-1.1.0-tutorial(2).pdf 2016-01-09 16:24 - 2016-01-09 16:24 - 00483185 _____ C:\Users\r\Downloads\pdfsam-1.1.0-tutorial(1).pdf 2016-01-09 16:14 - 2016-01-09 16:14 - 00483185 _____ C:\Users\r\Downloads\pdfsam-1.1.0-tutorial.pdf 2016-01-09 16:06 - 2016-01-09 16:17 - 00000000 ____D C:\Users\r\AppData\Roaming\PDFsam Enhanced 2016-01-09 16:04 - 2016-02-06 10:07 - 00000000 ____D C:\ProgramData\PDFsam Enhanced 2016-01-09 16:04 - 2016-01-26 12:48 - 00000000 ____D C:\ProgramData\Oracle 2016-01-09 16:04 - 2016-01-26 05:36 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-01-09 16:04 - 2016-01-26 05:36 - 00000000 ____D C:\Users\r\.oracle_jre_usage 2016-01-09 16:04 - 2016-01-26 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-01-09 16:04 - 2016-01-26 05:36 - 00000000 ____D C:\Program Files\Java 2016-01-09 16:04 - 2016-01-09 16:04 - 00000000 ____D C:\Users\r\AppData\Roaming\Sun 2016-01-09 16:04 - 2016-01-09 16:04 - 00000000 ____D C:\Users\r\AppData\LocalLow\Sun 2016-01-09 16:04 - 2016-01-09 16:04 - 00000000 ____D C:\Users\r\AppData\LocalLow\Oracle 2016-01-09 16:03 - 2016-01-09 16:03 - 16082432 _____ C:\Users\r\Downloads\pdfsam-v3.0.1.RELEASE.msi 2016-01-09 16:03 - 2016-01-09 16:03 - 05399928 _____ (PDFsam) C:\Users\r\Downloads\PDFsam_Basic_Installer.exe 2016-01-09 15:02 - 2016-02-04 19:00 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-01-09 15:01 - 2016-01-09 15:01 - 00927824 _____ (Google Inc.) C:\Users\r\Downloads\ChromeSetup.exe 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\skin 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\lightning-en-US 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\lightning 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\icons 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\calendar-en-US 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\calendar 2016-01-09 14:43 - 2016-01-29 23:58 - 00000000 ____D C:\Users\r\AppData\Local\Foxit Reader 2016-01-09 14:39 - 2016-01-09 14:39 - 00001373 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2016-01-09 14:39 - 2016-01-09 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2016-01-09 14:38 - 2016-01-09 14:38 - 39170360 _____ (Foxit Software Inc. ) C:\Users\r\Downloads\FoxitReader728.1124_prom_enu_Setup.exe 2016-01-08 17:45 - 2016-01-09 17:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-01-07 15:52 - 2016-01-31 15:51 - 00000000 ____D C:\Users\r\Desktop\Papers 2016-01-07 14:41 - 2016-01-07 14:42 - 00018925 _____ C:\Users\r\Downloads\Statement(2).pdf 2016-01-07 14:39 - 2016-01-07 14:39 - 00019158 _____ C:\Users\r\Downloads\Statement(1).pdf 2016-01-07 03:14 - 2016-01-26 20:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-06 17:09 - 2015-07-17 20:44 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-06 16:56 - 2015-07-22 21:46 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-02-06 16:39 - 2015-06-25 14:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-06 16:04 - 2015-07-21 19:54 - 00000000 ____D C:\Users\r\AppData\LocalLow\LastPass 2016-02-06 15:53 - 2015-06-23 18:42 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4097768012-1274822476-2557327463-1001 2016-02-06 15:48 - 2015-07-22 21:46 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-02-06 15:48 - 2015-07-17 20:44 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-06 15:48 - 2015-06-23 18:38 - 00000000 __RDO C:\Users\r\OneDrive 2016-02-06 15:38 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf 2016-02-06 15:27 - 2014-11-20 23:42 - 01162822 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-06 15:23 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-06 15:02 - 2015-06-24 14:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-02-06 13:33 - 2015-07-11 16:50 - 00380416 ___SH C:\Users\r\Downloads\Thumbs.db 2016-02-06 13:00 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-06 13:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness 2016-02-06 12:00 - 2015-07-22 22:14 - 00000000 ___RD C:\Users\r\Dropbox 2016-02-06 12:00 - 2015-07-22 21:46 - 00000000 ____D C:\Users\r\AppData\Local\Dropbox 2016-02-06 10:43 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\Offline Web Pages 2016-02-06 10:23 - 2015-10-02 19:18 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-02-06 10:23 - 2015-06-24 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-02-06 10:23 - 2015-06-24 14:00 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-02-06 10:23 - 2015-06-24 14:00 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-02-06 10:23 - 2015-06-24 14:00 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-02-06 10:03 - 2015-05-14 01:13 - 00000000 ____D C:\ProgramData\McAfee 2016-02-06 09:47 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-02-06 09:46 - 2015-07-03 01:22 - 00000000 ____D C:\Windows\System32\Tasks\McAfee 2016-02-06 09:46 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2016-02-06 09:46 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2016-02-06 02:05 - 2015-06-24 15:12 - 00000000 ____D C:\Users\r\AppData\Local\Adobe 2016-02-04 23:26 - 2015-09-08 17:26 - 00000000 ____D C:\Users\r\Desktop\torrents 2016-02-04 23:26 - 2015-07-15 15:05 - 00000000 ____D C:\Users\r\Desktop\Random pics 2016-02-04 23:26 - 2015-07-03 16:53 - 00000000 ____D C:\Users\r\Desktop\cleaners 2016-02-04 20:33 - 2013-08-22 08:25 - 00000127 _____ C:\Windows\win.ini 2016-02-04 15:55 - 2015-06-24 17:27 - 00000000 ____D C:\Users\r\AppData\Local\CrashDumps 2016-02-04 15:24 - 2015-05-14 01:11 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-02-04 10:15 - 2015-07-10 15:24 - 00000000 ____D C:\Users\r\Desktop\wallpaper 2016-02-03 19:58 - 2015-12-20 13:54 - 00000000 ____D C:\Users\r\Downloads\Trainwreck 2015 UNRATED 1080p BluRay x264 DTS-JYK 2016-02-01 14:04 - 2015-07-17 20:44 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-01 14:04 - 2015-07-17 20:44 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-01-31 23:49 - 2015-07-03 01:10 - 00740352 ___SH C:\Users\r\Desktop\Thumbs.db 2016-01-30 00:01 - 2013-08-22 09:44 - 00377616 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-29 23:39 - 2015-05-14 01:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-01-29 23:38 - 2015-06-23 18:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2016-01-29 15:09 - 2015-06-24 18:03 - 00000000 ____D C:\ProgramData\SupportAssistAgent 2016-01-28 20:45 - 2015-06-23 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-28 20:31 - 2015-06-24 16:34 - 00000000 ____D C:\Users\r\AppData\Roaming\Azureus 2016-01-28 16:30 - 2015-06-23 19:55 - 00000000 ____D C:\Users\r\Desktop\Chase ETC 2016-01-28 14:02 - 2015-05-14 01:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-01-28 14:02 - 2015-05-14 01:10 - 00000000 ____D C:\ProgramData\PCDr 2016-01-26 15:47 - 2015-07-03 15:28 - 00000000 ____D C:\Users\r\Desktop\dr info 2016-01-25 19:48 - 2015-06-24 16:34 - 00001812 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk 2016-01-25 19:48 - 2015-06-24 16:34 - 00000000 ____D C:\Program Files\Vuze 2016-01-20 03:39 - 2015-06-25 14:51 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-18 15:14 - 2015-06-24 15:16 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-18 13:52 - 2015-06-23 22:17 - 00000000 ____D C:\ProgramData\SoftThinks 2016-01-18 13:49 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-01-16 18:02 - 2015-07-10 18:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-16 18:02 - 2015-07-10 18:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-14 15:17 - 2015-06-24 12:02 - 00000000 ____D C:\Users\r\Desktop\Lease 2015 2016-01-13 17:54 - 2015-07-10 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-13 17:54 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp 2016-01-13 17:52 - 2015-06-26 04:39 - 00000000 ____D C:\Windows\system32\MRT 2016-01-13 17:50 - 2015-06-26 04:39 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-01-12 20:55 - 2015-06-23 18:47 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-12 20:55 - 2015-06-23 18:47 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-01-09 16:04 - 2015-06-23 18:34 - 00000000 ____D C:\Users\r 2016-01-09 15:49 - 2015-10-24 12:54 - 00000000 ____D C:\Users\r\AppData\Local\ElevatedDiagnostics 2016-01-09 15:02 - 2015-07-03 18:23 - 00000000 ____D C:\Users\r\AppData\Local\Google 2016-01-09 15:01 - 2015-07-03 18:23 - 00000000 ____D C:\Program Files (x86)\Google 2016-01-09 14:40 - 2015-07-14 12:38 - 00000000 ____D C:\Users\r\AppData\Roaming\Foxit Software 2016-01-09 14:39 - 2016-01-02 20:53 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2016-01-09 14:39 - 2015-07-14 12:37 - 00000000 ____D C:\Users\Public\Foxit Software ==================== Files in the root of some directories ======= 2015-09-17 16:04 - 2015-04-13 14:56 - 0016659 _____ () C:\Program Files\AUTHORS.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0861120 _____ () C:\Program Files\axvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000294 _____ () C:\Program Files\axvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0018092 _____ () C:\Program Files\COPYING.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0143296 _____ () C:\Program Files\libvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000283 _____ () C:\Program Files\libvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 15:00 - 2631616 _____ () C:\Program Files\libvlccore.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0155516 _____ () C:\Program Files\NEWS.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0662464 _____ (VideoLAN) C:\Program Files\npvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000294 _____ () C:\Program Files\npvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0002759 _____ () C:\Program Files\README.txt 2015-09-17 16:04 - 2015-04-13 14:56 - 0005605 _____ () C:\Program Files\THANKS.txt 2015-09-17 16:04 - 2015-04-13 15:00 - 0123840 _____ (VideoLAN) C:\Program Files\vlc-cache-gen.exe 2015-09-17 16:04 - 2015-04-13 14:57 - 0137152 _____ (VideoLAN) C:\Program Files\vlc.exe 2015-09-17 16:04 - 2015-04-13 14:56 - 0000825 _____ () C:\Program Files\vlc.exe.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0073164 _____ () C:\Program Files\vlc.ico 2015-12-13 23:57 - 2015-12-13 23:57 - 0980171 _____ () C:\Users\r\AppData\Local\AVI-Player_724.rar 2015-12-20 13:28 - 2015-12-13 23:57 - 1031205 _____ (Internet Program Installer                                  ) C:\Users\r\AppData\Local\aviplayer_setup.exe 2015-07-09 17:56 - 2015-07-09 17:56 - 0003584 _____ () C:\Users\r\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-30 20:50 - 2015-07-17 11:46 - 0007605 _____ () C:\Users\r\AppData\Local\Resmon.ResmonCfg 2015-05-14 01:01 - 2015-05-14 01:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-29 23:47 - 2016-02-04 21:37 - 0002612 _____ () C:\ProgramData\hpzinstall.log 2015-05-14 01:09 - 2015-05-14 01:10 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-05-14 01:07 - 2015-05-14 01:08 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-05-14 01:08 - 2015-05-14 01:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-05-14 01:09 - 2015-05-14 01:09 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-05-14 01:07 - 2015-05-14 01:07 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\r\AppData\Local\Temp\dbdfcafb-4859-467a-90bf-eff61df40b48.exe C:\Users\r\AppData\Local\Temp\dllnt_dump.dll C:\Users\r\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdlp_v1.dll C:\Users\r\AppData\Local\Temp\HPInstaller.exe C:\Users\r\AppData\Local\Temp\i4jdel0.exe C:\Users\r\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\r\AppData\Local\Temp\McCSPInstall.dll C:\Users\r\AppData\Local\Temp\mccspuninstall.exe C:\Users\r\AppData\Local\Temp\RoboForm-Setup.exe C:\Users\r\AppData\Local\Temp\Second_Life_3_8_3_304115_i686_Setup.exe C:\Users\r\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-30 05:11 ==================== End of FRST.txt ============================ --------------------------------------------------------------------------------------------------------------------------------------------------   Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016 Ran by r (2016-02-06 17:23:39) Running from C:\Users\r\Desktop Windows 8.1 (X64) (2015-06-23 23:35:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4097768012-1274822476-2557327463-500 - Administrator - Disabled) Guest (S-1-5-21-4097768012-1274822476-2557327463-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4097768012-1274822476-2557327463-1003 - Limited - Enabled) r (S-1-5-21-4097768012-1274822476-2557327463-1001 - Administrator - Enabled) => C:\Users\r ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Ad-Aware (HKLM-x32\...\Ad-Aware) (Version:  - Lavasoft) Ad-Aware (x32 Version: 8.1.0 - Lavasoft) Hidden Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden C3100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media) COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.) CompuPic (HKLM-x32\...\CompuPic) (Version:  - ) CompuPic Pro (HKLM-x32\...\CompuPic Pro) (Version:  - ) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.) Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{91E2DDB6-DC13-4585-8A10-04C6AB6F87A4}) (Version: 3.1.1900.0 - Dell Inc.) Dell Help & Support (HKLM-x32\...\InstallShield_{A00269ED-FD88-4907-834B-60B70DCE82C5}) (Version: 2.0.366.0 - Dell Inc.) Dell Help & Support (Version: 2.0.366.0 - Dell Inc.) Hidden Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell) Dell System Detect (HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\73f463568823ebbe) (Version: 6.5.0.6 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Foxit PhantomPDF Business (HKLM-x32\...\{BC99D091-67DA-419D-BB72-D64B94203917}) (Version: 7.1.5.425 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.) Free AVI Player (HKLM-x32\...\{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}) (Version: 1.00.0000 - Media Freeware) fun village version 1.0 (HKLM-x32\...\{933A0622-99C0-4D66-A354-E1C5CFE7BFB8}_is1) (Version: 1.0 - programcreater) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\HP Photo Creations) (Version: 1.0.0.19662 - HP) HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla) Mozilla Thunderbird 38.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 en-US)) (Version: 38.5.1 - Mozilla) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.76 - NCH Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.8.2.303891 - Linden Research, Inc.) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.41 - Stardock Software, Inc.) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VLC Media Player 2.1.5 Final (HKLM-x32\...\VLC Media Player 2.1.5 Final) (Version:  - ) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.) Vuze (HKLM\...\8461-7759-5462-8226-1) (Version: 5.6.2.0 - Azureus Software, Inc.) WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.) WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1643E503-4DE0-4202-88CD-8271097295F2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-22] (Dropbox, Inc.) Task: {17A5BAC1-0DCD-4E96-A91F-C694FAD2770E} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch Task: {24FBA04A-AF47-4E9C-A72E-BB14800B0B69} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {2A918867-3906-4CDF-B292-7EA5B8E86722} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {2C004B25-8748-4F20-9515-4CD8AD9F8FAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {30D4018B-AE40-4E25-A98A-5ADC2B4D1837} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-18] (Siber Systems) Task: {41E88120-C4DF-4CCF-A111-A9AA4F14D951} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated) Task: {42DA5CD5-047F-4A41-8227-8C8A4FE7E7A2} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO) Task: {4AF8F9DA-A565-478A-AB60-FC666FEE340E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01] (Lavasoft) Task: {4BFF6BD3-FA95-45BC-991E-98A8B1C5120F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.) Task: {4C1FD6B8-5A19-4BE4-A268-DBBE7BE070A5} - System32\Tasks\{4FD0F0C5-AB4E-47A8-AA42-A27F5368C875} => pcalua.exe -a C:\Users\r\Downloads\cpro32_623_1364.exe -d C:\Users\r\Downloads Task: {5259BB8E-2F13-4E15-80D6-306DF981C749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {5D57F43B-7960-4092-BACD-938CB3388355} - System32\Tasks\{6396FF8E-6879-411C-8094-3FFCD3DAD884} => pcalua.exe -a F:\cpro32.exe -d F:\ Task: {83622306-3EE2-44C2-83A2-EDBD46338387} - System32\Tasks\HP Photo Creations Communicator => C:\Users\r\AppData\Roaming\HP Photo Creations\Communicator.exe [2016-02-04] () Task: {84173F62-DA68-4C3A-A774-DCF1A85F360F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-becky7234@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated) Task: {9526B327-6E62-474B-AB98-DDF47DBDD66B} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJJMMJHMIMIMIMIMCNKMNJIMIMCNLMMJLJIMCNOJIMLJOMCNOJIMOJOMPMHMJJKMLMKMKMOMJNJICMIMCNOMCNMMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNIJNKJCMJNNICMJNDJCMKJBJ" Task: {97591E23-DD62-4419-8D8E-F8913B74560F} - System32\Tasks\Dell\Dell Product Registration Update => /updatecheck /LSRC=autolaunch Task: {A6926E1A-D409-4ACF-BA8C-DBB09F772F5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {B4F20F09-FF99-4560-B2B8-69A3B86FC221} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company) Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {C70BE064-CECB-4858-A648-41F0AD76846B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {C7B8C069-EC57-4525-92D3-0D73535C8693} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {CBDAC909-72D8-4E64-B33F-7D0B12424851} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-22] (Dropbox, Inc.) Task: {D1E6C94B-2B23-439A-B5B2-6628001CA107} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {D35618E4-E825-4BAB-9CBA-5D5E0312DBD7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJJMMJHMIMIMIMIMCNKMNJIMIMCNLMMJLJIMCNOJIMLJOMCNOJIMOJOMPMHMJJKMLMKMKMOMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMHMKMJNHICMEKMICNJJCKJNBJCMJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMJMMMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ" Task: {D89454C7-3897-4471-B4BB-998ECEA5C5FF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation) Task: {E07F8A45-F6E5-4EE0-871C-814C5B0DFCA2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {E1283E54-716C-4AE9-BF2C-B486187F5D38} - System32\Tasks\{EC08A0C7-52EA-4871-AF66-D75A55D1E04B} => pcalua.exe -a C:\Users\r\Downloads\cpic32_623_1364.exe -d C:\Users\r\Downloads Task: {E5D12C1A-E446-4143-A4BD-19C36CD2B882} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {E939FBDE-A9D3-440A-8AF2-733816C015BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {F1F9067B-CAF7-4BB6-9BE2-E2D642DCD9B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {F6B34F00-5D20-4CF0-A130-11AEBFB78972} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {FB274B0F-F9D4-4B80-9015-044D6C92C1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\r\AppData\Roaming\HP Photo Creations\Communicator.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-22 00:02 - 2015-07-22 00:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2013-09-04 23:20 - 2013-09-04 23:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-04 23:24 - 2013-09-04 23:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-01-08 22:02 - 2015-01-08 22:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2016-01-04 16:23 - 2016-01-04 16:23 - 01114648 _____ () C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll 2015-05-14 01:07 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2016-01-08 17:45 - 2016-01-08 17:45 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2016-01-08 17:45 - 2016-01-08 17:45 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Users\r\Desktop\adwcleaner_5.032.exe:$CmdTcID AlternateDataStreams: C:\Users\r\Desktop\adwcleaner_5.032.exe:$CmdZnID AlternateDataStreams: C:\Users\r\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\r\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\r\Desktop\RogueKiller.exe:$CmdZnID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2016-02-06 10:04 - 00000832 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\r\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 75.75.76.76 - 75.75.75.75 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: Dell Customer Connect => 2 MSCONFIG\Services: Dell Foundation Services => 2 MSCONFIG\Services: Dell Help & Support => 2 MSCONFIG\Services: DellDataVault => 2 MSCONFIG\Services: DellDataVaultWiz => 2 MSCONFIG\Services: DellProdRegManager => 3 MSCONFIG\Services: DellUpdate => 2 MSCONFIG\Services: HomeNetSvc => 2 MSCONFIG\Services: Lavasoft Ad-Aware Service => 3 MSCONFIG\Services: McAfee SiteAdvisor Service => 2 MSCONFIG\Services: McAWFwk => 3 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: mccspsvc => 2 MSCONFIG\Services: McNaiAnn => 3 MSCONFIG\Services: McODS => 3 MSCONFIG\Services: mcpltsvc => 3 MSCONFIG\Services: McProxy => 3 MSCONFIG\Services: MSK80Service => 2 MSCONFIG\Services: PDFsam Enhanced => 3 MSCONFIG\Services: PDFsam Enhanced CrashHandler => 3 MSCONFIG\Services: PDFsam Enhanced Creator => 2 MSCONFIG\Services: PDFsam Manager => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: RtkAudioService => 2 MSCONFIG\Services: ScsiAccess => 2 MSCONFIG\Services: SftService => 2 MSCONFIG\Services: Start8 => 2 MSCONFIG\Services: SupportAssistAgent => 2 MSCONFIG\Services: TeamViewer => 2 HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "DropboxOEM" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper" HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\StartupApproved\Run: => "BingSvc" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{51EC3F36-4DA8-4800-891C-A7E7CC4299F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{B6F98FB6-4031-4B18-A2E6-EDFCA5A1E36F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{14CE3398-5E0C-41AB-87BB-8FE5913DE604}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1A159B7A-432F-4977-BD55-87A91BDF56D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{962AB04C-32DC-47D6-8B46-8DEEB96DFD0F}] => (Allow) C:\Users\r\AppData\Local\Temp\nsv8703.tmp\Installer-76253084.exe FirewallRules: [{18468981-E613-47A0-9482-51D505876D16}] => (Allow) C:\Users\r\AppData\Local\Temp\nsv8703.tmp\Installer-76253084.exe FirewallRules: [{D524603D-9537-4D47-8885-7566815E61AF}] => (Allow) C:\Users\r\AppData\Local\Temp\nsn2643.tmp\Installer-76253084.exe FirewallRules: [{1AFE0555-9DE8-48E3-8DF4-2ACADC3B28E8}] => (Allow) C:\Users\r\AppData\Local\Temp\nsn2643.tmp\Installer-76253084.exe FirewallRules: [{DF2CA2A6-6A53-4A4B-85EC-DF3366B7A0BE}] => (Allow) F:\Downloads June 2015 to...]\Vuze\Azureus.exe FirewallRules: [{4E263ADD-65BB-4E28-951D-09745179424D}] => (Allow) F:\Downloads June 2015 to...]\Vuze\Azureus.exe FirewallRules: [{4621F2FB-8F49-4D61-A902-112865183ADC}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe FirewallRules: [{36980A12-564C-4ED0-A4CA-FFBD79FECB90}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe FirewallRules: [{B8B98331-1B5E-43B7-B77F-939908B56BA4}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe FirewallRules: [{52C5160C-7D6A-4D4C-84C4-9F7C4B6C6C97}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7CD1B66F-2BA9-4F76-9920-44DA432E206C}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{6065F500-5656-42BB-8C04-1AA619B951D1}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{742EB319-36F0-4ABD-8AAA-5F00E02C1A23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{451CA570-BA0C-4F5C-AE53-EEADEB4652ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EF205176-8202-472E-A18D-416BCA45F8C7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{538806D6-21D9-43B2-983C-E3A08AD4251C}] => (Allow) F:\Downloads June 2015 to...]\AVI-Player_724-70839030.exe FirewallRules: [{3EE1F596-C231-41F8-8819-E528CF387F1B}] => (Allow) F:\Downloads June 2015 to...]\AVI-Player_724-70839030.exe FirewallRules: [{C09C2E43-E5CE-445A-B032-8339D4B59136}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{91B567EA-C830-4AAB-A94C-781EE9C3F149}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{05BB8AEB-34E2-4AF9-862D-4C5CCC02AAA2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{C5AF79D6-3B07-42A0-9F26-86F868444374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{784F7048-47F0-4902-9CF3-BE698307C7A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{5584567F-977F-4CCF-AFE7-E069757F5989}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{7A03AD63-794A-466C-8F2C-1192D54AC1AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{D104FD7B-1A76-4D9B-9539-0441CE358E83}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A9D16E73-EB8E-4574-B73E-DDE292EFA012}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{E9F16F9B-FF68-4942-A57F-461614EB59F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{6B9B7A6E-6084-49B1-828D-EAF96ACD88E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{915A4BBE-8E5E-4087-A7FE-10C47F826ECA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{859E69F7-D379-4939-A9B3-583EB8DAB425}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{7D5C1A27-932D-47A6-A41D-244494807489}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{111DEF6A-B7EE-4B7F-983A-B7001DB43B97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{6EDEBC10-0BCE-4D10-9942-03AA44BB079C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{E2054E47-AAF9-492F-9F0B-3F494E1DD409}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{FC963E38-8F6B-42E8-A3A8-90FC7FF6168F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{860ABC0D-E6F6-49CA-918F-B16F2559D06F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{95317AEE-4BC1-4976-8375-4833288CE313}] => (Allow) C:\Users\r\AppData\Local\Temp\7zS578E\HPDiagnosticCoreUI.exe FirewallRules: [{1F882AA3-C887-44BC-AA3C-D33FF266ED4B}] => (Allow) C:\Users\r\AppData\Local\Temp\7zS578E\HPDiagnosticCoreUI.exe FirewallRules: [{4C4D31EB-458F-4F8F-BCD6-858A9E82C7E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5D7A6E51-7B29-4128-A948-21B57D709104}] => (Allow) C:\Users\r\AppData\Local\Temp\7zS070B\hppiw.exe FirewallRules: [{AB000502-FA76-480E-AA85-D042554F3087}] => (Allow) C:\Users\r\AppData\Local\Temp\7zS070B\hppiw.exe FirewallRules: [{5CD88139-3643-4050-B645-5FDB5A60ADB2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{2F13BEFE-B126-4774-9944-29244D94A1F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe ==================== Restore Points ========================= 18-01-2016 13:48:47 Removed Microsoft Office 29-01-2016 23:37:10 Installed HP Support Solutions Framework 06-02-2016 10:08:49 Installing COMODO Antivirus 06-02-2016 15:07:47 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Bluetooth Device (Personal Area Network) Description: Bluetooth Device (Personal Area Network) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Dell Wireless 1705 802.11b/g/n (2.4GHZ) Description: Dell Wireless 1705 802.11b/g/n (2.4GHZ) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisEvent" whose target class "CisEvent" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider  attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider  attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored. System errors: ============= Error: (02/06/2016 03:22:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: %%1062 Error: (02/06/2016 03:05:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: %%1062 Error: (02/06/2016 03:05:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/06/2016 03:05:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s). Error: (02/06/2016 03:05:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s). Error: (02/06/2016 03:05:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s). Error: (02/06/2016 03:05:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/06/2016 03:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The WD Drive Manager service terminated unexpectedly.  It has done this 1 time(s). Error: (02/06/2016 03:05:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (02/06/2016 03:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AtherosSvc service terminated unexpectedly.  It has done this 1 time(s). CodeIntegrity: ===================================   Date: 2016-02-06 17:23:45.983   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 15:54:34.463   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 15:38:43.583   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 15:33:38.026   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 15:25:54.988   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 15:17:21.332   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 15:05:00.827   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 14:48:18.082   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 14:37:48.823   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 14:24:51.177   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G3250 @ 3.20GHz Percentage of memory in use: 28% Total physical RAM: 8108.95 MB Available physical RAM: 5758.28 MB Total Virtual: 9388.95 MB Available Virtual: 6375.37 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.39 GB) (Free:862.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 753CDF2B) Partition: GPT. ==================== End of Addition.txt ============================
  3. Ok I have the logs: RogueKiller V11.0.10.0 [Feb  1 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : r [Administrator] Started from : C:\Users\r\Desktop\RogueKiller.exe Mode : Delete -- Date : 02/06/2016 14:49:42 ¤¤¤ Processes : 2 ¤¤¤ [PUP|VT.AdWare.W32.Coupons.w!c] CouponPrinterService.exe(4404) -- C:\Program Files (x86)\Coupons\CouponPrinterService.exe[7] -> Killed [TermProc] [PUP|VT.AdWare.W32.Coupons.w!c] (SVC) CouponPrinterService -- C:\Program Files (x86)\Coupons\CouponPrinterService.exe[7] -> Stopped ¤¤¤ Registry : 6 ¤¤¤ [PUP|VT.AdWare.W32.Coupons.w!c] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CouponPrinterService (C:\Program Files (x86)\Coupons\CouponPrinterService.exe) -> Deleted [PUP|VT.AdWare.W32.Coupons.w!c] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CouponPrinterService (C:\Program Files (x86)\Coupons\CouponPrinterService.exe) -> Deleted [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Not selected [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Not selected [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 7 ¤¤¤ [Hidden.ADS][Stream] C:\WINDOWS:nlsPreferences -> Deleted [PUP][File] C:\Users\r\AppData\Local\Temp\jrt\misc.bat -> Deleted [PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Coupons.com - Print Coupons.lnk [LNK@] C:\PROGRA~2\Coupons\COUPON~1.URL -> Deleted [PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk [LNK@] C:\PROGRA~2\Coupons\UNINST~1.EXE "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml" -> Deleted [PUP][Folder] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075} -> Deleted [PUP][File] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}\DDV.dat -> Deleted [PUP][File] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}\DDV.exe -> Deleted [PUP][File] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}\DDV.lnk -> Deleted [PUP][File] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}\DDV.msi -> Deleted [PUP][File] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}\DDV.par -> Deleted [PUP][File] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}\DDV.res -> Deleted [PUP][File] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}\instance.dat -> Deleted [PUP][File] C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}\mia.lib -> Deleted [PUP][Folder] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} -> Deleted [PUP][File] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}\Ad-AwareAE_Trial.dat -> Deleted [PUP][File] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}\Ad-AwareAE_Trial.exe -> Deleted [PUP][File] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}\Ad-AwareAE_Trial.lan -> Deleted [PUP][File] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}\Ad-AwareAE_Trial.msi -> Deleted [PUP][File] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}\Ad-AwareAE_Trial.par -> Deleted [PUP][File] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}\Ad-AwareAE_Trial.res -> Deleted [PUP][File] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}\instance.dat -> Deleted [PUP][File] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}\mia.lib -> Deleted [PUP][Folder] C:\Program Files (x86)\Coupons -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\CouponPrinterService.exe -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Coupons.ico -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\CouponsDotCom.url -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\license_agreement.html -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\license_agreement.txt -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG1.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG1.JPG -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG10.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG11.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG2.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG2.JPG -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG3.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG3.JPG -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG4.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG4.JPG -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG5.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG5.JPG -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG6.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG7.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG8.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG9.BMP -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRZip.lmd -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\uninstall.dat -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml -> Deleted [PUP][Folder] C:\Program Files (x86)\Coupons\Uninstall -> Deleted [PUP][File] C:\Program Files (x86)\Coupons\uninstall.exe -> Deleted ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-1ER162 +++++ --- User --- [MBR] 5725f48daf040a8daa5eed3ca2b3990b [BSP] 3e8280a392b3ce4e87e28c1f529b9ddc : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB 1 - [HIDDEN!][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB 3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB 4 - Basic data partition | Offset (sectors): 2906112 | Size: 944526 MB 5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1937295360 | Size: 7923 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: HP Photosmart C3140 USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ---------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/6/2016 Scan Time: 2:50 PM Logfile: mbam.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.06.05 Rootkit Database: v2016.01.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: r Scan Type: Threat Scan Result: Completed Objects Scanned: 355341 Time Elapsed: 9 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 RiskWare.DontStealOurSoftware, C:\ProgramData\Comodo\Cis\Quarantine\data\{A8C2BC1D-2022-4A46-9495-70AF041A31D0}, Quarantined, [7d00ee6f3069bb7b7c66b3ec37cd837d], Trojan.Agent, C:\ProgramData\Comodo\Cis\Quarantine\data\{F1B9B671-18EF-49AB-A09A-498972ABF87D}, Quarantined, [3c417be2ff9ad462910268fb74904cb4], Physical Sectors: 0 (No malicious items detected) (end)   ------------------------------------------------------------------------------------------------------ # AdwCleaner v5.032 - Logfile created 06/02/2016 at 15:05:03 # Updated 31/01/2016 by Xplode # Database : 2016-01-25.3 [Local] # Operating system : Windows 8.1  (x64) # Username : r - MYPC # Running from : C:\Users\r\Desktop\adwcleaner_5.032.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [-] Folder Deleted : C:\Windows\SysWOW64\C2MP ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20B9C05C-99C9-4BAB-B596-FB0C0E1C9F55} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6 [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D ***** [ Web browsers ] ***** [-] [C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2133 bytes] ########## ------------------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.2 (01.06.2016) Operating System: Windows 8.1 x64 Ran by r (Administrator) on Sat 02/06/2016 at 15:07:42.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   File System: 5 Successfully deleted: C:\ProgramData\Start Menu\Programs\media freeware (Folder) Successfully deleted: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\bingsearch.full@microsoft.com\search.xml (File) Successfully deleted: C:\Windows\couponprinter.ocx (File) Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task) Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task) Deleted the following from C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\prefs.js user_pref(browser.urlbar.suggest.searches, true);   Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 02/06/2016 at 15:16:11.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~        
  4. So the computer had McAfee , I uninstalled this and installed Comodo. All the while the internet was going off on, I'm wired ethernet. I think there could be some infections in there please have a look. Here is FRST logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016 Ran by r (administrator) on MYPC (06-02-2016 10:55:01) Running from C:\Program Installers Loaded Profiles: r (Available Profiles: r) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Photodex\CompuPicPro\scsiaccess.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-08-17] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] (Qualcomm®Atheros®) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [BingSvc] => C:\Users\r\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-18] (Siber Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-29] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0AFB2531-3F52-4F94-B5DB-9FA0100A878F}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SL5M_FRPage SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> {E7BFD48D-04EE-4CEF-B4FA-51E560A66B44} URL = hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q={searchTerms}&src=IE-SearchBox BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-26] (Oracle Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-18] (Siber Systems Inc.) FireFox: ======== FF ProfilePath: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default FF DefaultSearchEngine: Yahoo FF DefaultSearchEngine.US: Google FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Yahoo FF Homepage: hxxp://google.com FF Session Restore: -> is enabled. FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> F:\VLC\npvlc.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems) FF Plugin HKU\S-1-5-21-4097768012-1274822476-2557327463-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\r\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-06-26] (Coupons, Inc.) FF Extension: InvisibleHand - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi [2015-11-25] FF Extension: Add to Amazon Wish List Button - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\amznUWL2@amazon.com.xpi [2015-11-29] FF Extension: Adblock Plus Pop-up Addon - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-01-03] FF Extension: LastPass - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\support@lastpass.com [2016-01-06] FF Extension: Ebates Cash Back - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-01-22] FF Extension: Bing Search - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\bingsearch.full@microsoft.com [2015-07-21] [not signed] FF Extension: AdBlock for Gmail™ - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\jid1-dswFGkUjb2SIHv@jetpack.xpi [2015-07-11] FF Extension: Adblock Plus - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\sbhzbhbt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-09-18] [not signed] FF HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR Profile: C:\Users\r\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09] CHR Extension: (Google Docs) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09] CHR Extension: (Google Drive) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09] CHR Extension: (YouTube) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09] CHR Extension: (Google Search) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09] CHR Extension: (Google Sheets) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09] CHR Extension: (SiteAdvisor) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-01-09] CHR Extension: (Google Docs Offline) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09] CHR Extension: (Gmail) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows (R) Win 7 DDK provider) [File not signed] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO) R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-22] (Dropbox, Inc.) S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.) S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2015-12-07] (Dell) S4 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-08-24] () S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.) S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.) S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 HPSLPSVC; C:\Users\r\AppData\Local\Temp\7zS070B\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) S4 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1169232 2009-09-24] (Lavasoft) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2016-02-06] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 ScsiAccess; C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe [181312 2015-10-02] () [File not signed] S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) S4 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc) S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.) S4 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2016-02-06] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2016-02-06] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 mfeaack01; \Device\mfeaack01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-06 10:54 - 2016-02-06 10:55 - 00000000 ____D C:\FRST 2016-02-06 10:44 - 2016-02-06 10:44 - 00000000 ___RD C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-02-06 10:23 - 2016-02-06 10:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-02-06 10:21 - 2016-02-06 10:55 - 00000000 ____D C:\Program Installers 2016-02-06 10:09 - 2016-02-06 10:53 - 01010385 _____ C:\Windows\system32\Drivers\sfi.dat 2016-02-06 10:09 - 2016-02-06 10:09 - 00001888 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk 2016-02-06 10:09 - 2016-02-06 10:09 - 00000000 ____D C:\Windows\System32\Tasks\COMODO 2016-02-06 10:09 - 2016-02-06 10:09 - 00000000 ____D C:\ProgramData\Shared Space 2016-02-06 10:09 - 2016-02-06 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-02-06 10:09 - 2016-02-06 10:09 - 00000000 ____D C:\Program Files\COMODO 2016-02-06 10:08 - 2016-02-06 10:08 - 00000000 ____D C:\ProgramData\Comodo Downloader 2016-02-06 10:06 - 2016-02-06 10:06 - 00000000 ____D C:\ProgramData\ANDREA VACONDIO 2016-02-06 10:03 - 2016-02-06 10:09 - 00000000 ____D C:\ProgramData\Comodo 2016-02-06 10:02 - 2016-02-06 10:02 - 217812536 _____ (COMODO) C:\Users\r\Downloads\cav_installer_5951_60.exe 2016-02-06 09:59 - 2015-12-08 22:39 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-02-04 23:30 - 2016-02-04 23:30 - 00000000 ___RD C:\Users\r\Documents\RocketLifeNetwork 2016-02-04 23:14 - 2016-02-06 09:56 - 00000388 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2016-02-04 23:14 - 2016-02-04 23:30 - 00003358 _____ C:\Windows\System32\Tasks\HP Photo Creations Communicator 2016-02-04 23:14 - 2016-02-04 23:30 - 00000000 ____D C:\Users\r\AppData\Roaming\Visan 2016-02-04 23:14 - 2016-02-04 23:29 - 00001973 _____ C:\Users\r\Desktop\HP Photo Creations.lnk 2016-02-04 23:14 - 2016-02-04 23:29 - 00000000 ____D C:\Users\r\AppData\Roaming\HP Photo Creations 2016-02-04 23:14 - 2016-02-04 23:14 - 00000000 ____D C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2016-02-04 21:37 - 2016-02-04 21:37 - 00002349 _____ C:\Users\Public\Desktop\Add a Device - All-In-One Series.lnk 2016-02-04 19:41 - 2016-02-04 19:41 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk 2016-02-04 19:40 - 2016-02-04 19:40 - 00001179 _____ C:\Users\Public\Desktop\Shop for HP Supplies.lnk 2016-02-04 19:25 - 2016-01-30 00:04 - 00189969 ____N C:\Windows\hpoins18.dat.temp 2016-02-04 19:25 - 2012-10-14 11:32 - 00006071 ____N C:\Windows\hpomdl18.dat.temp 2016-02-04 19:20 - 2016-02-04 19:20 - 02474920 _____ C:\Users\r\Downloads\hppiw.exe 2016-02-04 18:55 - 2016-02-04 18:55 - 00000000 ____D C:\Windows\LastGood 2016-02-04 15:31 - 2016-02-04 15:31 - 07384608 _____ C:\Users\r\Downloads\HPPSdr.exe 2016-02-04 15:22 - 2016-02-04 15:33 - 02444958 _____ C:\Users\r\AppData\Local[j0002]-[p01].bmp 2016-02-04 15:22 - 2016-02-04 15:23 - 02444958 _____ C:\Users\r\AppData\Local[j0002]-[p02].bmp 2016-02-04 14:28 - 2016-02-04 14:28 - 02444958 _____ C:\Users\r\AppData\Local[j0006]-[p02].bmp 2016-02-04 14:28 - 2016-02-04 14:28 - 02444958 _____ C:\Users\r\AppData\Local[j0006]-[p01].bmp 2016-02-03 13:42 - 2016-02-03 13:42 - 02993905 _____ C:\Users\r\Downloads\gw-weekly-ad-557f3d(1).pdf 2016-02-01 15:37 - 2016-02-01 15:37 - 00000000 ____T C:\Users\r\Desktop\WW coupon.prn 2016-01-31 17:51 - 2016-01-31 17:51 - 02993905 _____ C:\Users\r\Downloads\gw-weekly-ad-557f3d.pdf 2016-01-31 14:25 - 2016-01-31 14:25 - 00000000 ____D C:\Users\r\AppData\Local\HP 2016-01-30 00:06 - 2016-01-31 14:25 - 00000000 ____D C:\Users\r\AppData\Roaming\HP 2016-01-30 00:06 - 2016-01-30 00:06 - 00000000 ____D C:\ProgramData\WEBREG 2016-01-29 23:57 - 2016-02-06 00:22 - 00000000 ____D C:\Users\r\AppData\Roaming\HpUpdate 2016-01-29 23:56 - 2016-02-04 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2016-01-29 23:56 - 2016-01-29 23:56 - 00001343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk 2016-01-29 23:56 - 2016-01-29 23:56 - 00001337 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2016-01-29 23:56 - 2016-01-29 23:56 - 00000000 ____D C:\Windows\SysWOW64\spool 2016-01-29 23:56 - 2016-01-29 23:56 - 00000000 ____D C:\ProgramData\HP Product Assistant 2016-01-29 23:54 - 2016-02-04 19:40 - 00000000 ____D C:\Program Files (x86)\HP 2016-01-29 23:54 - 2016-01-29 23:54 - 00000000 ____D C:\Windows\LastGood.Tmp 2016-01-29 23:47 - 2016-02-04 21:37 - 00190089 _____ C:\Windows\hpoins18.dat 2016-01-29 23:47 - 2016-02-04 20:35 - 00000000 ____D C:\ProgramData\HP 2016-01-29 23:47 - 2012-10-14 11:32 - 00006071 ____N C:\Windows\hpomdl18.dat 2016-01-29 23:47 - 2012-08-21 01:56 - 01421312 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotiop1.dll 2016-01-29 23:46 - 2016-01-29 23:46 - 00000000 ____D C:\Users\r\AppData\Roaming\Hewlett-Packard 2016-01-29 23:42 - 2016-01-30 00:10 - 00000000 ____D C:\Users\r\AppData\Local\Hewlett-Packard 2016-01-29 23:42 - 2016-01-29 23:42 - 00000000 ____D C:\Users\r\Downloads\HP Downloads 2016-01-29 23:39 - 2016-01-29 23:39 - 00002249 _____ C:\Users\r\Desktop\HP Support Assistant.lnk 2016-01-29 23:39 - 2016-01-29 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2016-01-29 23:38 - 2016-01-29 23:38 - 00000000 ____D C:\Users\r\AppData\Roaming\hpqLog 2016-01-29 23:38 - 2016-01-29 23:38 - 00000000 ____D C:\System.sav 2016-01-29 23:37 - 2016-01-29 23:38 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-01-29 23:37 - 2016-01-29 23:37 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2016-01-29 23:36 - 2016-01-29 23:36 - 03762808 _____ (Oleg N. Scherbakov) C:\Users\r\Downloads\HPSupportSolutionsFramework-12.0.30.473.exe 2016-01-29 15:09 - 2016-01-29 15:09 - 00000000 __HDC C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075} 2016-01-28 23:37 - 2016-02-01 14:43 - 00000000 ____D C:\Users\r\Desktop\house 2016-01-28 21:07 - 2016-01-28 21:09 - 00000000 ____D C:\Users\r\Desktop\2016-01-28 driverslice 2016-01-28 14:02 - 2016-01-28 14:02 - 00004012 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2016-01-28 14:02 - 2016-01-28 14:02 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2016-01-28 14:02 - 2016-01-28 14:02 - 00003326 _____ C:\Windows\System32\Tasks\PCDDataUploadTask 2016-01-28 14:02 - 2016-01-28 14:02 - 00003202 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2016-01-28 14:02 - 2016-01-28 14:02 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2016-01-28 14:02 - 2016-01-28 14:02 - 00000000 ____D C:\Program Files\Dell Support Center 2016-01-27 17:43 - 2016-02-03 17:43 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software 2016-01-27 17:43 - 2016-01-27 17:43 - 00001308 _____ C:\Users\Public\Desktop\NCH Suite.lnk 2016-01-27 17:43 - 2016-01-27 17:43 - 00001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk 2016-01-27 17:43 - 2016-01-27 17:43 - 00000000 ____D C:\ProgramData\NCH Software 2016-01-27 17:43 - 2016-01-27 17:43 - 00000000 ____D C:\Program Files (x86)\NCH Software 2016-01-27 17:42 - 2016-01-27 17:51 - 00000000 ____D C:\Users\r\AppData\Roaming\NCH Software 2016-01-27 17:42 - 2016-01-27 17:42 - 00896256 _____ (NCH Software) C:\Users\r\Downloads\ppadsetup.exe 2016-01-26 14:27 - 2016-01-26 14:27 - 00059746 _____ C:\Users\r\Downloads\Medicaid-VisionCareProvidersDirectory.pdf 2016-01-25 19:54 - 2016-01-25 19:54 - 00000264 _____ C:\Users\r\Desktop\httpenjoycountryfresh.compagescoupons55c-off-16oz-sour-cream-dip-cottage-cheese.URL 2016-01-25 19:49 - 2016-01-25 19:51 - 00000000 ____D C:\Users\r\Downloads\Chelsea.Does.S01E01.Marriage.WebRip.x264-[2Maverick] 2016-01-25 15:25 - 2016-01-25 15:25 - 00047983 _____ C:\Users\r\Downloads\FHA EEM Mortgagee Letter 5-05.pdf 2016-01-24 14:24 - 2016-01-24 14:24 - 00035671 _____ C:\Users\r\Downloads\order_100003943_2016-01-24_09-24-48.pdf 2016-01-24 00:31 - 2016-01-24 00:31 - 00035671 _____ C:\Users\r\Downloads\order_100003943_2016-01-23_19-31-55.pdf 2016-01-23 14:24 - 2016-01-23 14:24 - 00000241 _____ C:\Users\r\Desktop\milk coupon.URL 2016-01-21 17:15 - 2016-01-21 17:15 - 00655957 _____ C:\Users\r\Downloads\TaxReturn(1).pdf 2016-01-21 16:59 - 2016-01-21 16:59 - 00893668 _____ C:\Users\r\Desktop\TaxReturn(1).pdf 2016-01-20 21:56 - 2016-01-23 15:38 - 00010980 _____ C:\Users\r\Documents\bs log.odt 2016-01-20 21:56 - 2016-01-20 21:56 - 00014848 ___SH C:\Users\r\Documents\Thumbs.db 2016-01-20 21:45 - 2016-01-20 21:45 - 00000031 _____ C:\Users\r\Desktop\bs log.txt 2016-01-20 03:39 - 2016-01-20 03:39 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-01-19 22:20 - 2016-01-19 22:20 - 01682783 _____ C:\Users\r\Downloads\woodlands_siteplan.pdf 2016-01-19 09:56 - 2016-01-19 09:56 - 00011193 _____ C:\Users\r\Downloads\Sample_Letter_Rent_Increase_or_Rule_Change.pdf 2016-01-18 15:15 - 2016-01-18 15:15 - 00000000 ____D C:\ProgramData\Western Digital 2016-01-18 15:15 - 2016-01-18 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2016-01-18 15:14 - 2016-01-18 15:14 - 00000000 ____D C:\Program Files (x86)\Western Digital 2016-01-18 14:15 - 2016-01-18 14:15 - 00000000 ____D C:\Users\r\AppData\Roaming\Hard Disk Sentinel 2016-01-18 14:14 - 2016-01-19 00:00 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel 2016-01-18 14:14 - 2016-01-18 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel 2016-01-18 14:07 - 2016-01-18 14:08 - 20097096 _____ C:\Users\r\Downloads\hdsentinel_setup.zip 2016-01-18 13:52 - 2016-01-18 13:53 - 00000136 _____ C:\Windows\ODBC.INI 2016-01-13 17:19 - 2016-01-13 17:19 - 00648225 _____ C:\Users\r\Downloads\mshda_successful_lenders_list_165180_7.pdf 2016-01-13 17:15 - 2016-01-13 17:15 - 04989036 _____ C:\Users\r\Downloads\RD-DirectLimitMap.pdf 2016-01-13 16:18 - 2016-01-13 16:18 - 00085856 _____ C:\Users\r\Downloads\Map Michigan - SFH Offices.pdf 2016-01-13 16:02 - 2016-01-13 16:02 - 00138629 _____ C:\Users\r\Downloads\mshda_list_of_targeted_areas_230532_7.pdf 2016-01-13 06:44 - 2015-12-10 23:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-13 06:44 - 2015-12-10 23:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-13 06:44 - 2015-12-10 22:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-13 06:44 - 2015-12-10 22:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-13 06:44 - 2015-12-10 22:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-13 06:44 - 2015-12-10 22:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-13 06:44 - 2015-12-10 22:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-13 06:44 - 2015-12-10 22:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-01-13 06:44 - 2015-12-10 22:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-13 06:44 - 2015-12-10 22:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-13 06:44 - 2015-12-10 21:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-13 06:44 - 2015-12-10 21:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-13 06:44 - 2015-12-10 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-01-13 06:44 - 2015-12-10 21:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-13 06:44 - 2015-12-10 21:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-13 06:44 - 2015-12-10 21:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-13 06:44 - 2015-12-10 21:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-13 06:44 - 2015-12-10 21:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-01-13 06:44 - 2015-12-10 21:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-13 06:44 - 2015-12-10 21:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-13 06:44 - 2015-12-10 21:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-01-13 06:43 - 2015-12-30 14:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-13 06:43 - 2015-12-30 14:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-01-13 06:43 - 2015-12-30 14:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-01-13 06:43 - 2015-12-08 14:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-13 06:43 - 2015-12-08 14:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-13 06:43 - 2015-12-07 05:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01798480 ____C (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-13 06:43 - 2015-12-05 00:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-13 06:43 - 2015-12-05 00:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-13 06:43 - 2015-12-04 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-13 06:43 - 2015-12-03 14:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-01-13 06:43 - 2015-12-03 14:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-01-13 06:43 - 2015-12-03 14:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-01-13 06:43 - 2015-12-03 14:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2016-01-13 06:43 - 2015-12-03 14:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-01-13 06:43 - 2015-12-03 13:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-01-13 06:43 - 2015-12-03 13:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-01-13 06:43 - 2015-12-03 13:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2016-01-13 06:43 - 2015-12-03 13:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-01-13 06:43 - 2015-12-03 13:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-01-13 06:43 - 2015-12-03 13:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-13 06:43 - 2015-12-03 13:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-13 06:43 - 2015-12-03 13:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-13 06:43 - 2015-12-03 13:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-13 06:43 - 2015-12-03 13:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-13 06:43 - 2015-12-03 12:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-01-13 06:43 - 2015-12-03 12:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-01-13 06:43 - 2015-12-03 12:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-13 06:43 - 2015-12-03 12:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-13 06:43 - 2015-12-03 12:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-13 06:43 - 2015-12-03 12:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-13 06:43 - 2015-12-03 12:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-13 06:43 - 2015-12-03 12:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-13 06:43 - 2015-12-03 12:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-13 06:43 - 2015-12-03 12:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-01-13 06:43 - 2015-12-03 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-01-13 06:43 - 2015-12-03 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-01-13 06:43 - 2015-12-03 12:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-13 06:43 - 2015-12-03 12:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-13 06:43 - 2015-12-03 11:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-01-13 06:43 - 2015-12-03 11:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-13 06:43 - 2015-12-03 11:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-13 06:43 - 2015-12-02 10:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-13 06:43 - 2015-12-02 10:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-12 20:43 - 2016-01-12 20:43 - 01128231 _____ C:\Users\r\Downloads\nuvola_tb-1.37-tb.xpi 2016-01-12 20:41 - 2016-01-12 20:42 - 01130373 _____ C:\Users\r\Downloads\nuvola_tb-1.38.0.1-tb(1).xpi 2016-01-12 20:39 - 2016-01-12 20:39 - 01130373 _____ C:\Users\r\Downloads\nuvola_tb-1.38.0.1-tb.xpi 2016-01-11 14:00 - 2016-01-11 14:00 - 00013113 _____ C:\Users\r\Desktop\806751criminal-cic.pdf 2016-01-11 14:00 - 2016-01-11 14:00 - 00010411 _____ C:\Users\r\Desktop\806751eviction-cic.pdf 2016-01-11 13:55 - 2016-01-11 13:55 - 00025839 _____ C:\Users\r\Desktop\806751credit-connect.pdf 2016-01-10 21:33 - 2016-01-10 21:33 - 00917693 _____ C:\Users\r\Downloads\TaxReturn.pdf 2016-01-10 12:59 - 2016-01-10 12:59 - 01566179 _____ C:\Users\r\Desktop\enigmail-1.8.2-sm+tb.xpi 2016-01-09 18:50 - 2016-01-09 18:50 - 00000000 ____D C:\Users\r\AppData\Roaming\Nitro 2016-01-09 18:49 - 2016-01-10 18:26 - 00000000 ____D C:\Program Files\Nitro 2016-01-09 18:49 - 2016-01-09 18:49 - 00000000 ____D C:\Users\r\AppData\Roaming\Downloaded Installations 2016-01-09 18:49 - 2016-01-09 18:49 - 00000000 ____D C:\ProgramData\Nitro 2016-01-09 18:48 - 2016-01-09 18:48 - 01932688 _____ (Nitro) C:\Users\r\Downloads\nitro_pro10.exe 2016-01-09 16:54 - 2016-01-09 16:54 - 00483185 _____ C:\Users\r\Downloads\pdfsam-1.1.0-tutorial(2).pdf 2016-01-09 16:24 - 2016-01-09 16:24 - 00483185 _____ C:\Users\r\Downloads\pdfsam-1.1.0-tutorial(1).pdf 2016-01-09 16:14 - 2016-01-09 16:14 - 00483185 _____ C:\Users\r\Downloads\pdfsam-1.1.0-tutorial.pdf 2016-01-09 16:06 - 2016-01-09 16:17 - 00000000 ____D C:\Users\r\AppData\Roaming\PDFsam Enhanced 2016-01-09 16:04 - 2016-02-06 10:07 - 00000000 ____D C:\ProgramData\PDFsam Enhanced 2016-01-09 16:04 - 2016-01-26 12:48 - 00000000 ____D C:\ProgramData\Oracle 2016-01-09 16:04 - 2016-01-26 05:36 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-01-09 16:04 - 2016-01-26 05:36 - 00000000 ____D C:\Users\r\.oracle_jre_usage 2016-01-09 16:04 - 2016-01-26 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-01-09 16:04 - 2016-01-26 05:36 - 00000000 ____D C:\Program Files\Java 2016-01-09 16:04 - 2016-01-09 16:04 - 00000000 ____D C:\Users\r\AppData\Roaming\Sun 2016-01-09 16:04 - 2016-01-09 16:04 - 00000000 ____D C:\Users\r\AppData\LocalLow\Sun 2016-01-09 16:04 - 2016-01-09 16:04 - 00000000 ____D C:\Users\r\AppData\LocalLow\Oracle 2016-01-09 16:03 - 2016-01-09 16:03 - 16082432 _____ C:\Users\r\Downloads\pdfsam-v3.0.1.RELEASE.msi 2016-01-09 16:03 - 2016-01-09 16:03 - 05399928 _____ (PDFsam) C:\Users\r\Downloads\PDFsam_Basic_Installer.exe 2016-01-09 15:02 - 2016-02-04 19:00 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-01-09 15:01 - 2016-01-09 15:01 - 00927824 _____ (Google Inc.) C:\Users\r\Downloads\ChromeSetup.exe 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\skin 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\lightning-en-US 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\lightning 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\icons 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\calendar-en-US 2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\calendar 2016-01-09 14:43 - 2016-01-29 23:58 - 00000000 ____D C:\Users\r\AppData\Local\Foxit Reader 2016-01-09 14:39 - 2016-01-09 14:39 - 00001373 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2016-01-09 14:39 - 2016-01-09 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2016-01-09 14:38 - 2016-01-09 14:38 - 39170360 _____ (Foxit Software Inc. ) C:\Users\r\Downloads\FoxitReader728.1124_prom_enu_Setup.exe 2016-01-08 17:45 - 2016-01-09 17:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-01-07 15:52 - 2016-01-31 15:51 - 00000000 ____D C:\Users\r\Desktop\Papers 2016-01-07 14:41 - 2016-01-07 14:42 - 00018925 _____ C:\Users\r\Downloads\Statement(2).pdf 2016-01-07 14:39 - 2016-01-07 14:39 - 00019158 _____ C:\Users\r\Downloads\Statement(1).pdf 2016-01-07 03:14 - 2016-01-26 20:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-06 10:53 - 2015-07-21 19:54 - 00000000 ____D C:\Users\r\AppData\LocalLow\LastPass 2016-02-06 10:49 - 2015-06-23 18:42 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4097768012-1274822476-2557327463-1001 2016-02-06 10:48 - 2015-06-24 14:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-02-06 10:48 - 2014-11-20 23:42 - 01162822 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-06 10:48 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf 2016-02-06 10:47 - 2015-07-22 22:14 - 00000000 ___RD C:\Users\r\Dropbox 2016-02-06 10:47 - 2015-07-22 21:46 - 00000000 ____D C:\Users\r\AppData\Local\Dropbox 2016-02-06 10:44 - 2015-06-23 18:38 - 00000000 ___RD C:\Users\r\OneDrive 2016-02-06 10:43 - 2015-07-22 21:46 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-02-06 10:43 - 2015-07-17 20:44 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-06 10:43 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\Offline Web Pages 2016-02-06 10:43 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-06 10:39 - 2015-06-25 14:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-06 10:23 - 2015-10-02 19:18 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-02-06 10:23 - 2015-06-24 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-02-06 10:23 - 2015-06-24 14:00 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-02-06 10:23 - 2015-06-24 14:00 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-02-06 10:23 - 2015-06-24 14:00 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-02-06 10:10 - 2015-07-17 20:44 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-06 10:03 - 2015-05-14 01:13 - 00000000 ____D C:\ProgramData\McAfee 2016-02-06 09:56 - 2015-07-22 21:46 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-02-06 09:47 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-02-06 09:46 - 2015-07-03 01:22 - 00000000 ____D C:\Windows\System32\Tasks\McAfee 2016-02-06 09:46 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2016-02-06 09:46 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2016-02-06 04:48 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness 2016-02-06 04:47 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-06 02:05 - 2015-06-24 15:12 - 00000000 ____D C:\Users\r\AppData\Local\Adobe 2016-02-04 23:26 - 2015-09-08 17:26 - 00000000 ____D C:\Users\r\Desktop\torrents 2016-02-04 23:26 - 2015-07-15 15:05 - 00000000 ____D C:\Users\r\Desktop\Random pics 2016-02-04 23:26 - 2015-07-03 16:53 - 00000000 ____D C:\Users\r\Desktop\cleaners 2016-02-04 20:33 - 2013-08-22 08:25 - 00000127 _____ C:\Windows\win.ini 2016-02-04 15:55 - 2015-06-24 17:27 - 00000000 ____D C:\Users\r\AppData\Local\CrashDumps 2016-02-04 15:24 - 2015-05-14 01:11 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-02-04 10:15 - 2015-07-10 15:24 - 00000000 ____D C:\Users\r\Desktop\wallpaper 2016-02-03 19:58 - 2015-12-20 13:54 - 00000000 ____D C:\Users\r\Downloads\Trainwreck 2015 UNRATED 1080p BluRay x264 DTS-JYK 2016-02-03 19:58 - 2015-07-11 16:50 - 00363520 ___SH C:\Users\r\Downloads\Thumbs.db 2016-02-01 14:04 - 2015-07-17 20:44 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-01 14:04 - 2015-07-17 20:44 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-01-31 23:49 - 2015-07-03 01:10 - 00740352 ___SH C:\Users\r\Desktop\Thumbs.db 2016-01-30 00:01 - 2013-08-22 09:44 - 00377616 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-29 23:39 - 2015-05-14 01:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-01-29 23:38 - 2015-06-23 18:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2016-01-29 15:09 - 2015-06-24 18:03 - 00000000 ____D C:\ProgramData\SupportAssistAgent 2016-01-28 20:45 - 2015-06-23 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-28 20:31 - 2015-06-24 16:34 - 00000000 ____D C:\Users\r\AppData\Roaming\Azureus 2016-01-28 16:30 - 2015-06-23 19:55 - 00000000 ____D C:\Users\r\Desktop\Chase ETC 2016-01-28 14:02 - 2015-05-14 01:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-01-28 14:02 - 2015-05-14 01:10 - 00000000 ____D C:\ProgramData\PCDr 2016-01-26 15:47 - 2015-07-03 15:28 - 00000000 ____D C:\Users\r\Desktop\dr info 2016-01-25 19:48 - 2015-06-24 16:34 - 00001812 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk 2016-01-25 19:48 - 2015-06-24 16:34 - 00000000 ____D C:\Program Files\Vuze 2016-01-20 03:39 - 2015-06-25 14:51 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-18 15:14 - 2015-06-24 15:16 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-18 13:52 - 2015-06-23 22:17 - 00000000 ____D C:\ProgramData\SoftThinks 2016-01-18 13:49 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-01-16 18:02 - 2015-07-10 18:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-16 18:02 - 2015-07-10 18:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-14 15:17 - 2015-06-24 12:02 - 00000000 ____D C:\Users\r\Desktop\Lease 2015 2016-01-13 17:54 - 2015-07-10 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-13 17:54 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp 2016-01-13 17:52 - 2015-06-26 04:39 - 00000000 ____D C:\Windows\system32\MRT 2016-01-13 17:50 - 2015-06-26 04:39 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-01-12 20:55 - 2015-06-23 18:47 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-12 20:55 - 2015-06-23 18:47 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-01-09 16:04 - 2015-06-23 18:34 - 00000000 ____D C:\Users\r 2016-01-09 15:49 - 2015-10-24 12:54 - 00000000 ____D C:\Users\r\AppData\Local\ElevatedDiagnostics 2016-01-09 15:02 - 2015-07-03 18:23 - 00000000 ____D C:\Users\r\AppData\Local\Google 2016-01-09 15:01 - 2015-07-03 18:23 - 00000000 ____D C:\Program Files (x86)\Google 2016-01-09 14:40 - 2015-07-14 12:38 - 00000000 ____D C:\Users\r\AppData\Roaming\Foxit Software 2016-01-09 14:39 - 2016-01-02 20:53 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2016-01-09 14:39 - 2015-07-14 12:37 - 00000000 ____D C:\Users\Public\Foxit Software ==================== Files in the root of some directories ======= 2015-09-17 16:04 - 2015-04-13 14:56 - 0016659 _____ () C:\Program Files\AUTHORS.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0861120 _____ () C:\Program Files\axvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000294 _____ () C:\Program Files\axvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0018092 _____ () C:\Program Files\COPYING.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0143296 _____ () C:\Program Files\libvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000283 _____ () C:\Program Files\libvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 15:00 - 2631616 _____ () C:\Program Files\libvlccore.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0155516 _____ () C:\Program Files\NEWS.txt 2015-09-17 16:04 - 2015-04-13 14:57 - 0662464 _____ (VideoLAN) C:\Program Files\npvlc.dll 2015-09-17 16:04 - 2015-04-13 14:56 - 0000294 _____ () C:\Program Files\npvlc.dll.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0002759 _____ () C:\Program Files\README.txt 2015-09-17 16:04 - 2015-04-13 14:56 - 0005605 _____ () C:\Program Files\THANKS.txt 2015-09-17 16:04 - 2015-04-13 15:00 - 0123840 _____ (VideoLAN) C:\Program Files\vlc-cache-gen.exe 2015-09-17 16:04 - 2015-04-13 14:57 - 0137152 _____ (VideoLAN) C:\Program Files\vlc.exe 2015-09-17 16:04 - 2015-04-13 14:56 - 0000825 _____ () C:\Program Files\vlc.exe.manifest 2015-09-17 16:04 - 2015-04-13 14:56 - 0073164 _____ () C:\Program Files\vlc.ico 2015-12-13 23:57 - 2015-12-13 23:57 - 0980171 _____ () C:\Users\r\AppData\Local\AVI-Player_724.rar 2015-12-20 13:28 - 2015-12-13 23:57 - 1031205 _____ (Internet Program Installer                                  ) C:\Users\r\AppData\Local\aviplayer_setup.exe 2015-07-09 17:56 - 2015-07-09 17:56 - 0003584 _____ () C:\Users\r\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-30 20:50 - 2015-07-17 11:46 - 0007605 _____ () C:\Users\r\AppData\Local\Resmon.ResmonCfg 2015-05-14 01:01 - 2015-05-14 01:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-29 23:47 - 2016-02-04 21:37 - 0002612 _____ () C:\ProgramData\hpzinstall.log 2015-05-14 01:09 - 2015-05-14 01:10 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-05-14 01:07 - 2015-05-14 01:08 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-05-14 01:08 - 2015-05-14 01:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-05-14 01:09 - 2015-05-14 01:09 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-05-14 01:07 - 2015-05-14 01:07 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\r\AppData\Local\Temp\dbdfcafb-4859-467a-90bf-eff61df40b48.exe C:\Users\r\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdlp_v1.dll C:\Users\r\AppData\Local\Temp\HPInstaller.exe C:\Users\r\AppData\Local\Temp\i4jdel0.exe C:\Users\r\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\r\AppData\Local\Temp\McCSPInstall.dll C:\Users\r\AppData\Local\Temp\mccspuninstall.exe C:\Users\r\AppData\Local\Temp\RoboForm-Setup.exe C:\Users\r\AppData\Local\Temp\Second_Life_3_8_3_304115_i686_Setup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-30 05:11 ==================== End of FRST.txt ============================     --------------------------------------------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016 Ran by r (2016-02-06 10:55:43) Running from C:\Program Installers Windows 8.1 (X64) (2015-06-23 23:35:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4097768012-1274822476-2557327463-500 - Administrator - Disabled) Guest (S-1-5-21-4097768012-1274822476-2557327463-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4097768012-1274822476-2557327463-1003 - Limited - Enabled) r (S-1-5-21-4097768012-1274822476-2557327463-1001 - Administrator - Enabled) => C:\Users\r ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Ad-Aware (HKLM-x32\...\Ad-Aware) (Version:  - Lavasoft) Ad-Aware (x32 Version: 8.1.0 - Lavasoft) Hidden Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden C3100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media) COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.) CompuPic (HKLM-x32\...\CompuPic) (Version:  - ) CompuPic Pro (HKLM-x32\...\CompuPic Pro) (Version:  - ) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.) Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{91E2DDB6-DC13-4585-8A10-04C6AB6F87A4}) (Version: 3.1.1900.0 - Dell Inc.) Dell Help & Support (HKLM-x32\...\InstallShield_{A00269ED-FD88-4907-834B-60B70DCE82C5}) (Version: 2.0.366.0 - Dell Inc.) Dell Help & Support (Version: 2.0.366.0 - Dell Inc.) Hidden Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell) Dell System Detect (HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\73f463568823ebbe) (Version: 6.5.0.6 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Foxit PhantomPDF Business (HKLM-x32\...\{BC99D091-67DA-419D-BB72-D64B94203917}) (Version: 7.1.5.425 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.) Free AVI Player (HKLM-x32\...\{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}) (Version: 1.00.0000 - Media Freeware) fun village version 1.0 (HKLM-x32\...\{933A0622-99C0-4D66-A354-E1C5CFE7BFB8}_is1) (Version: 1.0 - programcreater) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\HP Photo Creations) (Version: 1.0.0.19662 - HP) HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla) Mozilla Thunderbird 38.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 en-US)) (Version: 38.5.1 - Mozilla) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.76 - NCH Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.8.2.303891 - Linden Research, Inc.) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.41 - Stardock Software, Inc.) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VLC Media Player 2.1.5 Final (HKLM-x32\...\VLC Media Player 2.1.5 Final) (Version:  - ) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.) Vuze (HKLM\...\8461-7759-5462-8226-1) (Version: 5.6.2.0 - Azureus Software, Inc.) WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.) WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1643E503-4DE0-4202-88CD-8271097295F2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-22] (Dropbox, Inc.) Task: {17A5BAC1-0DCD-4E96-A91F-C694FAD2770E} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch Task: {24FBA04A-AF47-4E9C-A72E-BB14800B0B69} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {2A918867-3906-4CDF-B292-7EA5B8E86722} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {2C004B25-8748-4F20-9515-4CD8AD9F8FAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {30D4018B-AE40-4E25-A98A-5ADC2B4D1837} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-18] (Siber Systems) Task: {41E88120-C4DF-4CCF-A111-A9AA4F14D951} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated) Task: {42DA5CD5-047F-4A41-8227-8C8A4FE7E7A2} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO) Task: {4AF8F9DA-A565-478A-AB60-FC666FEE340E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01] (Lavasoft) Task: {4BFF6BD3-FA95-45BC-991E-98A8B1C5120F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.) Task: {4C1FD6B8-5A19-4BE4-A268-DBBE7BE070A5} - System32\Tasks\{4FD0F0C5-AB4E-47A8-AA42-A27F5368C875} => pcalua.exe -a C:\Users\r\Downloads\cpro32_623_1364.exe -d C:\Users\r\Downloads Task: {5259BB8E-2F13-4E15-80D6-306DF981C749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {5D57F43B-7960-4092-BACD-938CB3388355} - System32\Tasks\{6396FF8E-6879-411C-8094-3FFCD3DAD884} => pcalua.exe -a F:\cpro32.exe -d F:\ Task: {83622306-3EE2-44C2-83A2-EDBD46338387} - System32\Tasks\HP Photo Creations Communicator => C:\Users\r\AppData\Roaming\HP Photo Creations\Communicator.exe [2016-02-04] () Task: {84173F62-DA68-4C3A-A774-DCF1A85F360F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-becky7234@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated) Task: {8B33C060-33DD-4C2A-BCA2-9D6D3E66F7E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation) Task: {9526B327-6E62-474B-AB98-DDF47DBDD66B} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJJMMJHMIMIMIMIMCNKMNJIMIMCNLMMJLJIMCNOJIMLJOMCNOJIMOJOMPMHMJJKMLMKMKMOMJNJICMIMCNOMCNMMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNIJNKJCMJNNICMJNDJCMKJBJ" Task: {97591E23-DD62-4419-8D8E-F8913B74560F} - System32\Tasks\Dell\Dell Product Registration Update => /updatecheck /LSRC=autolaunch Task: {A6926E1A-D409-4ACF-BA8C-DBB09F772F5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {B081C38F-1250-497F-811A-7D0EA59BC043} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.) Task: {B4F20F09-FF99-4560-B2B8-69A3B86FC221} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company) Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {C70BE064-CECB-4858-A648-41F0AD76846B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {C7B8C069-EC57-4525-92D3-0D73535C8693} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {CBDAC909-72D8-4E64-B33F-7D0B12424851} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-22] (Dropbox, Inc.) Task: {D1E6C94B-2B23-439A-B5B2-6628001CA107} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {D35618E4-E825-4BAB-9CBA-5D5E0312DBD7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJJMMJHMIMIMIMIMCNKMNJIMIMCNLMMJLJIMCNOJIMLJOMCNOJIMOJOMPMHMJJKMLMKMKMOMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMHMKMJNHICMEKMICNJJCKJNBJCMJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMJMMMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ" Task: {DE6BDACC-DC05-4BED-8DC9-E20AEE754DB6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.) Task: {E07F8A45-F6E5-4EE0-871C-814C5B0DFCA2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {E1283E54-716C-4AE9-BF2C-B486187F5D38} - System32\Tasks\{EC08A0C7-52EA-4871-AF66-D75A55D1E04B} => pcalua.exe -a C:\Users\r\Downloads\cpic32_623_1364.exe -d C:\Users\r\Downloads Task: {E5D12C1A-E446-4143-A4BD-19C36CD2B882} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {E939FBDE-A9D3-440A-8AF2-733816C015BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {F1F9067B-CAF7-4BB6-9BE2-E2D642DCD9B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {F6B34F00-5D20-4CF0-A130-11AEBFB78972} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {FB274B0F-F9D4-4B80-9015-044D6C92C1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\r\AppData\Roaming\HP Photo Creations\Communicator.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-09 17:45 - 2015-10-02 19:13 - 00181312 _____ () C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe 2015-01-08 22:02 - 2015-01-08 22:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2015-07-22 00:02 - 2015-07-22 00:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2013-09-04 23:20 - 2013-09-04 23:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-04 23:24 - 2013-09-04 23:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-12-11 18:36 - 2015-10-30 19:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2015-12-11 18:36 - 2015-10-30 19:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-11 18:36 - 2015-10-30 19:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-11 18:36 - 2015-10-30 19:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2015-12-11 18:36 - 2015-10-30 19:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2015-12-11 18:36 - 2015-12-08 16:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-11 18:36 - 2015-10-30 19:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2015-12-11 18:36 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-11 18:36 - 2015-10-30 19:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2015-12-11 18:36 - 2015-10-30 19:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2015-12-11 18:36 - 2015-12-08 16:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-11 18:36 - 2015-10-30 20:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-12-11 18:36 - 2015-12-08 16:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-07-22 21:47 - 2015-10-30 20:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-07-22 21:47 - 2015-10-30 20:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-29 23:56 - 2015-10-30 20:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-07-22 21:47 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-05-14 01:07 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS:nlsPreferences AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2016-02-06 10:04 - 00000832 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\r\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Dell Customer Connect => 2 MSCONFIG\Services: Dell Foundation Services => 2 MSCONFIG\Services: Dell Help & Support => 2 MSCONFIG\Services: DellDataVault => 2 MSCONFIG\Services: DellDataVaultWiz => 2 MSCONFIG\Services: DellProdRegManager => 3 MSCONFIG\Services: DellUpdate => 2 MSCONFIG\Services: HomeNetSvc => 2 MSCONFIG\Services: Lavasoft Ad-Aware Service => 3 MSCONFIG\Services: McAfee SiteAdvisor Service => 2 MSCONFIG\Services: McAWFwk => 3 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: mccspsvc => 2 MSCONFIG\Services: McNaiAnn => 3 MSCONFIG\Services: McODS => 3 MSCONFIG\Services: mcpltsvc => 3 MSCONFIG\Services: McProxy => 3 MSCONFIG\Services: MSK80Service => 2 MSCONFIG\Services: PDFsam Enhanced => 3 MSCONFIG\Services: PDFsam Enhanced CrashHandler => 3 MSCONFIG\Services: PDFsam Enhanced Creator => 2 MSCONFIG\Services: PDFsam Manager => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: RtkAudioService => 2 MSCONFIG\Services: SftService => 2 MSCONFIG\Services: Start8 => 2 MSCONFIG\Services: SupportAssistAgent => 2 MSCONFIG\Services: TeamViewer => 2 HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "DropboxOEM" HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-4097768012-1274822476-2557327463-1001\...\StartupApproved\Run: => "BingSvc" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{51EC3F36-4DA8-4800-891C-A7E7CC4299F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{B6F98FB6-4031-4B18-A2E6-EDFCA5A1E36F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{14CE3398-5E0C-41AB-87BB-8FE5913DE604}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1A159B7A-432F-4977-BD55-87A91BDF56D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{962AB04C-32DC-47D6-8B46-8DEEB96DFD0F}] => (Allow) C:\Users\r\AppData\Local\Temp\nsv8703.tmp\Installer-76253084.exe FirewallRules: [{18468981-E613-47A0-9482-51D505876D16}] => (Allow) C:\Users\r\AppData\Local\Temp\nsv8703.tmp\Installer-76253084.exe FirewallRules: [{D524603D-9537-4D47-8885-7566815E61AF}] => (Allow) C:\Users\r\AppData\Local\Temp\nsn2643.tmp\Installer-76253084.exe FirewallRules: [{1AFE0555-9DE8-48E3-8DF4-2ACADC3B28E8}] => (Allow) C:\Users\r\AppData\Local\Temp\nsn2643.tmp\Installer-76253084.exe FirewallRules: [{DF2CA2A6-6A53-4A4B-85EC-DF3366B7A0BE}] => (Allow) F:\Downloads June 2015 to...]\Vuze\Azureus.exe FirewallRules: [{4E263ADD-65BB-4E28-951D-09745179424D}] => (Allow) F:\Downloads June 2015 to...]\Vuze\Azureus.exe FirewallRules: [{4621F2FB-8F49-4D61-A902-112865183ADC}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe FirewallRules: [{36980A12-564C-4ED0-A4CA-FFBD79FECB90}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe FirewallRules: [{B8B98331-1B5E-43B7-B77F-939908B56BA4}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe FirewallRules: [{52C5160C-7D6A-4D4C-84C4-9F7C4B6C6C97}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7CD1B66F-2BA9-4F76-9920-44DA432E206C}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{6065F500-5656-42BB-8C04-1AA619B951D1}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{742EB319-36F0-4ABD-8AAA-5F00E02C1A23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{451CA570-BA0C-4F5C-AE53-EEADEB4652ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EF205176-8202-472E-A18D-416BCA45F8C7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{538806D6-21D9-43B2-983C-E3A08AD4251C}] => (Allow) F:\Downloads June 2015 to...]\AVI-Player_724-70839030.exe FirewallRules: [{3EE1F596-C231-41F8-8819-E528CF387F1B}] => (Allow) F:\Downloads June 2015 to...]\AVI-Player_724-70839030.exe FirewallRules: [{C09C2E43-E5CE-445A-B032-8339D4B59136}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{91B567EA-C830-4AAB-A94C-781EE9C3F149}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{05BB8AEB-34E2-4AF9-862D-4C5CCC02AAA2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{C5AF79D6-3B07-42A0-9F26-86F868444374}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{784F7048-47F0-4902-9CF3-BE698307C7A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{5584567F-977F-4CCF-AFE7-E069757F5989}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{7A03AD63-794A-466C-8F2C-1192D54AC1AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{D104FD7B-1A76-4D9B-9539-0441CE358E83}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A9D16E73-EB8E-4574-B73E-DDE292EFA012}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{E9F16F9B-FF68-4942-A57F-461614EB59F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{6B9B7A6E-6084-49B1-828D-EAF96ACD88E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{915A4BBE-8E5E-4087-A7FE-10C47F826ECA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{859E69F7-D379-4939-A9B3-583EB8DAB425}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{7D5C1A27-932D-47A6-A41D-244494807489}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{111DEF6A-B7EE-4B7F-983A-B7001DB43B97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{6EDEBC10-0BCE-4D10-9942-03AA44BB079C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{E2054E47-AAF9-492F-9F0B-3F494E1DD409}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{FC963E38-8F6B-42E8-A3A8-90FC7FF6168F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{860ABC0D-E6F6-49CA-918F-B16F2559D06F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{95317AEE-4BC1-4976-8375-4833288CE313}] => (Allow) C:\Users\r\AppData\Local\Temp\7zS578E\HPDiagnosticCoreUI.exe FirewallRules: [{1F882AA3-C887-44BC-AA3C-D33FF266ED4B}] => (Allow) C:\Users\r\AppData\Local\Temp\7zS578E\HPDiagnosticCoreUI.exe FirewallRules: [{4C4D31EB-458F-4F8F-BCD6-858A9E82C7E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5D7A6E51-7B29-4128-A948-21B57D709104}] => (Allow) C:\Users\r\AppData\Local\Temp\7zS070B\hppiw.exe FirewallRules: [{AB000502-FA76-480E-AA85-D042554F3087}] => (Allow) C:\Users\r\AppData\Local\Temp\7zS070B\hppiw.exe FirewallRules: [{5CD88139-3643-4050-B645-5FDB5A60ADB2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{2F13BEFE-B126-4774-9944-29244D94A1F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe ==================== Restore Points ========================= 18-01-2016 13:48:47 Removed Microsoft Office 29-01-2016 23:37:10 Installed HP Support Solutions Framework 06-02-2016 10:08:49 Installing COMODO Antivirus ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisEvent" whose target class "CisEvent" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider  attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (02/06/2016 10:09:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider  attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored. System errors: ============= Error: (02/06/2016 10:43:04 AM) (Source: DCOM) (EventID: 10010) (User: MYPC) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/06/2016 10:43:04 AM) (Source: DCOM) (EventID: 10010) (User: MYPC) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/03/2016 08:01:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Boot Delay Start Service service failed to start due to the following error: %%1053 Error: (02/03/2016 08:01:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect. Error: (02/03/2016 08:01:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: %%1 Error: (02/03/2016 08:00:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Boot Delay Start Service service failed to start due to the following error: %%1053 Error: (02/03/2016 08:00:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect. Error: (01/29/2016 11:58:15 PM) (Source: DCOM) (EventID: 10010) (User: MYPC) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (01/29/2016 11:58:15 PM) (Source: DCOM) (EventID: 10010) (User: MYPC) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (01/29/2016 11:58:06 PM) (Source: DCOM) (EventID: 10010) (User: MYPC) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} CodeIntegrity: ===================================   Date: 2016-02-06 10:53:12.209   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 10:15:00.136   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-02-06 10:09:48.718   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G3250 @ 3.20GHz Percentage of memory in use: 20% Total physical RAM: 8108.95 MB Available physical RAM: 6424.65 MB Total Virtual: 9388.95 MB Available Virtual: 7550.09 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.39 GB) (Free:862.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 753CDF2B) Partition: GPT. ==================== End of Addition.txt ============================      
  5. Thanks a lot Broni! Everything works perfect!
  6. Ok the laptop its running a bit better new. Thanks for your help Broni, Here is the logsSophos did not find anything so I didn't get any log from it:  Results of screen317's Security Check version 1.009      x64 (UAC is enabled)    Internet Explorer 11   ``````````````Antivirus/Firewall Check:``````````````   Windows Firewall Enabled!   Windows Defender    COMODO Antivirus     Antivirus up to date!   `````````Anti-malware/Other Utilities Check:`````````   Adobe Flash Player     20.0.0.267    Google Chrome (47.0.2526.106)  ````````Process Check: objlist.exe by Laurent````````    Malwarebytes Anti-Malware mbamservice.exe    Malwarebytes Anti-Malware mbam.exe    Comodo Firewall cmdagent.exe   Malwarebytes Anti-Malware mbamscheduler.exe    `````````````````System Health check`````````````````   Total Fragmentation on Drive C:  %  ````````````````````End of Log``````````````````````      ---------------------------------------------------------------------------------------------   Farbar Service Scanner Version: 03-01-2016 Ran by Uyen (administrator) on 06-01-2016 at 23:13:53 Running from "C:\Users\Uyen\Desktop" Microsoft Windows 10 Home  (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy:  ================== System Restore: ============ System Restore Policy:  ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy:  ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. Windows Defender Disabled Policy:  ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  7. Ok, hee is the log thanks:   Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015 Ran by Uyen (2016-01-06 22:35:48) Run:1 Running from C:\Users\Uyen\Desktop Loaded Profiles: Uyen (Available Profiles: Uyen) Boot Mode: Normal ============================================== fixlist content: ***************** Toolbar: HKLM - No Name - {434C4D2D-5347-006A-76A7-7A786E7484D7} -  No File 2016-01-05 23:19 - 2016-01-05 23:19 - 0007605 _____ () C:\Users\Uyen\AppData\Local\Resmon.ResmonCfg  C:\Users\Uyen\AppData\Local\Temp\sqlite3.dll  Task: {1B3B88CA-CF55-4CDE-B9BF-B32EC9539802} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {40084CDE-687F-4D79-8130-8A330E4BFBB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {706A0559-3E36-4788-9CC3-1D023B5C6E7B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {8E80E86C-090B-449B-A635-E6C27F2C27A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C48FD040-C103-4DD6-BF29-15B87BE30B36} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ptun0901.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.027.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.027.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.028.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.028.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\JRT.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\RogueKiller.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\RogueKiller.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\BetternetForWindows.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Downloads\BetternetForWindows.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\images (1).jpg:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\images.jpg:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\privatetunnel-win-2.4.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Downloads\privatetunnel-win-2.4.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe:$CmdZnID  ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{434C4D2D-5347-006A-76A7-7A786E7484D7} => value removed successfully HKCR\CLSID\{434C4D2D-5347-006A-76A7-7A786E7484D7} => key not found.  C:\Users\Uyen\AppData\Local\Resmon.ResmonCfg => moved successfully "C:\Users\Uyen\AppData\Local\Temp\sqlite3.dll" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B3B88CA-CF55-4CDE-B9BF-B32EC9539802}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B3B88CA-CF55-4CDE-B9BF-B32EC9539802}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40084CDE-687F-4D79-8130-8A330E4BFBB4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40084CDE-687F-4D79-8130-8A330E4BFBB4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{706A0559-3E36-4788-9CC3-1D023B5C6E7B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{706A0559-3E36-4788-9CC3-1D023B5C6E7B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E80E86C-090B-449B-A635-E6C27F2C27A9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E80E86C-090B-449B-A635-E6C27F2C27A9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48FD040-C103-4DD6-BF29-15B87BE30B36}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48FD040-C103-4DD6-BF29-15B87BE30B36}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "C:\WINDOWS\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\ptun0901.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\tap0901.sys" => ":$CmdTcID" ADS not found. "C:\Users\Uyen\Desktop\adwcleaner_5.027.exe" => ":$CmdTcID" ADS not found. C:\Users\Uyen\Desktop\adwcleaner_5.027.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Uyen\Desktop\adwcleaner_5.028.exe" => ":$CmdTcID" ADS not found. C:\Users\Uyen\Desktop\adwcleaner_5.028.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Uyen\Desktop\FRST64.exe" => ":$CmdTcID" ADS not found. C:\Users\Uyen\Desktop\FRST64.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Uyen\Desktop\JRT.exe" => ":$CmdTcID" ADS not found. C:\Users\Uyen\Desktop\JRT.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Uyen\Desktop\RogueKiller.exe" => ":$CmdTcID" ADS not found. C:\Users\Uyen\Desktop\RogueKiller.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Uyen\Downloads\BetternetForWindows.exe" => ":$CmdTcID" ADS not found. C:\Users\Uyen\Downloads\BetternetForWindows.exe => ":$CmdZnID" ADS removed successfully. C:\Users\Uyen\Downloads\images (1).jpg => ":$CmdZnID" ADS removed successfully. C:\Users\Uyen\Downloads\images.jpg => ":$CmdZnID" ADS removed successfully. C:\Users\Uyen\Downloads\mbam-setup-2.2.0.1024.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Uyen\Downloads\privatetunnel-win-2.4.exe" => ":$CmdTcID" ADS not found. C:\Users\Uyen\Downloads\privatetunnel-win-2.4.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe" => ":$CmdTcID" ADS not found. C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe => ":$CmdZnID" ADS removed successfully. ==== End of Fixlog 22:35:49 ====
  8. Ok, here is the logs thanks a kot:   Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015 Ran by Uyen (administrator) on UYEN (06-01-2016 19:54:38) Running from C:\Users\Uyen\Desktop Loaded Profiles: Uyen (Available Profiles: Uyen) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO) HKU\S-1-5-21-363019609-69000041-377191451-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware) HKU\S-1-5-21-363019609-69000041-377191451-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2016-01-04] () HKU\S-1-5-21-363019609-69000041-377191451-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.) HKU\S-1-5-21-363019609-69000041-377191451-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-10-30] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-01] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{28698629-23e8-4c17-9d1f-e88922d8a614}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{2b6a7e9c-5203-4558-a757-d6dd63e2140f}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKU\S-1-5-21-363019609-69000041-377191451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo SearchScopes: HKU\S-1-5-21-363019609-69000041-377191451-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) Toolbar: HKLM - No Name - {434C4D2D-5347-006A-76A7-7A786E7484D7} -  No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-02] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-02] () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-28] (Google Inc.) FF Plugin HKU\S-1-5-21-363019609-69000041-377191451-1001: @nsroblox.roblox.com/launcher -> C:\Users\Uyen\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-363019609-69000041-377191451-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Uyen\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) Chrome:  ======= CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28] CHR Extension: (YouTube) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28] CHR Extension: (Google Search) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-28] CHR Extension: (Gmail) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] CHR HKLM-x32\...\Chrome\Extension: [peefembmkccmkodbcpgilfjgkligpbba] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 gpsvc; C:\Windows\System32\gpsvc.dll [1338368 2015-10-30] (Microsoft Corporation) [File not signed] R2 gpsvc; C:\Windows\System32\gpsvc.dll [1338368 2015-10-30] (Microsoft Corporation) [File not signed] R2 nsi; C:\Windows\System32\nsisvc.dll [30720 2015-10-30] (Microsoft Corporation) [File not signed] U3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [794112 2015-10-30] (Microsoft Corporation) [File not signed] U3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [613888 2015-10-30] (Microsoft Corporation) [File not signed] U2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) U3 AJRouter; C:\Windows\System32\AJRouter.dll [23040 2015-10-30] (Microsoft Corporation) [File not signed] U3 ALG; C:\Windows\System32\alg.exe [97792 2015-10-30] (Microsoft Corporation) [File not signed] U3 AppIDSvc; C:\Windows\System32\appidsvc.dll [45056 2015-10-30] (Microsoft Corporation) [File not signed] R3 Appinfo; C:\Windows\System32\appinfo.dll [94720 2015-10-30] (Microsoft Corporation) [File not signed] U3 AppReadiness; C:\Windows\system32\AppReadiness.dll [504320 2015-10-30] (Microsoft Corporation) [File not signed] U3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [2156032 2015-10-30] (Microsoft Corporation) [File not signed] U2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [275456 2015-12-27] (Microsoft Corporation) [File not signed] R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [1063424 2015-12-27] (Microsoft Corporation) [File not signed] U3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114176 2015-10-30] (Microsoft Corporation) [File not signed] U3 BDESVC; C:\Windows\System32\bdesvc.dll [360448 2015-10-30] (Microsoft Corporation) [File not signed] U2 BFE; C:\Windows\System32\bfe.dll [794112 2015-10-30] (Microsoft Corporation) [File not signed] U2 BITS; C:\Windows\System32\qmgr.dll [1144320 2015-10-30] (Microsoft Corporation) [File not signed] U2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [587776 2015-10-30] (Microsoft Corporation) [File not signed] U3 Browser; C:\Windows\System32\browser.dll [134656 2015-10-30] (Microsoft Corporation) [File not signed] U3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-10-30] (Microsoft Corporation) [File not signed] U3 bthserv; C:\Windows\system32\bthserv.dll [91136 2015-10-30] (Microsoft Corporation) [File not signed] U2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) U2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) U2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1035768 2015-11-25] (Camshare Inc.) U4 CDPSvc; C:\Windows\System32\CDPSvc.dll [287744 2015-10-30] (Microsoft Corporation) [File not signed] U3 CertPropSvc; C:\Windows\System32\certprop.dll [192000 2015-10-30] (Microsoft Corporation) [File not signed] U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO) U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO) U2 CoreMessagingRegistrar; C:\WINDOWS\SysWOW64\coremessaging.dll [461824 2015-10-30] (Microsoft Corporation) [File not signed] R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [78848 2015-10-30] (Microsoft Corporation) [File not signed] R2 DcomLaunch; C:\Windows\system32\rpcss.dll [904704 2015-10-30] (Microsoft Corporation) [File not signed] U3 DcpSvc; C:\Windows\system32\dcpsvc.dll [186880 2015-10-30] (Microsoft Corporation) [File not signed] U3 defragsvc; C:\Windows\System32\defragsvc.dll [527872 2015-10-30] (Microsoft Corporation) [File not signed] U3 DeviceAssociationService; C:\Windows\system32\das.dll [444928 2015-10-30] (Microsoft Corporation) [File not signed] U3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [111616 2015-10-30] (Microsoft Corporation) [File not signed] U3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [34304 2015-10-30] (Microsoft Corporation) [File not signed] U2 Dhcp; C:\Windows\system32\dhcpcore.dll [355840 2015-10-30] (Microsoft Corporation) [File not signed] U2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [293888 2015-10-30] (Microsoft Corporation) [File not signed] U3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [31744 2015-10-30] (Microsoft Corporation) [File not signed] U3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [278016 2015-10-30] (Microsoft Corporation) [File not signed] U3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [200192 2015-10-30] (Microsoft Corporation) [File not signed] U3 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [57856 2015-10-30] (Microsoft Corporation) [File not signed] U2 Dnscache; C:\Windows\System32\dnsrslvr.dll [284672 2015-10-30] (Microsoft Corporation) [File not signed] U2 DoSvc; C:\Windows\system32\dosvc.dll [1090048 2015-10-30] (Microsoft Corporation) [File not signed] U3 dot3svc; C:\Windows\System32\dot3svc.dll [264704 2015-10-30] (Microsoft Corporation) [File not signed] U2 DPS; C:\Windows\system32\dps.dll [170496 2015-10-30] (Microsoft Corporation) [File not signed] U3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [205824 2015-10-30] (Microsoft Corporation) [File not signed] U3 DsSvc; C:\Windows\System32\DsSvc.dll [145408 2015-10-30] (Microsoft Corporation) [File not signed] U3 Eaphost; C:\Windows\System32\eapsvc.dll [112640 2015-10-30] (Microsoft Corporation) [File not signed] U3 EFS; C:\Windows\system32\efssvc.dll [60416 2015-10-30] (Microsoft Corporation) [File not signed] U3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [111616 2015-10-30] (Microsoft Corporation) [File not signed] U3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [313856 2015-10-30] (Microsoft Corporation) [File not signed] U2 EventLog; C:\Windows\System32\wevtsvc.dll [1743872 2015-10-30] (Microsoft Corporation) [File not signed] U2 EventSystem; C:\Windows\system32\es.dll [473088 2015-10-30] (Microsoft Corporation) [File not signed] U2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [345600 2015-10-30] (Microsoft Corporation) [File not signed] U3 Fax; C:\Windows\system32\fxssvc.exe [651776 2015-10-30] (Microsoft Corporation) [File not signed] U3 fdPHost; C:\Windows\system32\fdPHost.dll [21504 2015-10-30] (Microsoft Corporation) [File not signed] U3 FDResPub; C:\Windows\system32\fdrespub.dll [35840 2015-10-30] (Microsoft Corporation) [File not signed] U3 fhsvc; C:\Windows\system32\fhsvc.dll [118784 2015-10-30] (Microsoft Corporation) [File not signed] U2 FontCache; C:\Windows\system32\FntCache.dll [1671168 2015-10-30] (Microsoft Corporation) [File not signed] U3 hidserv; C:\Windows\system32\hidserv.dll [36864 2015-10-30] (Microsoft Corporation) [File not signed] U3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [31744 2015-10-30] (Microsoft Corporation) [File not signed] U3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [279040 2015-10-30] (Microsoft Corporation) [File not signed] U3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [464384 2015-10-30] (Microsoft Corporation) [File not signed] U3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [381440 2015-10-30] (Microsoft Corporation) [File not signed] U3 icssvc; C:\Windows\System32\tetheringservice.dll [162304 2015-12-27] (Microsoft Corporation) [File not signed] U3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [117760 2015-10-30] (Microsoft Corporation) [File not signed] U2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) U3 IKEEXT; C:\Windows\System32\ikeext.dll [957952 2015-10-30] (Microsoft Corporation) [File not signed] U2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [958464 2015-10-30] (Microsoft Corporation) [File not signed] U3 KeyIso; C:\Windows\system32\keyiso.dll [97792 2015-10-30] (Microsoft Corporation) [File not signed] U3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [70656 2015-10-30] (Microsoft Corporation) [File not signed] U3 KtmRm; C:\Windows\system32\msdtckrm.dll [378880 2015-10-30] (Microsoft Corporation) [File not signed] U2 LanmanServer; C:\Windows\system32\srvsvc.dll [283136 2015-10-30] (Microsoft Corporation) [File not signed] R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [274432 2015-10-30] (Microsoft Corporation) [File not signed] U3 lfsvc; C:\Windows\System32\lfsvc.dll [27136 2015-10-30] (Microsoft Corporation) [File not signed] U3 lfsvc; C:\WINDOWS\SysWOW64\lfsvc.dll [22528 2015-10-30] (Microsoft Corporation) [File not signed] U3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [22528 2015-10-30] (Microsoft Corporation) [File not signed] U3 lltdsvc; C:\Windows\System32\lltdsvc.dll [280576 2015-10-30] (Microsoft Corporation) [File not signed] U3 lmhosts; C:\Windows\System32\lmhsvc.dll [24576 2015-10-30] (Microsoft Corporation) [File not signed] U2 LSM; C:\Windows\System32\lsm.dll [729600 2015-10-30] (Microsoft Corporation) [File not signed] U2 MapsBroker; C:\Windows\System32\moshost.dll [66560 2015-12-27] (Microsoft Corporation) [File not signed] U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2016-01-03] (Malwarebytes) U2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2016-01-03] (Malwarebytes) U4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.) U3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation) [File not signed] U2 MpsSvc; C:\Windows\system32\mpssvc.dll [870912 2015-10-30] (Microsoft Corporation) [File not signed] U3 MSDTC; C:\Windows\System32\msdtc.exe [147968 2015-10-30] (Microsoft Corporation) [File not signed] U3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2015-10-30] (Microsoft Corporation) [File not signed] S3 msiserver; C:\Windows\System32\msiexec.exe [66048 2015-10-30] (Microsoft Corporation) [File not signed] S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [58368 2015-10-30] (Microsoft Corporation) [File not signed] U3 NcaSvc; C:\Windows\System32\ncasvc.dll [168960 2015-10-30] (Microsoft Corporation) [File not signed] U3 NcbService; C:\Windows\System32\ncbservice.dll [339968 2015-10-30] (Microsoft Corporation) [File not signed] U3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [81408 2015-10-30] (Microsoft Corporation) [File not signed] U3 Netlogon; C:\Windows\system32\netlogon.dll [846848 2015-10-30] (Microsoft Corporation) [File not signed] U3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [713216 2015-10-30] (Microsoft Corporation) [File not signed] U3 Netman; C:\Windows\System32\netman.dll [265728 2015-10-30] (Microsoft Corporation) [File not signed] U3 netprofm; C:\Windows\System32\netprofmsvc.dll [547840 2015-10-30] (Microsoft Corporation) [File not signed] U3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [203776 2015-12-27] (Microsoft Corporation) [File not signed] U3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [289792 2015-10-30] (Microsoft Corporation) [File not signed] U3 NgcSvc; C:\Windows\system32\ngcsvc.dll [649216 2015-10-30] (Microsoft Corporation) [File not signed] U2 NlaSvc; C:\Windows\System32\nlasvc.dll [371712 2015-10-30] (Microsoft Corporation) [File not signed] U2 OneSyncSvc; C:\Windows\System32\APHostService.dll [342016 2015-10-30] (Microsoft Corporation) [File not signed] U3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2016-01-04] (The OpenVPN Project) U3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [351232 2015-10-30] (Microsoft Corporation) [File not signed] U3 p2psvc; C:\Windows\system32\p2psvc.dll [434176 2015-10-30] (Microsoft Corporation) [File not signed] U3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2015-10-30] (Microsoft Corporation) [File not signed] U3 PhoneSvc; C:\Windows\System32\PhoneService.dll [747520 2015-10-30] (Microsoft Corporation) [File not signed] U3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [252928 2015-10-30] (Microsoft Corporation) [File not signed] U3 pla; C:\Windows\system32\pla.dll [1487360 2015-10-30] (Microsoft Corporation) [File not signed] U3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537024 2015-10-30] (Microsoft Corporation) [File not signed] U3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [111616 2015-10-30] (Microsoft Corporation) [File not signed] U3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [27648 2015-10-30] (Microsoft Corporation) [File not signed] U3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [351232 2015-10-30] (Microsoft Corporation) [File not signed] U3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [390656 2015-10-30] (Microsoft Corporation) [File not signed] U2 Power; C:\Windows\system32\umpo.dll [113664 2015-10-30] (Microsoft Corporation) [File not signed] U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3337728 2015-10-30] (Microsoft Corporation) [File not signed] U2 ProfSvc; C:\Windows\system32\profsvc.dll [328192 2015-10-30] (Microsoft Corporation) [File not signed] U3 QWAVE; C:\Windows\system32\qwave.dll [286720 2015-10-30] (Microsoft Corporation) [File not signed] U3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [246784 2015-10-30] (Microsoft Corporation) [File not signed] S3 RasAuto; C:\Windows\System32\rasauto.dll [106496 2015-10-30] (Microsoft Corporation) [File not signed] S3 RasMan; C:\Windows\System32\rasmans.dll [696320 2015-10-30] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\Windows\System32\mprdim.dll [507904 2015-10-30] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [436224 2015-10-30] (Microsoft Corporation) [File not signed] U4 RemoteRegistry; C:\Windows\system32\regsvc.dll [156160 2015-10-30] (Microsoft Corporation) [File not signed] U3 RetailDemo; C:\Windows\system32\RDXService.dll [1073152 2015-10-30] (Microsoft Corporation) [File not signed] R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [79360 2015-10-30] (Microsoft Corporation) [File not signed] U3 RpcLocator; C:\Windows\system32\locator.exe [10752 2015-10-30] (Microsoft Corporation) [File not signed] R2 RpcSs; C:\Windows\system32\rpcss.dll [904704 2015-10-30] (Microsoft Corporation) [File not signed] U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-07-04] (Realtek Semiconductor) U4 SCardSvr; C:\Windows\System32\SCardSvr.dll [235520 2015-10-30] (Microsoft Corporation) [File not signed] U3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [181760 2015-10-30] (Microsoft Corporation) [File not signed] U2 Schedule; C:\Windows\system32\schedsvc.dll [1012224 2015-10-30] (Microsoft Corporation) [File not signed] U3 SCPolicySvc; C:\Windows\System32\certprop.dll [192000 2015-10-30] (Microsoft Corporation) [File not signed] U3 SDRSVC; C:\Windows\System32\SDRSVC.dll [150528 2015-10-30] (Microsoft Corporation) [File not signed] U3 seclogon; C:\Windows\system32\seclogon.dll [31232 2015-10-30] (Microsoft Corporation) [File not signed] R2 SENS; C:\Windows\System32\sens.dll [73216 2015-10-30] (Microsoft Corporation) [File not signed] U3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1297408 2015-10-30] (Microsoft Corporation) [File not signed] U3 SensorService; C:\Windows\system32\SensorService.dll [342016 2015-12-27] (Microsoft Corporation) [File not signed] U3 SensrSvc; C:\Windows\system32\sensrsvc.dll [180224 2015-10-30] (Microsoft Corporation) [File not signed] U3 SessionEnv; C:\Windows\system32\sessenv.dll [372736 2015-10-30] (Microsoft Corporation) [File not signed] U3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [313344 2015-10-30] (Microsoft Corporation) [File not signed] U4 SharedAccess; C:\Windows\System32\ipnathlp.dll [457728 2015-10-30] (Microsoft Corporation) [File not signed] U2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [608768 2015-10-30] (Microsoft Corporation) [File not signed] U2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [559616 2015-10-30] (Microsoft Corporation) [File not signed] U3 smphost; C:\Windows\System32\smphost.dll [23552 2015-10-30] (Microsoft Corporation) [File not signed] U3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2015-10-30] (Microsoft Corporation) [File not signed] U3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [590336 2015-10-30] (Microsoft Corporation) [File not signed] U3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [15872 2015-10-30] (Microsoft Corporation) [File not signed] R2 Spooler; C:\Windows\System32\spoolsv.exe [755712 2015-10-30] (Microsoft Corporation) [File not signed] U3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [239616 2015-10-30] (Microsoft Corporation) [File not signed] U3 SstpSvc; C:\Windows\system32\sstpsvc.dll [212480 2015-10-30] (Microsoft Corporation) [File not signed] U3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2745856 2015-10-30] (Microsoft Corporation) [File not signed] U3 StateRepository; C:\WINDOWS\SysWOW64\windows.staterepository.dll [2179584 2015-10-30] (Microsoft Corporation) [File not signed] U2 stisvc; C:\Windows\System32\wiaservc.dll [643584 2015-10-30] (Microsoft Corporation) [File not signed] U3 StorSvc; C:\Windows\system32\storsvc.dll [618496 2015-12-27] (Microsoft Corporation) [File not signed] U3 svsvc; C:\Windows\system32\svsvc.dll [13824 2015-10-30] (Microsoft Corporation) [File not signed] U3 swprv; C:\Windows\System32\swprv.dll [467456 2015-10-30] (Microsoft Corporation) [File not signed] U2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated) U2 SysMain; C:\Windows\system32\sysmain.dll [1088512 2015-10-30] (Microsoft Corporation) [File not signed] U2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [380416 2015-10-30] (Microsoft Corporation) [File not signed] U3 TabletInputService; C:\Windows\System32\TabSvc.dll [151040 2015-10-30] (Microsoft Corporation) [File not signed] U3 TapiSrv; C:\Windows\System32\tapisrv.dll [311808 2015-10-30] (Microsoft Corporation) [File not signed] U3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254976 2015-10-30] (Microsoft Corporation) [File not signed] U2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S3 TermService; C:\Windows\System32\termsrv.dll [1033216 2015-10-30] (Microsoft Corporation) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [59392 2015-10-30] (Microsoft Corporation) [File not signed] U3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation) [File not signed] U2 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [490496 2015-10-30] (Microsoft Corporation) [File not signed] U3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [164864 2015-10-30] (Microsoft Corporation) [File not signed] U2 TrkWks; C:\Windows\System32\trkwks.dll [115200 2015-10-30] (Microsoft Corporation) [File not signed] S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [121856 2015-10-30] (Microsoft Corporation) [File not signed] U4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2015-12-27] (Microsoft Corporation) [File not signed] U3 UI0Detect; C:\Windows\system32\UI0Detect.exe [43008 2015-10-30] (Microsoft Corporation) [File not signed] U3 UmRdpService; C:\Windows\System32\umrdp.dll [278016 2015-10-30] (Microsoft Corporation) [File not signed] U3 UnistoreSvc; C:\Windows\System32\unistore.dll [1223168 2015-12-27] (Microsoft Corporation) [File not signed] U3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [948224 2015-12-27] (Microsoft Corporation) [File not signed] U3 upnphost; C:\Windows\System32\upnphost.dll [452608 2015-10-30] (Microsoft Corporation) [File not signed] U3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [329216 2015-10-30] (Microsoft Corporation) [File not signed] U3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1491456 2015-10-30] (Microsoft Corporation) [File not signed] U2 UserManager; C:\Windows\System32\usermgr.dll [912384 2015-12-27] (Microsoft Corporation) [File not signed] U3 UsoSvc; C:\Windows\system32\usocore.dll [360960 2015-10-30] (Microsoft Corporation) [File not signed] U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [361984 2015-10-30] (Microsoft Corporation) [File not signed] U3 vds; C:\Windows\System32\vds.exe [667136 2015-10-30] (Microsoft Corporation) [File not signed] U3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) [File not signed] U3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) [File not signed] U3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) [File not signed] U3 vmicrdv; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) [File not signed] U3 vmicshutdown; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) [File not signed] U3 vmictimesync; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) [File not signed] U3 vmicvmsession; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) [File not signed] U3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) [File not signed] U3 VSS; C:\Windows\system32\vssvc.exe [1465344 2015-10-30] (Microsoft Corporation) [File not signed] U3 W32Time; C:\Windows\system32\w32time.dll [526848 2015-10-30] (Microsoft Corporation) [File not signed] U3 WalletService; C:\Windows\system32\WalletService.dll [497664 2015-10-30] (Microsoft Corporation) [File not signed] U3 wbengine; C:\Windows\system32\wbengine.exe [1570816 2015-10-30] (Microsoft Corporation) [File not signed] U2 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [621568 2015-10-30] (Microsoft Corporation) [File not signed] U2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [607232 2015-12-27] (Microsoft Corporation) [File not signed] U3 wcncsvc; C:\Windows\System32\wcncsvc.dll [471040 2015-10-30] (Microsoft Corporation) [File not signed] U3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [43008 2015-10-30] (Microsoft Corporation) [File not signed] U3 WcsPlugInService; C:\WINDOWS\SysWOW64\WcsPlugInService.dll [33792 2015-10-30] (Microsoft Corporation) [File not signed] U3 WdiServiceHost; C:\Windows\system32\wdi.dll [100352 2015-10-30] (Microsoft Corporation) [File not signed] U3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89600 2015-10-30] (Microsoft Corporation) [File not signed] U3 WdiSystemHost; C:\Windows\system32\wdi.dll [100352 2015-10-30] (Microsoft Corporation) [File not signed] U3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89600 2015-10-30] (Microsoft Corporation) [File not signed] U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) U3 WebClient; C:\Windows\System32\webclnt.dll [228864 2015-10-30] (Microsoft Corporation) [File not signed] U3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [199680 2015-10-30] (Microsoft Corporation) [File not signed] U3 Wecsvc; C:\Windows\system32\wecsvc.dll [211456 2015-10-30] (Microsoft Corporation) [File not signed] U3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [27648 2015-10-30] (Microsoft Corporation) [File not signed] U3 wercplsupport; C:\Windows\System32\wercplsupport.dll [96256 2015-10-30] (Microsoft Corporation) [File not signed] U3 WerSvc; C:\Windows\System32\WerSvc.dll [143360 2015-10-30] (Microsoft Corporation) [File not signed] U3 WiaRpc; C:\Windows\System32\wiarpc.dll [75264 2015-10-30] (Microsoft Corporation) [File not signed] U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) U2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [225280 2015-10-30] (Microsoft Corporation) [File not signed] U3 WinRM; C:\Windows\system32\WsmSvc.dll [2573824 2015-10-30] (Microsoft Corporation) [File not signed] U3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2177024 2015-10-30] (Microsoft Corporation) [File not signed] U2 WlanSvc; C:\Windows\System32\wlansvc.dll [2295808 2015-10-30] (Microsoft Corporation) [File not signed] U3 wlidsvc; C:\Windows\system32\wlidsvc.dll [2058240 2015-10-30] (Microsoft Corporation) [File not signed] U3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [202752 2015-10-30] (Microsoft Corporation) [File not signed] U3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1474560 2015-10-30] (Microsoft Corporation) [File not signed] U3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1872896 2015-10-30] (Microsoft Corporation) [File not signed] U3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [86528 2015-10-30] (Microsoft Corporation) [File not signed] U3 WpnService; C:\Windows\system32\WpnService.dll [49152 2015-10-30] (Microsoft Corporation) [File not signed] U2 wscsvc; C:\Windows\System32\wscsvc.dll [187904 2015-10-30] (Microsoft Corporation) [File not signed] U2 WSearch; C:\Windows\system32\SearchIndexer.exe [938496 2015-10-30] (Microsoft Corporation) [File not signed] U2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [759808 2015-10-30] (Microsoft Corporation) [File not signed] U3 wuauserv; C:\Windows\system32\wuaueng.dll [2280448 2015-12-27] (Microsoft Corporation) [File not signed] U3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [104448 2015-10-30] (Microsoft Corporation) [File not signed] U3 WwanSvc; C:\Windows\System32\wwansvc.dll [1212928 2015-12-27] (Microsoft Corporation) [File not signed] U3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [948224 2015-12-27] (Microsoft Corporation) [File not signed] U3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1130496 2015-10-30] (Microsoft Corporation) [File not signed] U3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1035776 2015-12-27] (Microsoft Corporation) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [235520 2015-10-30] (Microsoft Corporation) [File not signed] U3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [12288 2015-10-30] (Microsoft Corporation) [File not signed] U3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [14336 2015-10-30] (Microsoft Corporation) [File not signed] U3 acpitime; C:\Windows\System32\drivers\acpitime.sys [12800 2015-10-30] (Microsoft Corporation) [File not signed] U1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [218624 2015-10-30] (Microsoft Corporation) [File not signed] U3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [121856 2015-10-30] (Microsoft Corporation) [File not signed] U3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [119296 2015-10-30] (Microsoft Corporation) [File not signed] U3 AsyncMac; C:\Windows\System32\drivers\asyncmac.sys [28160 2015-10-30] (Microsoft Corporation) [File not signed] U3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-29] (Qualcomm Atheros Communications, Inc.) U1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [55808 2015-10-30] (Microsoft Corporation) [File not signed] U1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [41472 2015-10-30] (Microsoft Corporation) [File not signed] U3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [File not signed] U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [File not signed] U3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [105984 2015-10-30] (Microsoft Corporation) [File not signed] U3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [43008 2015-10-30] (Microsoft Corporation) [File not signed] U3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [65536 2015-10-30] (Microsoft Corporation) [File not signed] U3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2015-10-30] (Microsoft Corporation) [File not signed] U3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [65536 2015-10-30] (Microsoft Corporation) [File not signed] U3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [37376 2015-10-30] (Microsoft Corporation) [File not signed] U3 CapImg; C:\Windows\System32\drivers\capimg.sys [117248 2015-12-27] (Microsoft Corporation) [File not signed] U4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92672 2015-10-30] (Microsoft Corporation) [File not signed] U1 cdrom; C:\Windows\System32\drivers\cdrom.sys [173568 2015-10-30] (Microsoft Corporation) [File not signed] U3 circlass; C:\Windows\System32\drivers\circlass.sys [48640 2015-10-30] (Microsoft Corporation) [File not signed] U3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [29696 2015-10-30] (Microsoft Corporation) [File not signed] U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO) U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO) U1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO) U3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [40448 2015-10-30] (Microsoft Corporation) [File not signed] U1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [148480 2015-10-30] (Microsoft Corporation) [File not signed] U3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [33792 2015-10-30] (Microsoft Corporation) [File not signed] U3 ErrDev; C:\Windows\System32\drivers\errdev.sys [12288 2015-10-30] (Microsoft Corporation) [File not signed] U3 exfat; C:\Windows\System32\Drivers\exfat.sys [320000 2015-10-30] (Microsoft Corporation) [File not signed] U3 fdc; C:\Windows\System32\drivers\fdc.sys [32256 2015-10-30] (Microsoft Corporation) [File not signed] U1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [87040 2015-10-30] (Microsoft Corporation) [File not signed] U3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [35840 2015-10-30] (Microsoft Corporation) [File not signed] U3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [26112 2015-10-30] (Microsoft Corporation) [File not signed] U3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [13312 2015-10-30] (Microsoft Corporation) [File not signed] U3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-10-30] (Microsoft Corporation) [File not signed] U1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-10-30] (Microsoft Corporation) [File not signed] U3 HdAudAddService; C:\Windows\system32\DRIVERS\HdAudio.sys [404480 2015-10-30] (Microsoft Corporation) [File not signed] U3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [79872 2015-10-30] (Microsoft Corporation) [File not signed] U3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [28160 2015-10-30] (Microsoft Corporation) [File not signed] U3 HidBth; C:\Windows\System32\drivers\hidbth.sys [107520 2015-10-30] (Microsoft Corporation) [File not signed] U3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [51200 2015-10-30] (Microsoft Corporation) [File not signed] U3 HidIr; C:\Windows\System32\drivers\hidir.sys [46592 2015-10-30] (Microsoft Corporation) [File not signed] U3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [38400 2015-10-30] (Microsoft Corporation) [File not signed] U3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [16896 2015-10-30] (Microsoft Corporation) [File not signed] U3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [114688 2015-10-30] (Microsoft Corporation) [File not signed] U3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation) [File not signed] U3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation) [File not signed] U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [113152 2015-10-30] (Intel Corporation) [File not signed] U1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO) U3 intelppm; C:\Windows\System32\drivers\intelppm.sys [133632 2015-10-30] (Microsoft Corporation) [File not signed] U3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-10-30] (Microsoft Corporation) [File not signed] U3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [85504 2015-10-30] (Microsoft Corporation) [File not signed] U3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [81408 2015-10-30] (Microsoft Corporation) [File not signed] U3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [143360 2015-10-30] (Microsoft Corporation) [File not signed] U3 IRENUM; C:\Windows\System32\drivers\irenum.sys [19456 2015-10-30] (Microsoft Corporation) [File not signed] U3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [36864 2015-10-30] (Microsoft Corporation) [File not signed] U3 kdnic; C:\Windows\System32\drivers\kdnic.sys [23040 2015-10-30] (Microsoft Corporation) [File not signed] U3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [26112 2015-10-30] (Microsoft Corporation) [File not signed] U2 lltdio; C:\Windows\System32\drivers\lltdio.sys [64000 2015-10-30] (Microsoft Corporation) [File not signed] U2 luafv; C:\Windows\system32\drivers\luafv.sys [126464 2015-10-30] (Microsoft Corporation) [File not signed] U3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-28] (Visicom Media Inc.) U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2016-01-03] (Malwarebytes) U3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2016-01-03] (Malwarebytes Corporation) U3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.) U2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [47616 2015-10-30] (Microsoft Corporation) [File not signed] U3 Modem; C:\Windows\System32\drivers\modem.sys [41984 2015-10-30] (Microsoft Corporation) [File not signed] U3 monitor; C:\Windows\System32\drivers\monitor.sys [38400 2015-10-30] (Microsoft Corporation) [File not signed] U3 mouhid; C:\Windows\System32\drivers\mouhid.sys [32256 2015-10-30] (Microsoft Corporation) [File not signed] U3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [76288 2015-10-30] (Microsoft Corporation) [File not signed] U3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [144384 2015-10-30] (Microsoft Corporation) [File not signed] U2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2015-10-30] (Microsoft Corporation) [File not signed] U3 MsBridge; C:\Windows\System32\drivers\bridge.sys [114688 2015-10-30] (Microsoft Corporation) [File not signed] U3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8704 2015-10-30] (Microsoft Corporation) [File not signed] U3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [11776 2015-10-30] (Microsoft Corporation) [File not signed] U3 MSKSSRV; C:\Windows\system32\DRIVERS\MSKSSRV.sys [13824 2015-10-30] (Microsoft Corporation) [File not signed] U2 MsLldp; C:\Windows\System32\drivers\mslldp.sys [81920 2015-10-30] (Microsoft Corporation) [File not signed] U3 MSPCLOCK; C:\Windows\system32\DRIVERS\MSPCLOCK.sys [10752 2015-10-30] (Microsoft Corporation) [File not signed] U3 MSPQM; C:\Windows\system32\DRIVERS\MSPQM.sys [10752 2015-10-30] (Microsoft Corporation) [File not signed] U3 MSTEE; C:\Windows\system32\DRIVERS\MSTEE.sys [12800 2015-10-30] (Microsoft Corporation) [File not signed] U3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [15872 2015-10-30] (Microsoft Corporation) [File not signed] U3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [530432 2015-10-30] (Microsoft Corporation) [File not signed] U3 NdisCap; C:\Windows\System32\drivers\ndiscap.sys [50176 2015-10-30] (Microsoft Corporation) [File not signed] U3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [126976 2015-10-30] (Microsoft Corporation) [File not signed] U3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [25600 2015-10-30] (Microsoft Corporation) [File not signed] U3 Ndisuio; C:\Windows\System32\drivers\ndisuio.sys [63488 2015-10-30] (Microsoft Corporation) [File not signed] U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [20480 2015-10-30] (Microsoft Corporation) [File not signed] U3 NdisWan; C:\Windows\System32\drivers\ndiswan.sys [188928 2015-10-30] (Microsoft Corporation) [File not signed] U3 ndiswanlegacy; C:\Windows\System32\DRIVERS\ndiswan.sys [188928 2015-10-30] (Microsoft Corporation) [File not signed] U3 ndproxy; C:\Windows\System32\DRIVERS\NDProxy.sys [60928 2015-10-30] (Microsoft Corporation) [File not signed] U2 Ndu; C:\Windows\System32\drivers\Ndu.sys [124928 2015-10-30] (Microsoft Corporation) [File not signed] U1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [279552 2015-10-30] (Microsoft Corporation) [File not signed] U1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [26624 2015-10-30] (Microsoft Corporation) [File not signed] U1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [40960 2015-10-30] (Microsoft Corporation) [File not signed] U1 Null; C:\Windows\System32\Drivers\Null.sys [7168 2015-10-30] (Microsoft Corporation) [File not signed] U3 Parport; C:\Windows\System32\drivers\parport.sys [96768 2015-10-30] (Microsoft Corporation) [File not signed] U2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [721408 2015-10-30] (Microsoft Corporation) [File not signed] U3 PptpMiniport; C:\Windows\System32\drivers\raspptp.sys [95744 2015-10-30] (Microsoft Corporation) [File not signed] U3 Processor; C:\Windows\System32\drivers\processr.sys [118272 2015-10-30] (Microsoft Corporation) [File not signed] U3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2016-01-04] (The OpenVPN Project) [File not signed] U3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [48640 2015-10-30] (Microsoft Corporation) [File not signed] U3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2015-10-30] (Microsoft Corporation) [File not signed] U3 RasAgileVpn; C:\Windows\System32\drivers\AgileVpn.sys [105472 2015-10-30] (Microsoft Corporation) [File not signed] U3 Rasl2tp; C:\Windows\System32\drivers\rasl2tp.sys [104960 2015-10-30] (Microsoft Corporation) [File not signed] U3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [81408 2015-10-30] (Microsoft Corporation) [File not signed] U3 RasSstp; C:\Windows\System32\drivers\rassstp.sys [78336 2015-10-30] (Microsoft Corporation) [File not signed] U3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [26112 2015-10-30] (Microsoft Corporation) [File not signed] U3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [173056 2015-10-30] (Microsoft Corporation) [File not signed] U3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.) U2 rspndr; C:\Windows\System32\drivers\rspndr.sys [80896 2015-10-30] (Microsoft Corporation) [File not signed] U3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            ) [File not signed] U3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [8704 2015-10-30] (Microsoft Corporation) [File not signed] U1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) U1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) U3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [43008 2015-10-30] (Microsoft Corporation) [File not signed] U3 Serenum; C:\Windows\System32\drivers\serenum.sys [25088 2015-10-30] (Microsoft Corporation) [File not signed] U3 Serial; C:\Windows\System32\drivers\serial.sys [83968 2015-10-30] (Microsoft Corporation) [File not signed] U3 sermouse; C:\Windows\System32\drivers\sermouse.sys [27648 2015-10-30] (Microsoft Corporation) [File not signed] U3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [18432 2015-10-30] (Microsoft Corporation) [File not signed] U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated) U2 srv; C:\Windows\System32\DRIVERS\srv.sys [407552 2015-10-30] (Microsoft Corporation) [File not signed] U3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [690688 2015-10-30] (Microsoft Corporation) [File not signed] U3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [235520 2015-10-30] (Microsoft Corporation) [File not signed] U2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [78848 2015-10-30] (Microsoft Corporation) [File not signed] U3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [64000 2015-10-30] (Microsoft Corporation) [File not signed] U2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [52224 2015-10-30] (Microsoft Corporation) [File not signed] U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-05] () U3 tsusbflt; C:\Windows\System32\drivers\TsUsbFlt.sys [61952 2015-10-30] (Microsoft Corporation) [File not signed] U3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [33280 2015-10-30] (Microsoft Corporation) [File not signed] U3 tunnel; C:\Windows\System32\drivers\tunnel.sys [153600 2015-10-30] (Microsoft Corporation) [File not signed] U3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-10-30] (Microsoft Corporation) [File not signed] U3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46592 2015-10-30] (Microsoft Corporation) [File not signed] U3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation) [File not signed] U4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [321024 2015-10-30] (Microsoft Corporation) [File not signed] U3 umbus; C:\Windows\System32\drivers\umbus.sys [56832 2015-10-30] (Microsoft Corporation) [File not signed] U3 UmPass; C:\Windows\System32\drivers\umpass.sys [13824 2015-10-30] (Microsoft Corporation) [File not signed] U3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [131584 2015-10-30] (Microsoft Corporation) [File not signed] U3 usbcir; C:\Windows\System32\drivers\usbcir.sys [102400 2015-10-30] (Microsoft Corporation) [File not signed] U3 usbohci; C:\Windows\System32\drivers\usbohci.sys [29696 2015-10-30] (Microsoft Corporation) [File not signed] U3 usbprint; C:\Windows\System32\drivers\usbprint.sys [27648 2015-10-30] (Microsoft Corporation) [File not signed] U3 usbser; C:\Windows\System32\drivers\usbser.sys [67072 2015-10-30] (Microsoft Corporation) [File not signed] U3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [35328 2015-10-30] (Microsoft Corporation) [File not signed] U3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [221184 2015-10-30] (Microsoft Corporation) [File not signed] U3 vhf; C:\Windows\System32\drivers\vhf.sys [31744 2015-10-30] (Microsoft Corporation) [File not signed] U3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [25088 2015-10-30] (Microsoft Corporation) [File not signed] U3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [26624 2015-10-30] (Microsoft Corporation) [File not signed] U1 vwififlt; C:\Windows\System32\drivers\vwififlt.sys [74240 2015-10-30] (Microsoft Corporation) [File not signed] U3 vwifimp; C:\Windows\System32\drivers\vwifimp.sys [39936 2015-10-30] (Microsoft Corporation) [File not signed] U3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [30208 2015-10-30] (Microsoft Corporation) [File not signed] U3 wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [79872 2015-10-30] (Microsoft Corporation) [File not signed] U3 wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [79872 2015-10-30] (Microsoft Corporation) [File not signed] U2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider) U3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) U3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) U3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [694784 2015-10-30] (Microsoft Corporation) [File not signed] U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [89088 2015-10-30] (Microsoft Corporation) [File not signed] U3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP) U3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [18432 2015-10-30] (Microsoft Corporation) [File not signed] U4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22528 2015-10-30] (Microsoft Corporation) [File not signed] U3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [98816 2015-10-30] (Microsoft Corporation) [File not signed] U3 WUDFRd; C:\Windows\System32\drivers\WudfRd.sys [216064 2015-10-30] (Microsoft Corporation) [File not signed] U3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) [File not signed] U3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) [File not signed] U3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [238592 2015-10-30] (Microsoft Corporation) [File not signed] U3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [26112 2015-10-30] (Microsoft Corporation) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-06 19:54 - 2016-01-06 19:55 - 00054256 _____ C:\Users\Uyen\Desktop\FRST.txt 2016-01-06 19:47 - 2016-01-06 19:47 - 00000000 ____D C:\Users\Uyen\AppData\Local\CrashRpt 2016-01-05 23:19 - 2016-01-05 23:19 - 00007605 _____ C:\Users\Uyen\AppData\Local\Resmon.ResmonCfg 2016-01-05 22:47 - 2016-01-05 23:00 - 00000000 ____D C:\ProgramData\RogueKiller 2016-01-05 22:47 - 2016-01-05 22:47 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2016-01-05 22:44 - 2016-01-05 23:26 - 01599336 _____ (Malwarebytes) C:\Users\Uyen\Desktop\JRT.exe 2016-01-05 22:44 - 2016-01-05 23:01 - 01749504 _____ C:\Users\Uyen\Desktop\adwcleaner_5.028.exe 2016-01-05 22:43 - 2016-01-05 22:47 - 20835400 _____ C:\Users\Uyen\Desktop\RogueKiller.exe 2016-01-04 01:04 - 2016-01-04 01:05 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies 2016-01-04 01:04 - 2016-01-04 01:04 - 27410968 _____ (OpenVPN Technologies) C:\Users\Uyen\Downloads\privatetunnel-win-2.4.exe 2016-01-04 01:03 - 2016-01-04 01:12 - 00000000 ____D C:\ProgramData\Betternet 2016-01-04 01:03 - 2016-01-04 01:03 - 00002026 _____ C:\Users\Uyen\Desktop\Betternet.lnk 2016-01-04 01:03 - 2016-01-04 01:03 - 00000000 ____D C:\Users\Uyen\AppData\Local\Downloaded Installations 2016-01-04 01:03 - 2016-01-04 01:03 - 00000000 ____D C:\Users\Uyen\AppData\Local\Betternet_Technologies_In 2016-01-04 01:03 - 2016-01-04 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2016-01-04 01:03 - 2016-01-04 01:03 - 00000000 ____D C:\Program Files\TAP-Windows 2016-01-04 01:03 - 2016-01-04 01:03 - 00000000 ____D C:\Program Files (x86)\OpenVPN 2016-01-04 01:03 - 2016-01-04 01:03 - 00000000 ____D C:\Program Files (x86)\Betternet 2016-01-04 01:02 - 2016-01-04 01:02 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\Uyen\Downloads\BetternetForWindows.exe 2016-01-04 00:46 - 2016-01-04 00:54 - 00000000 ____D C:\FRST 2016-01-04 00:46 - 2016-01-04 00:46 - 02370560 _____ (Farbar) C:\Users\Uyen\Desktop\FRST64.exe 2016-01-04 00:42 - 2016-01-04 00:43 - 01745920 _____ C:\Users\Uyen\Desktop\adwcleaner_5.027.exe 2016-01-04 00:29 - 2016-01-04 00:29 - 00199744 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-01-04 00:17 - 2016-01-06 19:53 - 00016062 _____ C:\WINDOWS\system32\Drivers\fvstore.dat 2016-01-04 00:17 - 2016-01-04 00:17 - 00000000 ___HD C:\VTRoot 2016-01-04 00:16 - 2016-01-04 00:17 - 26932051 _____ C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe 2016-01-03 23:56 - 2016-01-06 19:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-01-03 23:56 - 2016-01-03 23:56 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-01-03 23:56 - 2016-01-03 23:56 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-01-03 23:56 - 2016-01-03 23:56 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-01-03 23:56 - 2016-01-03 23:56 - 00001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-03 23:56 - 2016-01-03 23:56 - 00001167 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-03 23:56 - 2016-01-03 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-03 23:56 - 2016-01-03 23:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-03 23:56 - 2016-01-03 23:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-01-03 23:54 - 2016-01-06 19:55 - 01373024 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2016-01-03 23:54 - 2016-01-03 23:54 - 00001888 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk 2016-01-03 23:54 - 2016-01-03 23:54 - 00001888 _____ C:\ProgramData\Desktop\COMODO Antivirus.lnk 2016-01-03 23:54 - 2016-01-03 23:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO 2016-01-03 23:54 - 2016-01-03 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-01-03 23:53 - 2016-01-03 23:53 - 00000000 ____D C:\ProgramData\Shared Space 2016-01-03 23:53 - 2016-01-03 23:53 - 00000000 ____D C:\Program Files\COMODO 2016-01-03 23:52 - 2016-01-03 23:55 - 22908888 _____ (Malwarebytes ) C:\Users\Uyen\Downloads\mbam-setup-2.2.0.1024.exe 2016-01-03 23:52 - 2016-01-03 23:54 - 00000000 ____D C:\ProgramData\Comodo 2016-01-03 23:50 - 2016-01-03 23:51 - 217812536 _____ (COMODO) C:\Users\Uyen\Downloads\cav_installer_5951_60.exe 2016-01-03 17:46 - 2016-01-03 17:46 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Bot 6.0 2016-01-03 14:11 - 2016-01-03 14:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2016-01-02 23:52 - 2016-01-02 23:52 - 00000176 _____ C:\Users\Uyen\Documents\cc_20160102_205224.reg 2016-01-02 23:52 - 2016-01-02 23:52 - 00000082 _____ C:\Users\Uyen\Documents\cc_20160102_205216.reg 2016-01-02 23:51 - 2016-01-02 23:52 - 00002458 _____ C:\Users\Uyen\Documents\cc_20160102_205156.reg 2016-01-02 23:51 - 2016-01-02 23:51 - 00003850 _____ C:\Users\Uyen\Documents\cc_20160102_205138.reg 2016-01-02 10:55 - 2016-01-02 10:55 - 00001424 _____ C:\Users\Uyen\Desktop\ROBLOX Player.lnk 2016-01-02 10:54 - 2016-01-02 11:02 - 00000000 ____D C:\Users\Uyen\AppData\Local\Roblox 2016-01-02 10:54 - 2016-01-02 11:01 - 00000248 _____ C:\Users\Uyen\AppData\LocalLow\rbxcsettings.rbx 2016-01-02 10:54 - 2016-01-02 10:55 - 00001239 _____ C:\Users\Uyen\Desktop\ROBLOX Studio.lnk 2016-01-02 10:54 - 2016-01-02 10:55 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2016-01-02 10:54 - 2016-01-02 10:54 - 00969584 _____ (ROBLOX Corporation) C:\Users\Uyen\Downloads\RobloxPlayerLauncher.exe 2016-01-02 00:43 - 2016-01-04 21:31 - 00002252 _____ C:\Users\Uyen\Desktop\Camfrog Video Chat.lnk 2016-01-01 22:16 - 2016-01-01 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-01-01 22:15 - 2016-01-01 22:16 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-12-30 23:50 - 2016-01-04 21:19 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Camfrog Bot 2015-12-30 23:50 - 2016-01-04 00:10 - 00002133 _____ C:\Users\Uyen\Desktop\Camfrog Bot 6.0.lnk 2015-12-30 23:50 - 2015-12-30 23:50 - 00000000 ____D C:\ProgramData\Camfrog Bot 2015-12-30 23:49 - 2015-12-30 23:49 - 12476120 _____ (Camshare Inc.) C:\Users\Uyen\Downloads\camfrog_bot_setup.exe 2015-12-30 22:15 - 2016-01-05 23:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-30 22:15 - 2016-01-02 22:02 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-12-30 22:15 - 2016-01-02 12:35 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-12-30 22:15 - 2015-12-30 22:15 - 00003948 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-12-30 22:15 - 2015-12-30 22:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2015-12-30 22:15 - 2015-12-30 22:15 - 00000000 ____D C:\ProgramData\McAfee 2015-12-30 22:14 - 2016-01-02 22:02 - 00000000 ____D C:\Users\Uyen\AppData\Local\Adobe 2015-12-29 23:09 - 2016-01-05 23:09 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e8c52fdd-737d-4143-9965-f90f5ab31ade.job 2015-12-29 23:09 - 2015-12-29 23:09 - 00003736 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e8c52fdd-737d-4143-9965-f90f5ab31ade 2015-12-29 23:08 - 2016-01-05 23:08 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 27ec92d3-7b88-4955-bd0a-b7da2b738a53.job 2015-12-29 23:08 - 2015-12-29 23:08 - 00003736 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 27ec92d3-7b88-4955-bd0a-b7da2b738a53 2015-12-29 22:34 - 2015-12-29 22:34 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 2015-12-29 22:25 - 2015-12-29 22:25 - 00000000 ____D C:\SUPERDelete 2015-12-29 21:21 - 2015-12-29 21:21 - 00001378 _____ C:\Users\Uyen\Desktop\Movie Maker.lnk 2015-12-29 21:11 - 2015-12-29 21:11 - 00002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-12-29 21:11 - 2015-12-29 21:11 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-12-29 21:11 - 2015-12-29 21:11 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-12-29 21:11 - 2015-12-29 21:11 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-12-29 21:11 - 2015-12-29 21:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-12-29 21:11 - 2015-12-29 21:11 - 00000000 ____D C:\WINDOWS\en 2015-12-29 21:11 - 2015-12-29 21:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-12-29 21:10 - 2015-12-29 21:11 - 00000000 ____D C:\Program Files (x86)\Windows Live 2015-12-29 21:10 - 2015-12-29 21:10 - 00000000 ____D C:\WINDOWS\PCHEALTH 2015-12-29 21:10 - 2015-12-29 21:10 - 00000000 ____D C:\Program Files\Windows Live 2015-12-29 21:09 - 2010-06-02 07:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2015-12-29 21:09 - 2010-06-02 07:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2015-12-29 21:09 - 2010-06-02 07:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2015-12-29 21:09 - 2010-06-02 07:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2015-12-29 21:09 - 2010-05-26 14:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2015-12-29 21:09 - 2010-05-26 14:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2015-12-29 21:09 - 2010-05-26 14:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2015-12-29 21:09 - 2010-05-26 14:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2015-12-29 21:09 - 2009-09-04 20:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2015-12-29 21:09 - 2009-09-04 20:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2015-12-29 21:09 - 2006-11-29 16:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2015-12-29 21:09 - 2006-11-29 16:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2015-12-29 21:08 - 2015-12-29 21:12 - 00000000 ____D C:\Users\Uyen\AppData\Local\Windows Live 2015-12-29 21:07 - 2015-12-29 21:07 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-12-29 21:07 - 2015-12-29 21:07 - 00000000 ____D C:\Program Files\MSBuild 2015-12-29 21:07 - 2015-12-29 21:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-12-29 21:07 - 2015-12-29 21:07 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-12-29 21:05 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-12-29 21:05 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-12-29 21:05 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-12-29 21:05 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-12-29 21:05 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-12-29 21:05 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-12-29 21:04 - 2015-12-29 21:04 - 01239752 _____ (Microsoft Corporation) C:\Users\Uyen\Downloads\wlsetup-web.exe 2015-12-29 20:16 - 2015-12-29 20:59 - 00000000 ____D C:\Users\Uyen\Documents\Sound recordings 2015-12-29 15:24 - 2015-12-29 15:24 - 00000000 ____D C:\Users\Uyen\Tracing 2015-12-29 15:20 - 2016-01-05 22:47 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Skype 2015-12-29 15:20 - 2015-12-29 15:26 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-29 15:20 - 2015-12-29 15:20 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-29 15:20 - 2015-12-29 15:20 - 00002640 _____ C:\ProgramData\Desktop\Skype.lnk 2015-12-29 15:20 - 2015-12-29 15:20 - 00000000 ____D C:\ProgramData\Skype 2015-12-29 15:20 - 2015-12-29 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-29 15:19 - 2015-12-29 15:19 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Uyen\Downloads\SkypeSetup.exe 2015-12-29 12:52 - 2016-01-05 23:20 - 00000000 ____D C:\AdwCleaner 2015-12-29 00:39 - 2015-12-29 00:40 - 06805328 _____ (Piriform Ltd) C:\Users\Uyen\Downloads\ccsetup513.exe 2015-12-29 00:02 - 2016-01-04 00:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-12-29 00:02 - 2015-12-29 00:02 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2015-12-29 00:02 - 2015-12-29 00:02 - 00001096 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2015-12-29 00:02 - 2015-12-29 00:02 - 00001096 _____ C:\ProgramData\Desktop\TeamViewer 11.lnk 2015-12-29 00:02 - 2015-12-29 00:02 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\TeamViewer 2015-12-29 00:02 - 2015-11-16 10:18 - 00035112 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys 2015-12-28 23:47 - 2015-12-28 23:48 - 09616448 _____ (TeamViewer GmbH) C:\Users\Uyen\Downloads\TeamViewer_Setup_en.exe 2015-12-28 21:58 - 2015-12-28 21:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-12-28 21:54 - 2015-12-28 21:54 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Macromedia 2015-12-28 21:35 - 2016-01-04 00:22 - 00001084 _____ C:\Users\Public\Desktop\WebcamMax.lnk 2015-12-28 21:35 - 2016-01-04 00:22 - 00001084 _____ C:\ProgramData\Desktop\WebcamMax.lnk 2015-12-28 21:35 - 2016-01-04 00:07 - 00000000 ____D C:\ProgramData\WebcamMax 2015-12-28 21:35 - 2015-12-28 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebcamMax 2015-12-28 21:34 - 2015-12-28 21:35 - 00000000 ____D C:\Program Files (x86)\WebcamMax 2015-12-28 21:33 - 2016-01-05 13:32 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 81e428b7-9462-4c80-bf1e-60e76c0b04e5.job 2015-12-28 21:33 - 2016-01-03 05:00 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5875f35f-da55-43d0-ab50-c2ba7a1c83ba.job 2015-12-28 21:33 - 2015-12-28 21:33 - 00003734 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 5875f35f-da55-43d0-ab50-c2ba7a1c83ba 2015-12-28 21:33 - 2015-12-28 21:33 - 00003652 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 81e428b7-9462-4c80-bf1e-60e76c0b04e5 2015-12-28 21:33 - 2015-12-28 21:33 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\SUPERAntiSpyware.com 2015-12-28 21:32 - 2016-01-03 11:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-12-28 21:32 - 2015-12-28 21:32 - 24305592 _____ (SUPERAntiSpyware) C:\Users\Uyen\Downloads\SUPERAntiSpywarePro.exe 2015-12-28 21:32 - 2015-12-28 21:32 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2015-12-28 21:32 - 2015-12-28 21:32 - 00001849 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Professional.lnk 2015-12-28 21:32 - 2015-12-28 21:32 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2015-12-28 21:32 - 2015-12-28 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-12-28 21:18 - 2015-12-28 21:18 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\WebcamMax 2015-12-28 21:11 - 2016-01-05 21:45 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Camfrog 2015-12-28 21:11 - 2016-01-02 00:43 - 00000000 ____D C:\ProgramData\Camfrog Update 2015-12-28 21:11 - 2015-12-30 23:50 - 00000000 ____D C:\Program Files (x86)\Camfrog 2015-12-28 21:11 - 2015-12-28 21:11 - 00000000 ____D C:\Users\Uyen\AppData\Local\Camfrog 2015-12-28 21:08 - 2015-12-28 21:27 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\ManyCam 2015-12-28 21:08 - 2015-12-28 21:27 - 00000000 ____D C:\ProgramData\ManyCam 2015-12-28 21:07 - 2015-12-28 21:07 - 00000061 _____ C:\prefs.js 2015-12-28 21:01 - 2015-12-08 22:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-28 20:57 - 2015-12-28 20:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2015-12-28 20:44 - 2015-12-28 20:45 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-28 20:44 - 2015-11-23 22:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-28 14:08 - 2015-12-28 14:08 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-28 14:08 - 2015-12-28 14:08 - 00002328 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2015-12-28 14:08 - 2015-12-28 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-28 14:07 - 2016-01-06 19:47 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-28 14:07 - 2016-01-05 22:13 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-28 14:07 - 2015-12-28 23:55 - 00000000 ____D C:\Users\Uyen\AppData\Local\Google 2015-12-28 14:07 - 2015-12-28 14:08 - 00000000 ____D C:\Program Files (x86)\Google 2015-12-28 14:07 - 2015-12-28 14:07 - 00927824 _____ (Google Inc.) C:\Users\Uyen\Downloads\ChromeSetup.exe 2015-12-28 14:07 - 2015-12-28 14:07 - 00003962 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-28 14:07 - 2015-12-28 14:07 - 00003730 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-28 14:03 - 2015-12-28 14:06 - 00000000 ____D C:\Users\Uyen\AppData\Local\MicrosoftEdge 2015-12-28 14:02 - 2015-12-28 21:30 - 00002356 _____ C:\Users\Uyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-28 14:02 - 2015-12-28 14:02 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-12-28 13:54 - 2015-12-28 13:54 - 00003224 _____ C:\WINDOWS\System32\Tasks\RtHDVBg 2015-12-28 13:54 - 2015-12-28 13:54 - 00003196 _____ C:\WINDOWS\System32\Tasks\RTKCPL 2015-12-28 13:54 - 2015-12-28 13:54 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2015-12-28 13:54 - 2015-12-28 13:54 - 00000000 ____D C:\WINDOWS\system32\SRSLabs 2015-12-28 13:54 - 2015-12-28 13:54 - 00000000 ____D C:\ProgramData\USOShared 2015-12-28 13:54 - 2015-12-28 13:54 - 00000000 ____D C:\Program Files\Realtek 2015-12-27 01:20 - 2015-12-27 01:20 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2015-12-27 01:19 - 2015-12-27 01:19 - 00000000 ____D C:\Users\Uyen\AppData\Local\ActiveSync 2015-12-27 01:18 - 2015-12-27 01:18 - 00000000 ____D C:\Users\Uyen\AppData\Local\Publishers 2015-12-27 01:17 - 2016-01-06 19:47 - 00000000 __SHD C:\Users\Uyen\IntelGraphicsProfiles 2015-12-27 01:17 - 2015-12-29 13:07 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-27 01:17 - 2015-12-27 01:17 - 00000000 ____D C:\Users\Uyen\AppData\Local\Comms 2015-12-27 01:16 - 2015-12-27 01:23 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-12-27 01:16 - 2015-12-27 01:16 - 00000020 ___SH C:\Users\Uyen\ntuser.ini 2015-12-27 01:16 - 2015-12-27 01:16 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Synaptics 2015-12-27 01:16 - 2015-12-27 01:16 - 00000000 ____D C:\Users\Uyen\AppData\Local\TileDataLayer 2015-12-27 01:16 - 2015-12-27 01:16 - 00000000 ____D C:\ProgramData\Synaptics 2015-12-27 01:13 - 2016-01-05 23:53 - 01190954 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-27 01:13 - 2015-12-27 01:13 - 00000000 _SHDL C:\Users\Default\My Documents 2015-12-27 01:13 - 2015-12-27 01:13 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2015-12-27 01:13 - 2015-12-27 01:13 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2015-12-27 01:13 - 2015-12-27 01:13 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2015-12-27 01:13 - 2015-12-27 01:13 - 00000000 _SHDL C:\Users\Default User\My Documents 2015-12-27 01:13 - 2015-12-27 01:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2015-12-27 01:13 - 2015-12-27 01:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2015-12-27 01:13 - 2015-12-27 01:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2015-12-27 01:11 - 2016-01-05 23:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-27 01:11 - 2015-12-27 01:11 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-12-27 01:06 - 2015-12-27 01:06 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-27 01:04 - 2015-12-27 01:04 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2015-12-27 01:03 - 2016-01-05 23:11 - 00000000 ____D C:\Users\Uyen 2015-12-27 01:03 - 2015-12-27 01:03 - 00000000 _SHDL C:\Users\Uyen\My Documents 2015-12-27 01:03 - 2015-12-27 01:03 - 00000000 _SHDL C:\Users\Uyen\Documents\My Videos 2015-12-27 01:03 - 2015-12-27 01:03 - 00000000 _SHDL C:\Users\Uyen\Documents\My Pictures 2015-12-27 01:03 - 2015-12-27 01:03 - 00000000 _SHDL C:\Users\Uyen\Documents\My Music 2015-12-27 01:00 - 2015-12-27 01:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2015-12-27 01:00 - 2015-12-27 01:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-12-27 01:00 - 2015-12-27 01:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2015-12-27 01:00 - 2015-12-27 01:00 - 00000000 ____D C:\Program Files\Synaptics 2015-12-27 01:00 - 2015-12-27 01:00 - 00000000 ____D C:\Program Files\Intel 2015-12-27 01:00 - 2015-08-27 21:20 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2015-12-27 01:00 - 2015-08-27 21:20 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2015-12-27 00:59 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-12-27 00:55 - 2015-12-29 00:47 - 00000000 ___DC C:\WINDOWS\Panther 2015-12-27 00:51 - 2015-12-27 00:51 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2015-12-27 00:51 - 2015-12-27 00:51 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2015-12-27 00:51 - 2015-12-27 00:51 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-27 00:51 - 2015-12-27 00:51 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-27 00:51 - 2015-12-27 00:51 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-27 00:51 - 2015-12-27 00:51 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL 2015-12-27 00:51 - 2015-12-27 00:51 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2015-12-27 00:51 - 2015-12-27 00:51 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-12-27 00:51 - 2015-12-27 00:51 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2015-12-27 00:51 - 2015-12-27 00:51 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2015-12-27 00:51 - 2015-12-27 00:51 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-27 00:51 - 2015-12-27 00:51 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-12-27 00:51 - 2015-12-27 00:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys 2015-12-27 00:51 - 2015-12-27 00:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2015-12-27 00:51 - 2015-12-27 00:51 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-27 00:50 - 2015-12-27 00:50 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-27 00:50 - 2015-12-27 00:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-12-27 00:50 - 2015-12-27 00:50 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-12-27 00:50 - 2015-12-27 00:50 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys 2015-12-27 00:50 - 2015-12-27 00:50 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-27 00:50 - 2015-12-27 00:50 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2015-12-27 00:50 - 2015-12-27 00:50 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe 2015-12-27 00:50 - 2015-12-27 00:50 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2015-12-27 00:47 - 2015-12-27 00:47 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-12-27 00:36 - 2015-12-27 01:12 - 00009528 _____ C:\WINDOWS\diagwrn.xml 2015-12-27 00:36 - 2015-12-27 01:12 - 00009528 _____ C:\WINDOWS\diagerr.xml 2015-12-27 00:07 - 2015-12-27 01:11 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements 2015-12-27 00:07 - 2015-12-27 00:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2015-12-26 23:44 - 2015-12-27 01:11 - 00002804 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-363019609-69000041-377191451-1001 2015-12-26 23:44 - 2015-12-26 23:44 - 00000000 ____D C:\Program Files (x86)\Intel 2015-12-26 23:44 - 2015-12-26 23:44 - 00000000 ____D C:\Intel 2015-12-26 23:43 - 2015-12-26 23:43 - 00000000 ____D C:\Users\Uyen\AppData\Local\GWX 2015-12-26 23:42 - 2015-12-28 21:30 - 00000000 ___RD C:\Users\Uyen\OneDrive 2015-12-26 23:38 - 2015-12-29 22:29 - 00000000 ____D C:\Users\Uyen\AppData\Local\Packages 2015-12-26 23:38 - 2015-12-26 23:38 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Adobe 2015-12-26 23:38 - 2015-12-26 23:38 - 00000000 ____D C:\Users\Uyen\AppData\Local\VirtualStore 2015-12-26 23:34 - 2015-03-13 20:51 - 00015360 ____N (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-06 19:52 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-01-06 19:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-01-05 23:53 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF 2016-01-05 23:47 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-01-05 13:45 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-01-05 13:43 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-01-05 13:43 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-04 01:04 - 2015-10-30 01:28 - 00000000 ____D C:\Windows 2016-01-04 01:04 - 2015-01-26 12:29 - 00027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\ptun0901.sys 2016-01-04 01:03 - 2013-08-22 07:40 - 00040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys 2016-01-04 00:28 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages 2015-12-30 20:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache 2015-12-29 21:10 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-28 14:02 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2015-12-28 13:54 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat 2015-12-28 13:54 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate 2015-12-27 01:17 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-12-27 01:17 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2015-12-27 01:17 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-12-27 01:17 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-12-27 01:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-12-27 01:13 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-27 01:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration 2015-12-27 01:09 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-27 01:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-12-27 01:06 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\et-EE 2015-12-27 01:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-12-27 01:05 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2015-12-27 01:05 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-12-27 01:04 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\InputMethod 2015-12-27 01:04 - 2014-11-21 10:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager 2015-12-27 01:04 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2015-12-27 01:04 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS 2015-12-27 01:03 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-12-27 00:56 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2015-12-27 00:55 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-12-27 00:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-12-27 00:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-12-27 00:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning 2015-12-27 00:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2015-12-27 00:51 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-12-27 00:51 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-12-27 00:36 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT ==================== Files in the root of some directories ======= 2016-01-05 23:19 - 2016-01-05 23:19 - 0007605 _____ () C:\Users\Uyen\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Uyen\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe [2015-10-30 02:17] - [2015-10-30 02:17] - 0584704 ____A (Microsoft Corporation) 46C8E60DEDBDA95C102D1B2E74676578 C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe [2015-10-30 02:17] - [2015-10-30 02:17] - 0030720 ____A (Microsoft Corporation) 8F3ECCB5DC878FA14887B43CD148CBA9 C:\WINDOWS\SysWOW64\userinit.exe [2015-10-30 02:18] - [2015-10-30 02:18] - 0026112 ____A (Microsoft Corporation) A878CF325C93723B5017642E6FDB80E8 C:\WINDOWS\system32\rpcss.dll [2015-10-30 02:17] - [2015-10-30 02:17] - 0904704 ____A (Microsoft Corporation) B339861C6A2A86FBCA67C2006B461473 C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-27 00:56 ==================== End of FRST.txt ============================   --------------------------------------------------------------------------------------   Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015 Ran by Uyen (2016-01-06 19:56:59) Running from C:\Users\Uyen\Desktop Windows 10 Home (X64) (2015-12-27 06:15:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-363019609-69000041-377191451-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-363019609-69000041-377191451-503 - Limited - Disabled) Guest (S-1-5-21-363019609-69000041-377191451-501 - Limited - Disabled) Uyen (S-1-5-21-363019609-69000041-377191451-1001 - Administrator - Enabled) => C:\Users\Uyen ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated) Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.) Camfrog Bot 6.0 (remove only) (HKLM-x32\...\Camfrog Bot 6.0) (Version: 6.0.8 - Camshare Inc.) Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.511 - Camshare, Inc.) COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.) ROBLOX Player for Uyen (HKU\S-1-5-21-363019609-69000041-377191451-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) WebcamMax (HKLM-x32\...\WebcamMax) (Version: 7.9.7.2.MultiLanguage - COOLWAREMAX) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-363019609-69000041-377191451-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Uyen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-363019609-69000041-377191451-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-363019609-69000041-377191451-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Uyen\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\RobloxProxy64.dll (ROBLOX Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A448C28-0B15-4D09-8573-A20E311F2F04} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-23] (Microsoft Corporation) Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {10DE2ED2-C830-4189-831D-2B3167BE8199} - System32\Tasks\SUPERAntiSpyware Scheduled Task 5875f35f-da55-43d0-ab50-c2ba7a1c83ba => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {153526EE-FE00-4437-9EFF-B91BF113082D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-21] (Synaptics Incorporated) Task: {1B3B88CA-CF55-4CDE-B9BF-B32EC9539802} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {2A60D82F-8DF3-4344-93B3-527F0F949284} - System32\Tasks\SUPERAntiSpyware Scheduled Task 81e428b7-9462-4c80-bf1e-60e76c0b04e5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {40084CDE-687F-4D79-8130-8A330E4BFBB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {55EC0E87-E39D-4409-88BF-01FCE6CBCC3B} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-04] (Realtek Semiconductor) Task: {706A0559-3E36-4788-9CC3-1D023B5C6E7B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {72975B2F-03D0-4C27-A027-8118046F11E5} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {74BBB3BC-F6E5-4C4F-B772-8BC14DD60165} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.) Task: {7BC2E422-6AD1-4CAC-8688-E5A3F9084B92} - System32\Tasks\SUPERAntiSpyware Scheduled Task 27ec92d3-7b88-4955-bd0a-b7da2b738a53 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {8E80E86C-090B-449B-A635-E6C27F2C27A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A331E99E-81A5-437B-9E25-BB87C1C30BCE} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO) Task: {A396BAF4-0AE6-4FA1-AE7F-9FAA911DA4BF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-07-04] (Realtek Semiconductor) Task: {A849FF21-1A5B-42B2-8AD8-96229FFCF989} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.) Task: {ABAE1A13-8BA2-4B47-8161-13B99AE21FBF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe [2015-12-30] (Adobe Systems Incorporated) Task: {B34A82A1-EC70-4C2E-ABBC-FFD781AE24CD} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {BB94138A-1CD8-4AAD-A421-6E7A0E61C0C2} - System32\Tasks\SUPERAntiSpyware Scheduled Task e8c52fdd-737d-4143-9965-f90f5ab31ade => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {BD78422C-A298-4E92-87A3-55B1F9B04D41} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {C48FD040-C103-4DD6-BF29-15B87BE30B36} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {DD82A93F-E117-4B56-AB17-482D38DB23DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated) Task: {E4755E22-76CD-4B80-A1C6-4BCDFBEC2D5A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 27ec92d3-7b88-4955-bd0a-b7da2b738a53.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5875f35f-da55-43d0-ab50-c2ba7a1c83ba.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 81e428b7-9462-4c80-bf1e-60e76c0b04e5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e8c52fdd-737d-4143-9965-f90f5ab31ade.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-12-29 00:03 - 2015-11-16 10:18 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-27 00:50 - 2015-12-27 00:50 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-12-27 00:51 - 2015-12-27 00:51 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-12-28 21:12 - 2015-12-28 21:13 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-01-09 01:02 - 2015-01-09 01:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2015-12-28 21:12 - 2015-12-28 21:13 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-12-28 21:12 - 2015-12-28 21:13 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-12-28 14:08 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll 2015-12-28 14:08 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ptun0901.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.027.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.027.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.028.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.028.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\JRT.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\RogueKiller.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\RogueKiller.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\BetternetForWindows.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Downloads\BetternetForWindows.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\images (1).jpg:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\images.jpg:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\privatetunnel-win-2.4.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Downloads\privatetunnel-win-2.4.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe:$CmdZnID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2016-01-05 23:00 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-363019609-69000041-377191451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Uyen\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. bfe => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: McComponentHostService => 3 HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "Speech Recognition" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "WebcamMaxAutoRun" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{56593331-F4AA-445D-B275-D1CCF5884E2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E61B9B83-FC68-4BDC-AC50-F3913F505EC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{324B57DD-8A92-4DAD-AA0B-DCFB29DFF962}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{61549469-3CC3-4897-9E47-16D5462688F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E0A147A7-8353-4E8E-A41A-75C610F6EAC4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D8890076-412C-4658-9A51-05937105268B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{8C2B9027-8799-4DA8-BA01-EFEDF7C6EA6A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{BA20FD99-9DA1-45AC-BB70-063093245BA0}] => (Allow) LPort=2869 FirewallRules: [{F612A533-FF7A-4059-8AC3-1EE15F5A5F4A}] => (Allow) LPort=1900 FirewallRules: [{9B5002D0-9E6D-4007-9C05-BCB1DD0DC2C4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{58771680-3603-488F-B105-96605BEA3889}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{E9033213-58F4-4CE7-B04B-3FB1BE7CF19B}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe ==================== Restore Points ========================= Could not list restore points Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Could not start eventlog service, could not read events. System error 123 has occurred. The filename, directory name, or volume label syntax is incorrect. ==================== Memory info ===========================  Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz Percentage of memory in use: 44% Total physical RAM: 3985.27 MB Available physical RAM: 2228.2 MB Total Virtual: 4689.27 MB Available Virtual: 2768.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.46 GB) (Free:437.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777) Partition: GPT. ==================== End of Addition.txt ============================
  9. Ok, I have the logs here for you, thanks:   RogueKiller V11.0.6.0 [Jan  4 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.10586) 64 bits version Started in : Normal mode User : Uyen [Administrator] Started from : C:\Users\Uyen\Desktop\RogueKiller.exe Mode : Delete -- Date : 01/05/2016 20:00:26 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 1 ¤¤¤ [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Deleted ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 0.0.0.1    mssplus.mcafee.comDeleted ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++ --- User --- [MBR] fd9c45f893067b4140b808bdc8664c76 [BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 1083392 | Size: 475604 MB 4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 975122432 | Size: 806 MB User = LL1 ... OK User = LL2 ... OK   --------------------------------------------------------------------------------------------------------------------------------   Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/3/2016 Scan Time: 9:06 PM Logfile: mbam log.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.01.03.05 Rootkit Database: v2015.12.26.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Uyen Scan Type: Threat Scan Result: Completed Objects Scanned: 330061 Time Elapsed: 20 min, 41 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 19 PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\AAAAAEJAGHNBCJILINDPKGMCMDFLPGJF, Quarantined, [9da4da5b4752de5894ae57844eb5c739],  PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\AAAAAHAEGINBDCCKOCJKHBCIADCAFNEP, Quarantined, [f051cd680d8cc571d171ba214bb88878],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, Quarantined, [3a077db80d8cdf57fa55cef5ca38619f],  PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\AAAAAEJAGHNBCJILINDPKGMCMDFLPGJF, Quarantined, [72cf3ef7cfca4beb92b0558629daa65a],  PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\AAAAAHAEGINBDCCKOCJKHBCIADCAFNEP, Quarantined, [1c25989d1d7c1a1cfc46b328db28827e],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\TYPELIB\{9945959C-AAD8-4312-8B57-2DE11927E770}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD125908-5F10-409F-9C01-F2207CA18887}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD125908-5F10-409F-9C01-F2207CA18887}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9945959C-AAD8-4312-8B57-2DE11927E770}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{9945959C-AAD8-4312-8B57-2DE11927E770}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{80703783-E415-4EE3-AB60-D36981C5A6F1}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{80703783-E415-4EE3-AB60-D36981C5A6F1}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  Registry Values: 4 PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaejaghnbcjilindpkgmcmdflpgjf|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaejaghnbcjilindpkgmcmdflpgjf.crx, Quarantined, [9da4da5b4752de5894ae57844eb5c739] PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaahaeginbdcckocjkhbciadcafnep|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx, Quarantined, [f051cd680d8cc571d171ba214bb88878] PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaejaghnbcjilindpkgmcmdflpgjf|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaejaghnbcjilindpkgmcmdflpgjf.crx, Quarantined, [72cf3ef7cfca4beb92b0558629daa65a] PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaahaeginbdcckocjkhbciadcafnep|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx, Quarantined, [1c25989d1d7c1a1cfc46b328db28827e] Registry Data: 0 (No malicious items detected) Folders: 8 PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [0938e84de1b8ee4817372f5d38ca14ec],  PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork, Quarantined, [1d24ec496930c373f05fd7b5847e3dc3],  PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar, Quarantined, [1d24ec496930c373f05fd7b5847e3dc3],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\CMG-SOG, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  Files: 12 PUP.Optional.APNToolBar, C:\Users\Uyen\Downloads\camfrog.exe, Quarantined, [cf721421debbed49c4d780aeb24f13ed],  PUP.Optional.APNToolBar, C:\Users\Uyen\Downloads\WebcamMax-7.9.6.8.MultiLanguage.Setup.exe, Quarantined, [fe43bb7aeeabed492b7082acab56ca36],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\CMG-SOG\config.xml, Quarantined, [6ed3eb4a0d8c69cdd879cac223df9d63],  Physical Sectors: 0 (No malicious items detected) (end) ----------------------------------------------------------------------------------------------------------------------   # AdwCleaner v5.028 - Logfile created 05/01/2016 at 20:20:53 # Updated 04/01/2016 by Xplode # Database : 2016-01-04.2 [Server] # Operating system : Windows 10 Home  (x64) # Username : Uyen - UYEN # Running from : C:\Users\Uyen\Desktop\adwcleaner_5.028.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [653 bytes] ##########     ------------------------------------------------------------------------------------------------   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 10 Home x64  Ran by Uyen (Administrator) on Tue 01/05/2016 at 20:27:00.64 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1  Successfully deleted: C:\Users\Uyen\AppData\Local\crashrpt (Folder)  Registry: 2  Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{434D472D-5347-006A-76A7-7A786E7484D7} (Registry Value)  Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{434C4D2D-5347-006A-76A7-7A786E7484D7} (Registry Value)  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 01/05/2016 at 20:37:49.53 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  10. The laptop had no antivirus install. The Windows notification is showing spywear and unwanted software protection disable. Please help, here is FRST64 log:   Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015 Ran by Uyen (administrator) on UYEN (03-01-2016 21:51:42) Running from C:\Users\Uyen\Desktop Loaded Profiles: Uyen (Available Profiles: Uyen) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO) HKU\S-1-5-21-363019609-69000041-377191451-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware) HKU\S-1-5-21-363019609-69000041-377191451-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2016-01-03] () HKU\S-1-5-21-363019609-69000041-377191451-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.) HKU\S-1-5-21-363019609-69000041-377191451-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-10-29] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-01] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.1    mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{28698629-23e8-4c17-9d1f-e88922d8a614}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{2b6a7e9c-5203-4558-a757-d6dd63e2140f}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{2b6a7e9c-5203-4558-a757-d6dd63e2140f}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKU\S-1-5-21-363019609-69000041-377191451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo SearchScopes: HKU\S-1-5-21-363019609-69000041-377191451-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) Toolbar: HKLM - No Name - {434C4D2D-5347-006A-76A7-7A786E7484D7} -  No File Toolbar: HKLM-x32 - No Name - {434C4D2D-5347-006A-76A7-7A786E7484D7} -  No File Toolbar: HKU\S-1-5-21-363019609-69000041-377191451-1001 -> No Name - {434D472D-5347-006A-76A7-7A786E7484D7} -  No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-02] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-02] () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-28] (Google Inc.) FF Plugin HKU\S-1-5-21-363019609-69000041-377191451-1001: @nsroblox.roblox.com/launcher -> C:\Users\Uyen\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-363019609-69000041-377191451-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Uyen\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) Chrome:  ======= CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28] CHR Extension: (YouTube) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28] CHR Extension: (Google Search) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-28] CHR Extension: (Gmail) - C:\Users\Uyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] CHR HKLM-x32\...\Chrome\Extension: [peefembmkccmkodbcpgilfjgkligpbba] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1035768 2015-11-25] (Camshare Inc.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2016-01-03] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2016-01-03] (Malwarebytes) S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-07-03] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO) S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-28] (Visicom Media Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2016-01-03] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-03] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2016-01-03] (Malwarebytes Corporation) S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-29] (Realtek                                            ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated) R2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-03 21:51 - 2016-01-03 21:53 - 00013152 _____ C:\Users\Uyen\Desktop\FRST.txt 2016-01-03 21:46 - 2016-01-03 21:51 - 00000000 ____D C:\FRST 2016-01-03 21:46 - 2016-01-03 21:46 - 02370560 _____ (Farbar) C:\Users\Uyen\Desktop\FRST64.exe 2016-01-03 21:42 - 2016-01-03 21:43 - 01745920 _____ C:\Users\Uyen\Desktop\adwcleaner_5.027.exe 2016-01-03 21:29 - 2016-01-03 21:29 - 00199744 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-01-03 21:19 - 2016-01-03 21:19 - 00000000 ____D C:\Users\Uyen\AppData\Local\CrashRpt 2016-01-03 21:17 - 2016-01-03 21:28 - 00016062 _____ C:\WINDOWS\system32\Drivers\fvstore.dat 2016-01-03 21:17 - 2016-01-03 21:17 - 00000000 ___HD C:\VTRoot 2016-01-03 21:16 - 2016-01-03 21:17 - 26932051 _____ C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe 2016-01-03 20:56 - 2016-01-03 21:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-01-03 20:56 - 2016-01-03 20:56 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-01-03 20:56 - 2016-01-03 20:56 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-01-03 20:56 - 2016-01-03 20:56 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-01-03 20:56 - 2016-01-03 20:56 - 00001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-03 20:56 - 2016-01-03 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-03 20:56 - 2016-01-03 20:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-03 20:56 - 2016-01-03 20:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-01-03 20:54 - 2016-01-03 21:48 - 00926673 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2016-01-03 20:54 - 2016-01-03 20:54 - 00001888 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk 2016-01-03 20:54 - 2016-01-03 20:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO 2016-01-03 20:54 - 2016-01-03 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-01-03 20:53 - 2016-01-03 20:53 - 00000000 ____D C:\ProgramData\Shared Space 2016-01-03 20:53 - 2016-01-03 20:53 - 00000000 ____D C:\Program Files\COMODO 2016-01-03 20:52 - 2016-01-03 20:55 - 22908888 _____ (Malwarebytes ) C:\Users\Uyen\Downloads\mbam-setup-2.2.0.1024.exe 2016-01-03 20:52 - 2016-01-03 20:54 - 00000000 ____D C:\ProgramData\Comodo 2016-01-03 20:50 - 2016-01-03 20:51 - 217812536 _____ (COMODO) C:\Users\Uyen\Downloads\cav_installer_5951_60.exe 2016-01-03 14:46 - 2016-01-03 14:46 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Bot 6.0 2016-01-03 11:11 - 2016-01-03 11:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2016-01-02 20:52 - 2016-01-02 20:52 - 00000176 _____ C:\Users\Uyen\Documents\cc_20160102_205224.reg 2016-01-02 20:52 - 2016-01-02 20:52 - 00000082 _____ C:\Users\Uyen\Documents\cc_20160102_205216.reg 2016-01-02 20:51 - 2016-01-02 20:52 - 00002458 _____ C:\Users\Uyen\Documents\cc_20160102_205156.reg 2016-01-02 20:51 - 2016-01-02 20:51 - 00003850 _____ C:\Users\Uyen\Documents\cc_20160102_205138.reg 2016-01-02 07:55 - 2016-01-02 07:55 - 00001424 _____ C:\Users\Uyen\Desktop\ROBLOX Player.lnk 2016-01-02 07:54 - 2016-01-02 08:02 - 00000000 ____D C:\Users\Uyen\AppData\Local\Roblox 2016-01-02 07:54 - 2016-01-02 08:01 - 00000248 _____ C:\Users\Uyen\AppData\LocalLow\rbxcsettings.rbx 2016-01-02 07:54 - 2016-01-02 07:55 - 00001239 _____ C:\Users\Uyen\Desktop\ROBLOX Studio.lnk 2016-01-02 07:54 - 2016-01-02 07:55 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2016-01-02 07:54 - 2016-01-02 07:54 - 00969584 _____ (ROBLOX Corporation) C:\Users\Uyen\Downloads\RobloxPlayerLauncher.exe 2016-01-01 21:43 - 2016-01-03 21:10 - 00002252 _____ C:\Users\Uyen\Desktop\Camfrog Video Chat.lnk 2016-01-01 19:16 - 2016-01-01 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-01-01 19:15 - 2016-01-01 19:16 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-12-30 20:50 - 2016-01-03 21:10 - 00002133 _____ C:\Users\Uyen\Desktop\Camfrog Bot 6.0.lnk 2015-12-30 20:50 - 2016-01-03 15:06 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Camfrog Bot 2015-12-30 20:50 - 2015-12-30 20:50 - 00000000 ____D C:\ProgramData\Camfrog Bot 2015-12-30 20:49 - 2015-12-30 20:49 - 12476120 _____ (Camshare Inc.) C:\Users\Uyen\Downloads\camfrog_bot_setup.exe 2015-12-30 19:15 - 2016-01-03 21:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-30 19:15 - 2016-01-02 19:02 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-12-30 19:15 - 2016-01-02 09:35 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-12-30 19:15 - 2015-12-30 19:15 - 00003948 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-12-30 19:15 - 2015-12-30 19:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2015-12-30 19:15 - 2015-12-30 19:15 - 00000000 ____D C:\ProgramData\McAfee 2015-12-30 19:14 - 2016-01-02 19:02 - 00000000 ____D C:\Users\Uyen\AppData\Local\Adobe 2015-12-29 20:09 - 2016-01-03 20:09 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e8c52fdd-737d-4143-9965-f90f5ab31ade.job 2015-12-29 20:09 - 2015-12-29 20:09 - 00003736 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e8c52fdd-737d-4143-9965-f90f5ab31ade 2015-12-29 20:08 - 2016-01-03 20:08 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 27ec92d3-7b88-4955-bd0a-b7da2b738a53.job 2015-12-29 20:08 - 2015-12-29 20:08 - 00003736 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 27ec92d3-7b88-4955-bd0a-b7da2b738a53 2015-12-29 19:34 - 2015-12-29 19:34 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 2015-12-29 19:25 - 2015-12-29 19:25 - 00000000 ____D C:\SUPERDelete 2015-12-29 18:21 - 2015-12-29 18:21 - 00001378 _____ C:\Users\Uyen\Desktop\Movie Maker.lnk 2015-12-29 18:11 - 2015-12-29 18:11 - 00002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-12-29 18:11 - 2015-12-29 18:11 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-12-29 18:11 - 2015-12-29 18:11 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-12-29 18:11 - 2015-12-29 18:11 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-12-29 18:11 - 2015-12-29 18:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-12-29 18:11 - 2015-12-29 18:11 - 00000000 ____D C:\WINDOWS\en 2015-12-29 18:11 - 2015-12-29 18:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-12-29 18:10 - 2015-12-29 18:11 - 00000000 ____D C:\Program Files (x86)\Windows Live 2015-12-29 18:10 - 2015-12-29 18:10 - 00000000 ____D C:\WINDOWS\PCHEALTH 2015-12-29 18:10 - 2015-12-29 18:10 - 00000000 ____D C:\Program Files\Windows Live 2015-12-29 18:09 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2015-12-29 18:09 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2015-12-29 18:09 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2015-12-29 18:09 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2015-12-29 18:09 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2015-12-29 18:09 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2015-12-29 18:09 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2015-12-29 18:09 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2015-12-29 18:09 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2015-12-29 18:09 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2015-12-29 18:09 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2015-12-29 18:09 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2015-12-29 18:08 - 2015-12-29 18:12 - 00000000 ____D C:\Users\Uyen\AppData\Local\Windows Live 2015-12-29 18:07 - 2015-12-29 18:07 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-12-29 18:07 - 2015-12-29 18:07 - 00000000 ____D C:\Program Files\MSBuild 2015-12-29 18:07 - 2015-12-29 18:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-12-29 18:07 - 2015-12-29 18:07 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-12-29 18:05 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-12-29 18:05 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-12-29 18:05 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-12-29 18:05 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-12-29 18:05 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-12-29 18:05 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-12-29 18:04 - 2015-12-29 18:04 - 01239752 _____ (Microsoft Corporation) C:\Users\Uyen\Downloads\wlsetup-web.exe 2015-12-29 17:16 - 2015-12-29 17:59 - 00000000 ____D C:\Users\Uyen\Documents\Sound recordings 2015-12-29 12:24 - 2015-12-29 12:24 - 00000000 ____D C:\Users\Uyen\Tracing 2015-12-29 12:20 - 2015-12-29 17:24 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Skype 2015-12-29 12:20 - 2015-12-29 12:26 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-29 12:20 - 2015-12-29 12:20 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-29 12:20 - 2015-12-29 12:20 - 00000000 ____D C:\ProgramData\Skype 2015-12-29 12:20 - 2015-12-29 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-29 12:19 - 2015-12-29 12:19 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Uyen\Downloads\SkypeSetup.exe 2015-12-29 09:52 - 2016-01-03 21:47 - 00000000 ____D C:\AdwCleaner 2015-12-28 21:39 - 2015-12-28 21:40 - 06805328 _____ (Piriform Ltd) C:\Users\Uyen\Downloads\ccsetup513.exe 2015-12-28 21:02 - 2016-01-03 21:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-12-28 21:02 - 2015-12-28 21:02 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2015-12-28 21:02 - 2015-12-28 21:02 - 00001096 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2015-12-28 21:02 - 2015-12-28 21:02 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\TeamViewer 2015-12-28 21:02 - 2015-11-16 07:18 - 00035112 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys 2015-12-28 20:47 - 2015-12-28 20:48 - 09616448 _____ (TeamViewer GmbH) C:\Users\Uyen\Downloads\TeamViewer_Setup_en.exe 2015-12-28 18:58 - 2015-12-28 18:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-12-28 18:54 - 2015-12-28 18:54 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Macromedia 2015-12-28 18:35 - 2016-01-03 21:22 - 00001084 _____ C:\Users\Public\Desktop\WebcamMax.lnk 2015-12-28 18:35 - 2016-01-03 21:07 - 00000000 ____D C:\ProgramData\WebcamMax 2015-12-28 18:35 - 2015-12-28 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebcamMax 2015-12-28 18:34 - 2015-12-28 18:35 - 00000000 ____D C:\Program Files (x86)\WebcamMax 2015-12-28 18:33 - 2016-01-03 18:33 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 81e428b7-9462-4c80-bf1e-60e76c0b04e5.job 2015-12-28 18:33 - 2016-01-03 02:00 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5875f35f-da55-43d0-ab50-c2ba7a1c83ba.job 2015-12-28 18:33 - 2015-12-28 18:33 - 00003734 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 5875f35f-da55-43d0-ab50-c2ba7a1c83ba 2015-12-28 18:33 - 2015-12-28 18:33 - 00003652 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 81e428b7-9462-4c80-bf1e-60e76c0b04e5 2015-12-28 18:33 - 2015-12-28 18:33 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\SUPERAntiSpyware.com 2015-12-28 18:32 - 2016-01-03 08:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-12-28 18:32 - 2015-12-28 18:32 - 24305592 _____ (SUPERAntiSpyware) C:\Users\Uyen\Downloads\SUPERAntiSpywarePro.exe 2015-12-28 18:32 - 2015-12-28 18:32 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2015-12-28 18:32 - 2015-12-28 18:32 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2015-12-28 18:32 - 2015-12-28 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-12-28 18:18 - 2015-12-28 18:18 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\WebcamMax 2015-12-28 18:11 - 2016-01-03 18:45 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Camfrog 2015-12-28 18:11 - 2016-01-01 21:43 - 00000000 ____D C:\ProgramData\Camfrog Update 2015-12-28 18:11 - 2015-12-30 20:50 - 00000000 ____D C:\Program Files (x86)\Camfrog 2015-12-28 18:11 - 2015-12-28 18:11 - 00000000 ____D C:\Users\Uyen\AppData\Local\Camfrog 2015-12-28 18:08 - 2015-12-28 18:27 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\ManyCam 2015-12-28 18:08 - 2015-12-28 18:27 - 00000000 ____D C:\ProgramData\ManyCam 2015-12-28 18:07 - 2015-12-28 18:07 - 00000061 _____ C:\prefs.js 2015-12-28 18:01 - 2015-12-08 19:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-28 17:57 - 2015-12-28 17:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2015-12-28 17:44 - 2015-12-28 17:45 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-28 17:44 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-28 11:08 - 2015-12-28 11:08 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-28 11:08 - 2015-12-28 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-28 11:07 - 2016-01-03 21:50 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-28 11:07 - 2016-01-03 21:12 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-28 11:07 - 2015-12-28 20:55 - 00000000 ____D C:\Users\Uyen\AppData\Local\Google 2015-12-28 11:07 - 2015-12-28 11:08 - 00000000 ____D C:\Program Files (x86)\Google 2015-12-28 11:07 - 2015-12-28 11:07 - 00927824 _____ (Google Inc.) C:\Users\Uyen\Downloads\ChromeSetup.exe 2015-12-28 11:07 - 2015-12-28 11:07 - 00003962 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-28 11:07 - 2015-12-28 11:07 - 00003730 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-28 11:03 - 2015-12-28 11:06 - 00000000 ____D C:\Users\Uyen\AppData\Local\MicrosoftEdge 2015-12-28 11:02 - 2015-12-28 18:30 - 00002356 _____ C:\Users\Uyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-28 11:02 - 2015-12-28 11:02 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-12-28 10:54 - 2015-12-28 10:54 - 00003224 _____ C:\WINDOWS\System32\Tasks\RtHDVBg 2015-12-28 10:54 - 2015-12-28 10:54 - 00003196 _____ C:\WINDOWS\System32\Tasks\RTKCPL 2015-12-28 10:54 - 2015-12-28 10:54 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2015-12-28 10:54 - 2015-12-28 10:54 - 00000000 ____D C:\WINDOWS\system32\SRSLabs 2015-12-28 10:54 - 2015-12-28 10:54 - 00000000 ____D C:\ProgramData\USOShared 2015-12-28 10:54 - 2015-12-28 10:54 - 00000000 ____D C:\Program Files\Realtek 2015-12-26 22:20 - 2015-12-26 22:20 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2015-12-26 22:19 - 2015-12-26 22:19 - 00000000 ____D C:\Users\Uyen\AppData\Local\ActiveSync 2015-12-26 22:18 - 2015-12-26 22:18 - 00000000 ____D C:\Users\Uyen\AppData\Local\Publishers 2015-12-26 22:17 - 2016-01-03 21:50 - 00000000 __SHD C:\Users\Uyen\IntelGraphicsProfiles 2015-12-26 22:17 - 2015-12-29 10:07 - 00000000 __RHD C:\Users\Public\AccountPictures 2015-12-26 22:17 - 2015-12-26 22:17 - 00000000 ____D C:\Users\Uyen\AppData\Local\Comms 2015-12-26 22:16 - 2015-12-26 22:23 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-12-26 22:16 - 2015-12-26 22:16 - 00000020 ___SH C:\Users\Uyen\ntuser.ini 2015-12-26 22:16 - 2015-12-26 22:16 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Synaptics 2015-12-26 22:16 - 2015-12-26 22:16 - 00000000 ____D C:\Users\Uyen\AppData\Local\TileDataLayer 2015-12-26 22:16 - 2015-12-26 22:16 - 00000000 ____D C:\ProgramData\Synaptics 2015-12-26 22:13 - 2016-01-03 21:35 - 01190954 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-26 22:13 - 2015-12-26 22:13 - 00000000 _SHDL C:\Users\Default\My Documents 2015-12-26 22:13 - 2015-12-26 22:13 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2015-12-26 22:13 - 2015-12-26 22:13 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2015-12-26 22:13 - 2015-12-26 22:13 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2015-12-26 22:13 - 2015-12-26 22:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2015-12-26 22:13 - 2015-12-26 22:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2015-12-26 22:13 - 2015-12-26 22:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2015-12-26 22:11 - 2016-01-03 21:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-26 22:11 - 2015-12-26 22:11 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2015-12-26 22:06 - 2015-12-26 22:06 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-26 22:04 - 2015-12-26 22:04 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2015-12-26 22:03 - 2016-01-02 19:03 - 00000000 ____D C:\Users\Uyen 2015-12-26 22:03 - 2015-12-26 22:03 - 00000000 _SHDL C:\Users\Uyen\My Documents 2015-12-26 22:03 - 2015-12-26 22:03 - 00000000 _SHDL C:\Users\Uyen\Documents\My Videos 2015-12-26 22:03 - 2015-12-26 22:03 - 00000000 _SHDL C:\Users\Uyen\Documents\My Pictures 2015-12-26 22:03 - 2015-12-26 22:03 - 00000000 _SHDL C:\Users\Uyen\Documents\My Music 2015-12-26 22:00 - 2015-12-26 22:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2015-12-26 22:00 - 2015-12-26 22:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-12-26 22:00 - 2015-12-26 22:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2015-12-26 22:00 - 2015-12-26 22:00 - 00000000 ____D C:\Program Files\Synaptics 2015-12-26 22:00 - 2015-12-26 22:00 - 00000000 ____D C:\Program Files\Intel 2015-12-26 22:00 - 2015-08-27 18:20 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2015-12-26 22:00 - 2015-08-27 18:20 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2015-12-26 21:59 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2015-12-26 21:55 - 2015-12-28 21:47 - 00000000 ___DC C:\WINDOWS\Panther 2015-12-26 21:51 - 2015-12-26 21:51 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2015-12-26 21:51 - 2015-12-26 21:51 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2015-12-26 21:51 - 2015-12-26 21:51 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-26 21:51 - 2015-12-26 21:51 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-26 21:51 - 2015-12-26 21:51 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-26 21:51 - 2015-12-26 21:51 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL 2015-12-26 21:51 - 2015-12-26 21:51 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2015-12-26 21:51 - 2015-12-26 21:51 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-12-26 21:51 - 2015-12-26 21:51 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2015-12-26 21:51 - 2015-12-26 21:51 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2015-12-26 21:51 - 2015-12-26 21:51 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-26 21:51 - 2015-12-26 21:51 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-12-26 21:51 - 2015-12-26 21:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys 2015-12-26 21:51 - 2015-12-26 21:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2015-12-26 21:51 - 2015-12-26 21:51 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-26 21:50 - 2015-12-26 21:50 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-26 21:50 - 2015-12-26 21:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-12-26 21:50 - 2015-12-26 21:50 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-12-26 21:50 - 2015-12-26 21:50 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys 2015-12-26 21:50 - 2015-12-26 21:50 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-26 21:50 - 2015-12-26 21:50 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2015-12-26 21:50 - 2015-12-26 21:50 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-12-26 21:50 - 2015-12-26 21:50 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2015-12-26 21:47 - 2015-12-26 21:47 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2015-12-26 21:36 - 2015-12-26 22:12 - 00009528 _____ C:\WINDOWS\diagwrn.xml 2015-12-26 21:36 - 2015-12-26 22:12 - 00009528 _____ C:\WINDOWS\diagerr.xml 2015-12-26 21:07 - 2015-12-26 22:11 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements 2015-12-26 21:07 - 2015-12-26 21:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2015-12-26 20:44 - 2015-12-26 22:11 - 00002804 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-363019609-69000041-377191451-1001 2015-12-26 20:44 - 2015-12-26 20:44 - 00000000 ____D C:\Program Files (x86)\Intel 2015-12-26 20:44 - 2015-12-26 20:44 - 00000000 ____D C:\Intel 2015-12-26 20:43 - 2015-12-26 20:43 - 00000000 ____D C:\Users\Uyen\AppData\Local\GWX 2015-12-26 20:42 - 2015-12-28 18:30 - 00000000 ___RD C:\Users\Uyen\OneDrive 2015-12-26 20:38 - 2015-12-29 19:29 - 00000000 ____D C:\Users\Uyen\AppData\Local\Packages 2015-12-26 20:38 - 2015-12-26 20:38 - 00000000 ____D C:\Users\Uyen\AppData\Roaming\Adobe 2015-12-26 20:38 - 2015-12-26 20:38 - 00000000 ____D C:\Users\Uyen\AppData\Local\VirtualStore 2015-12-26 20:34 - 2015-03-13 17:51 - 00015360 ____N (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-03 21:47 - 2015-10-29 22:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-01-03 21:46 - 2015-10-29 22:28 - 00000000 ____D C:\Windows 2016-01-03 21:41 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF 2016-01-03 21:28 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages 2016-01-02 22:13 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-30 17:21 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache 2015-12-30 17:06 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-29 19:29 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-29 18:10 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-28 11:02 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2015-12-28 10:54 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\appcompat 2015-12-28 10:54 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\USOPrivate 2015-12-27 13:10 - 2015-10-29 23:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-27 13:10 - 2015-10-29 23:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-26 22:17 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-12-26 22:17 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PrintDialog 2015-12-26 22:17 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2015-12-26 22:17 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-12-26 22:13 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2015-12-26 22:13 - 2015-10-29 22:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-12-26 22:12 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Registration 2015-12-26 22:09 - 2015-10-29 23:24 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-26 22:06 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-12-26 22:06 - 2013-08-22 05:36 - 00000000 ____D C:\Users\Default.migrated 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\spool 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\et-EE 2015-12-26 22:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-12-26 22:05 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2015-12-26 22:05 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2015-12-26 22:04 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\InputMethod 2015-12-26 22:04 - 2014-11-21 07:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager 2015-12-26 22:04 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2015-12-26 22:04 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\ADFS 2015-12-26 22:03 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-12-26 21:56 - 2015-10-30 01:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2015-12-26 21:55 - 2015-10-29 23:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2015-12-26 21:51 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-12-26 21:51 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-12-26 21:51 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Provisioning 2015-12-26 21:51 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2015-12-26 21:51 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-12-26 21:51 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-12-26 21:36 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT Some files in TEMP: ==================== C:\Users\Uyen\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-26 21:56 ==================== End of FRST.txt ============================   -------------------------------------------------------------------   Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015 Ran by Uyen (2016-01-03 21:53:46) Running from C:\Users\Uyen\Desktop Windows 10 Home (X64) (2015-12-27 06:15:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-363019609-69000041-377191451-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-363019609-69000041-377191451-503 - Limited - Disabled) Guest (S-1-5-21-363019609-69000041-377191451-501 - Limited - Disabled) Uyen (S-1-5-21-363019609-69000041-377191451-1001 - Administrator - Enabled) => C:\Users\Uyen ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated) Camfrog Bot 6.0 (remove only) (HKLM-x32\...\Camfrog Bot 6.0) (Version: 6.0.8 - Camshare Inc.) Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.511 - Camshare, Inc.) COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.) ROBLOX Player for Uyen (HKU\S-1-5-21-363019609-69000041-377191451-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) WebcamMax (HKLM-x32\...\WebcamMax) (Version: 7.9.7.2.MultiLanguage - COOLWAREMAX) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-363019609-69000041-377191451-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Uyen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-363019609-69000041-377191451-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-363019609-69000041-377191451-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Uyen\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\RobloxProxy64.dll (ROBLOX Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {10DE2ED2-C830-4189-831D-2B3167BE8199} - System32\Tasks\SUPERAntiSpyware Scheduled Task 5875f35f-da55-43d0-ab50-c2ba7a1c83ba => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {153526EE-FE00-4437-9EFF-B91BF113082D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-21] (Synaptics Incorporated) Task: {1B3B88CA-CF55-4CDE-B9BF-B32EC9539802} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {2A60D82F-8DF3-4344-93B3-527F0F949284} - System32\Tasks\SUPERAntiSpyware Scheduled Task 81e428b7-9462-4c80-bf1e-60e76c0b04e5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {40084CDE-687F-4D79-8130-8A330E4BFBB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {55EC0E87-E39D-4409-88BF-01FCE6CBCC3B} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-03] (Realtek Semiconductor) Task: {706A0559-3E36-4788-9CC3-1D023B5C6E7B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {72975B2F-03D0-4C27-A027-8118046F11E5} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {74BBB3BC-F6E5-4C4F-B772-8BC14DD60165} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.) Task: {7BC2E422-6AD1-4CAC-8688-E5A3F9084B92} - System32\Tasks\SUPERAntiSpyware Scheduled Task 27ec92d3-7b88-4955-bd0a-b7da2b738a53 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {8E80E86C-090B-449B-A635-E6C27F2C27A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A331E99E-81A5-437B-9E25-BB87C1C30BCE} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO) Task: {A396BAF4-0AE6-4FA1-AE7F-9FAA911DA4BF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-07-03] (Realtek Semiconductor) Task: {A849FF21-1A5B-42B2-8AD8-96229FFCF989} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.) Task: {ABAE1A13-8BA2-4B47-8161-13B99AE21FBF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe [2015-12-30] (Adobe Systems Incorporated) Task: {B34A82A1-EC70-4C2E-ABBC-FFD781AE24CD} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {BB94138A-1CD8-4AAD-A421-6E7A0E61C0C2} - System32\Tasks\SUPERAntiSpyware Scheduled Task e8c52fdd-737d-4143-9965-f90f5ab31ade => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {BD78422C-A298-4E92-87A3-55B1F9B04D41} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {BE94530E-1EDD-43EC-8AB9-4B213649F16E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-23] (Microsoft Corporation) Task: {C48FD040-C103-4DD6-BF29-15B87BE30B36} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {DD82A93F-E117-4B56-AB17-482D38DB23DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated) Task: {E4755E22-76CD-4B80-A1C6-4BCDFBEC2D5A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 27ec92d3-7b88-4955-bd0a-b7da2b738a53.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5875f35f-da55-43d0-ab50-c2ba7a1c83ba.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 81e428b7-9462-4c80-bf1e-60e76c0b04e5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e8c52fdd-737d-4143-9965-f90f5ab31ade.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-28 21:03 - 2015-11-16 07:18 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2015-01-08 22:02 - 2015-01-08 22:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2015-12-26 21:50 - 2015-12-26 21:50 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-28 18:12 - 2015-12-28 18:13 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-26 21:50 - 2015-12-26 21:50 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-12-26 21:51 - 2015-12-26 21:51 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-12-28 18:12 - 2015-12-28 18:13 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-12-28 18:12 - 2015-12-28 18:13 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-12-28 11:08 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll 2015-12-28 11:08 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.027.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\adwcleaner_5.027.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Desktop\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID AlternateDataStreams: C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Uyen\Downloads\WebcamMax-7.9.7.2.MultiLanguage.Setup.exe:$CmdZnID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 05:25 - 2016-01-01 19:16 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1    mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-363019609-69000041-377191451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Uyen\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 156.154.70.22 - 156.154.71.22 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: McComponentHostService => 3 HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "Speech Recognition" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-363019609-69000041-377191451-1001\...\StartupApproved\Run: => "WebcamMaxAutoRun" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{56593331-F4AA-445D-B275-D1CCF5884E2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E61B9B83-FC68-4BDC-AC50-F3913F505EC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{324B57DD-8A92-4DAD-AA0B-DCFB29DFF962}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{61549469-3CC3-4897-9E47-16D5462688F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E0A147A7-8353-4E8E-A41A-75C610F6EAC4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D8890076-412C-4658-9A51-05937105268B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{8C2B9027-8799-4DA8-BA01-EFEDF7C6EA6A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{BA20FD99-9DA1-45AC-BB70-063093245BA0}] => (Allow) LPort=2869 FirewallRules: [{F612A533-FF7A-4059-8AC3-1EE15F5A5F4A}] => (Allow) LPort=1900 FirewallRules: [{9B5002D0-9E6D-4007-9C05-BCB1DD0DC2C4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{58771680-3603-488F-B105-96605BEA3889}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{E9033213-58F4-4CE7-B04B-3FB1BE7CF19B}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe ==================== Restore Points ========================= 29-12-2015 10:12:40 Windows Update 02-01-2016 22:13:27 Windows Modules Installer ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider CisWmi attempted to register query "SELECT * FROM CisEvent" whose target class "CisEvent" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider  attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored. Error: (01/03/2016 08:54:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider  attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored. System errors: ============= Error: (01/03/2016 09:52:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Defender Service service failed to start due to the following error:  %%1053 Error: (01/03/2016 09:52:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Defender Service service to connect. Error: (01/03/2016 09:47:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error:  %%3 Error: (01/03/2016 09:47:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_153545 service to connect. Error: (01/03/2016 09:47:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_153545 service to connect. Error: (01/03/2016 09:47:28 PM) (Source: DCOM) (EventID: 10010) (User: UYEN) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (01/03/2016 09:47:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_153545 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/03/2016 09:47:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_153545 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/03/2016 09:47:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_153545 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/03/2016 09:47:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_153545 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: ===================================   Date: 2016-01-03 21:52:38.221   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.   Date: 2016-01-03 21:48:27.760   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-01-03 21:33:14.935   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.   Date: 2016-01-03 21:29:17.022   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.   Date: 2016-01-03 20:55:27.185   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.   Date: 2016-01-03 04:57:13.452   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.   Date: 2015-12-30 03:08:53.406   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.   Date: 2015-12-29 19:23:08.245   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.   Date: 2015-12-29 17:24:41.497   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.   Date: 2015-12-28 17:44:49.761   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info ===========================  Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz Percentage of memory in use: 49% Total physical RAM: 3985.27 MB Available physical RAM: 1998.92 MB Total Virtual: 4689.27 MB Available Virtual: 2490.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.46 GB) (Free:438.22 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777) Partition: GPT. ==================== End of Addition.txt ============================
  11. Bad news, I am very very sorry but I need you closed this thread too. This user have abandoned me and will not allow me to finish ( was doing team viewer session). I have no idea as to why. I am sorry for this please close the thread. Thanks again for all your help. Hope I not get any bad reputation for this. :(
  12. Broni UnInstaller dont have any " leftover entry (entries)" only unnamed, default, and windows update entries. I cant even see ESet inside UnInstaller, but I see it inside windows programs list.
  13. Ok, when I go inside add/remove programs I can still see ESet  NOD32 in there. Still it error 2503 call script out near the end of the uninstall. Eset its still in there. When I used "empty recycle bin" ESet pop open ask confirm.  here is new FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015 Ran by HP-14 (administrator) on HP (19-12-2015 10:56:18) Running from C:\Users\HP-14\Desktop Loaded Profiles: HP-14 (Available Profiles: HP-14 & Administrator) Platform: Windows 8.1 Single Language (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (© 2015 Microsoft Corporation) C:\Users\HP-14\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Camshare, Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe (Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe (TeamViewer GmbH) C:\Users\HP-14\AppData\Local\Temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Users\HP-14\AppData\Local\Temp\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Users\HP-14\AppData\Local\Temp\TeamViewer\tv_x64.exe (TeamViewer GmbH) C:\Users\HP-14\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-03] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-15] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-15] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-15] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-09] (Hewlett-Packard Development Company, L.P.) HKU\S-1-5-21-11426632-2631853391-3235129497-1002\...\Run: [BingSvc] => C:\Users\HP-14\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-11426632-2631853391-3235129497-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{06A5BDD3-1531-46AD-99D6-65787A5C87F6}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{151B6EBA-0931-46C4-BDC1-F416634ABDF1}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E826072A-C0C7-4320-9274-3D30BCB83337}: [DhcpNameServer] 192.168.56.3 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company) FireFox: ======== FF ProfilePath: C:\Users\HP-14\AppData\Roaming\Mozilla\Firefox\Profiles\ljryuvmz.default-1441253473990 FF Homepage: hxxps://www.google.co.th FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation) FF Extension: WOT - C:\Users\HP-14\AppData\Roaming\Mozilla\Firefox\Profiles\ljryuvmz.default-1441253473990\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-18] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-11-20] () [File not signed] S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-20] (Advanced Micro Devices, Inc.) [File not signed] S4 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2015-02-05] (Alps Electric Co., Ltd.) S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows (R) Win 7 DDK provider) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) S4 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-15] () [File not signed] R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1035768 2015-11-26] (Camshare Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-09] (Hewlett-Packard Development Company, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S4 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-15] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-24] (Realtek Semiconductor) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-19] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-08-27] (Realtek Semiconductor Corp.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-18] () S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-19 10:56 - 2015-12-19 10:57 - 00011609 _____ C:\Users\HP-14\Desktop\FRST.txt 2015-12-19 06:52 - 2015-12-19 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-18 13:01 - 2015-12-18 13:01 - 00000000 ____D C:\Users\HP-14\AppData\Local\CrashRpt 2015-12-18 11:28 - 2015-12-18 11:33 - 00000567 _____ C:\Users\HP-14\Desktop\JRT.txt 2015-12-18 11:25 - 2015-12-18 11:25 - 00000000 ____D C:\Users\HP-14\Desktop\Scan Tools 2015-12-18 11:23 - 2015-12-18 11:23 - 00000737 _____ C:\Users\HP-14\Desktop\AdwCleaner[C2].txt 2015-12-18 11:12 - 2015-12-18 11:12 - 00001044 _____ C:\Users\HP-14\Desktop\bmanlkog.txt 2015-12-18 10:55 - 2015-12-18 10:55 - 00002652 _____ C:\Users\HP-14\Desktop\rk_2168.tmp.txt 2015-12-18 07:42 - 2015-12-18 11:17 - 00000000 ____D C:\AdwCleaner 2015-12-18 07:12 - 2015-12-19 10:52 - 00000000 ____D C:\Users\HP-14\AppData\Local\CrashDumps 2015-12-18 06:50 - 2015-12-18 10:30 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2015-12-18 06:50 - 2015-12-18 07:08 - 00000000 ____D C:\ProgramData\RogueKiller 2015-12-18 06:48 - 2015-12-18 06:48 - 01599336 _____ (Malwarebytes) C:\Users\HP-14\Desktop\JRT.exe 2015-12-18 06:47 - 2015-12-18 06:47 - 20834376 _____ C:\Users\HP-14\Desktop\RogueKiller.exe 2015-12-18 06:35 - 2015-12-18 06:39 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-12-16 10:28 - 2015-12-16 10:28 - 00003881 _____ C:\Users\HP-14\Desktop\TeamViewer_Setup-lbs(1).exe - Shortcut.lnk 2015-12-16 10:28 - 2015-12-16 10:28 - 00003650 _____ C:\Users\HP-14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamViewer_Setup-lbs(1).lnk 2015-12-16 10:21 - 2015-12-16 10:21 - 00448512 _____ (OldTimer Tools) C:\Users\HP-14\Desktop\TFC.exe 2015-12-16 10:19 - 2015-12-16 10:20 - 00415744 _____ (Farbar) C:\Users\HP-14\Desktop\FSS.exe 2015-12-16 08:58 - 2015-12-19 10:56 - 00000000 ____D C:\FRST 2015-12-16 08:54 - 2015-12-18 08:27 - 02370048 _____ (Farbar) C:\Users\HP-14\Desktop\FRST64.exe 2015-12-16 08:49 - 2015-12-19 10:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-16 08:49 - 2015-12-16 08:49 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-12-16 08:49 - 2015-12-16 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-12-16 08:49 - 2015-12-16 08:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-16 08:49 - 2015-12-16 08:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-12-16 08:49 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-16 08:49 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-16 08:49 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-16 08:21 - 2015-12-18 11:59 - 00000000 ____D C:\Program Installers 2015-12-16 08:20 - 2015-12-16 08:20 - 00001389 _____ C:\Users\HP-14\Desktop\ManyCam.exe - Shortcut.lnk 2015-12-16 07:49 - 2015-12-16 07:49 - 00000000 ____D C:\Users\HP-14\Downloads\New folder (2) 2015-12-16 07:49 - 2015-12-16 07:49 - 00000000 ____D C:\Users\HP-14\Downloads\New folder 2015-12-16 07:39 - 2015-12-16 07:39 - 11161128 _____ (TeamViewer GmbH) C:\Users\HP-14\Downloads\TeamViewer_Setup-lbs(1).exe 2015-12-16 07:25 - 2015-12-16 07:25 - 00000000 ____D C:\Users\HP-14\AppData\Roaming\TeamViewer 2015-12-16 07:24 - 2015-12-16 07:25 - 06939792 _____ (TeamViewer) C:\Users\HP-14\Downloads\TeamViewerQS_th.exe 2015-12-13 11:43 - 2015-10-11 13:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-13 11:43 - 2015-10-11 13:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2015-12-13 11:43 - 2015-10-11 13:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2015-12-13 11:43 - 2015-10-11 13:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2015-12-13 11:43 - 2015-10-11 13:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2015-12-13 11:43 - 2015-10-11 01:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2015-12-13 11:43 - 2015-10-11 01:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys 2015-12-13 11:43 - 2015-10-11 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys 2015-12-11 07:04 - 2015-10-11 00:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-12-10 19:01 - 2015-12-10 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-10 10:02 - 2015-12-15 06:40 - 00133120 ____H C:\Users\HP-14\Downloads\photothumb.db 2015-12-09 11:49 - 2015-10-08 23:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2015-12-09 11:49 - 2015-10-08 22:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2015-12-09 11:49 - 2015-10-06 01:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2015-12-09 11:49 - 2015-10-06 01:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-12-09 11:49 - 2015-10-04 02:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-12-09 11:49 - 2015-10-04 02:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-12-09 11:19 - 2015-12-09 11:20 - 00347432 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-09 09:14 - 2015-11-05 15:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-09 09:13 - 2015-11-11 23:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-09 09:13 - 2015-11-11 23:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-09 09:13 - 2015-11-11 22:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-12-09 09:13 - 2015-11-11 22:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-12-09 09:13 - 2015-11-11 22:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-09 09:13 - 2015-11-11 22:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-12-09 09:13 - 2015-11-10 07:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-09 09:13 - 2015-11-10 07:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-12-09 09:13 - 2015-11-10 07:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-09 09:13 - 2015-11-10 07:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-09 09:13 - 2015-11-10 07:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-09 09:13 - 2015-11-10 06:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-09 09:13 - 2015-11-10 06:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-12-09 09:13 - 2015-11-10 06:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-12-09 09:13 - 2015-11-10 06:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-09 09:13 - 2015-11-10 06:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-09 09:13 - 2015-11-10 06:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-09 09:13 - 2015-11-10 06:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-12-09 09:13 - 2015-11-10 06:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-09 09:13 - 2015-11-10 06:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-09 09:13 - 2015-11-10 06:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-12-09 09:13 - 2015-11-09 05:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-09 09:13 - 2015-11-09 05:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-09 09:13 - 2015-11-09 05:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-09 09:13 - 2015-11-09 05:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-09 09:13 - 2015-11-09 05:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-09 09:13 - 2015-11-09 04:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-12-09 09:13 - 2015-11-09 04:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-12-09 09:13 - 2015-11-09 04:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-12-09 09:13 - 2015-11-09 04:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-12-09 09:13 - 2015-11-09 04:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-09 09:13 - 2015-11-09 04:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-09 09:13 - 2015-11-09 04:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-09 09:13 - 2015-11-09 04:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-09 09:13 - 2015-11-09 04:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-09 09:13 - 2015-11-09 03:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-12-09 09:13 - 2015-11-09 03:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-09 09:13 - 2015-11-09 03:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-09 09:13 - 2015-11-09 03:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-12-09 09:11 - 2015-11-22 13:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-09 09:11 - 2015-11-22 13:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-09 09:11 - 2015-11-22 13:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2015-12-09 09:11 - 2015-11-22 13:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2015-12-09 09:11 - 2015-11-22 13:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2015-12-09 09:11 - 2015-11-22 13:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2015-12-09 09:11 - 2015-11-22 13:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-09 09:11 - 2015-11-22 01:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-12-09 09:11 - 2015-11-22 00:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-12-09 09:11 - 2015-11-21 23:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-09 09:11 - 2015-11-21 23:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-09 09:11 - 2015-11-21 23:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-09 09:11 - 2015-11-21 23:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-09 09:11 - 2015-11-21 05:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-09 09:11 - 2015-11-21 01:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-09 09:11 - 2015-11-20 23:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-09 09:11 - 2015-11-20 23:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-12-09 09:11 - 2015-11-20 23:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-12-09 09:11 - 2015-11-20 23:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-12-09 09:11 - 2015-11-20 23:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-12-09 09:11 - 2015-11-20 23:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-12-09 09:11 - 2015-11-20 23:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-12-09 09:11 - 2015-11-20 23:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-12-09 09:11 - 2015-11-20 23:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-12-09 09:11 - 2015-11-20 23:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-12-09 09:11 - 2015-11-20 23:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-12-09 09:11 - 2015-11-09 07:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-09 09:11 - 2015-11-09 05:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-09 09:11 - 2015-11-09 04:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-12-09 09:11 - 2015-11-09 04:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-12-09 09:11 - 2015-11-09 04:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-09 09:11 - 2015-11-09 03:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-12-09 09:11 - 2015-11-09 03:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-09 09:11 - 2015-11-09 03:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-09 09:10 - 2015-10-28 22:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-09 09:10 - 2015-10-28 22:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-02 18:48 - 2015-12-02 18:48 - 00002210 _____ C:\Users\HP-14\Desktop\HP Support Assistant.lnk 2015-11-21 07:09 - 2015-11-21 07:09 - 00000000 __RHD C:\Users\Public\Libraries ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-19 10:55 - 2015-09-01 16:59 - 00000000 ____D C:\Users\HP-14\AppData\Roaming\Skype 2015-12-19 10:46 - 2015-09-01 15:54 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-11426632-2631853391-3235129497-1002 2015-12-19 10:44 - 2015-09-06 15:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-19 10:40 - 2013-08-22 21:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-19 10:39 - 2015-11-11 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-19 10:39 - 2015-09-01 15:38 - 00000000 ____D C:\Users\HP-14 2015-12-18 20:06 - 2015-09-01 16:53 - 00000000 ____D C:\Users\HP-14\AppData\Roaming\Camfrog 2015-12-18 13:31 - 2015-09-01 16:53 - 00000000 ____D C:\ProgramData\Camfrog Update 2015-12-18 10:23 - 2015-09-01 17:44 - 00000000 ____D C:\Users\HP-14\AppData\Local\ManyCam 2015-12-18 09:13 - 2013-08-22 20:36 - 00000000 ____D C:\Windows 2015-12-18 08:51 - 2015-11-11 19:40 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-18 08:49 - 2015-09-16 05:06 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2015-12-18 08:49 - 2015-09-16 05:06 - 00000000 ___SD C:\WINDOWS\system32\GWX 2015-12-16 08:28 - 2013-08-22 20:36 - 00000000 ____D C:\WINDOWS\Inf 2015-12-16 08:23 - 2015-09-09 08:16 - 00000000 ____D C:\Program Files (x86)\ControlCenter4 2015-12-16 08:13 - 2015-09-01 16:12 - 00000000 ____D C:\ProgramData\Avira 2015-12-16 08:13 - 2014-01-18 10:01 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-16 04:37 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\rescache 2015-12-15 20:52 - 2014-01-18 10:04 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2015-12-11 17:03 - 2015-09-03 14:19 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-11 16:52 - 2015-09-03 14:19 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-11 05:47 - 2013-08-22 20:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-10 19:01 - 2015-09-01 16:59 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-10 19:01 - 2015-09-01 16:59 - 00000000 ____D C:\Users\HP-14\AppData\Local\Skype 2015-12-10 19:01 - 2015-09-01 16:59 - 00000000 ____D C:\ProgramData\Skype 2015-12-10 10:01 - 2015-09-08 14:37 - 00006144 ____H C:\Users\HP-14\Documents\photothumb.db 2015-12-09 13:53 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-09 13:23 - 2015-09-02 15:36 - 00000000 ____D C:\Users\HP-14\AppData\Roaming\vlc 2015-12-09 08:44 - 2015-09-06 15:18 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-12-08 19:17 - 2015-09-06 15:09 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk 2015-12-08 19:17 - 2015-09-06 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE 2015-12-06 17:53 - 2015-10-14 16:38 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHP-14.job 2015-12-06 17:53 - 2015-10-07 20:17 - 00003152 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHP-14 2015-12-06 17:53 - 2015-09-01 16:04 - 00000000 ____D C:\Users\HP-14\AppData\Local\Hewlett-Packard 2015-12-05 08:54 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-12-03 08:22 - 2013-12-11 12:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2015-12-02 18:48 - 2013-12-11 12:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-12-02 18:48 - 2013-12-11 12:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-12-02 18:47 - 2013-12-11 12:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-02 18:47 - 2013-12-11 11:20 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-12-02 18:38 - 2013-09-01 10:49 - 00000000 ____D C:\SWSetup 2015-12-02 00:19 - 2015-09-04 05:52 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-02 00:19 - 2015-09-04 05:51 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-11-24 12:39 - 2013-08-26 13:04 - 00000000 ____D C:\Users\Administrator 2015-11-19 15:51 - 2013-08-26 13:09 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI Some files in TEMP: ==================== C:\Users\HP-14\AppData\Local\Temp\dllnt_dump.dll C:\Users\HP-14\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-18 08:49 ==================== End of FRST.txt ============================   Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-12-2015 Ran by HP-14 (2015-12-19 10:59:01) Running from C:\Users\HP-14\Desktop Windows 8.1 Single Language (X64) (2015-09-01 08:41:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-11426632-2631853391-3235129497-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-11426632-2631853391-3235129497-501 - Limited - Disabled) HP-14 (S-1-5-21-11426632-2631853391-3235129497-1002 - Administrator - Enabled) => C:\Users\HP-14 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.102 - Alps Electric) AMD Catalyst Install Manager (HKLM\...\{37ED2328-4288-6720-9D34-ECD5709B4F21}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.510 - Camshare, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) ESET NOD32 Antivirus (HKLM\...\{262CB87D-2073-415A-8F3A-EFC1B2AD25CA}) (Version: 9.0.318.20 - ESET, spol. s r.o.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{71D55970-20A4-43F2-BECD-8F315DEB64F1}) (Version: 1.1.1.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{BD07318C-624D-40AE-908C-FA84CDC4EA51}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{D72E8F9D-1FB1-4816-93DA-19B4E45604BF}) (Version: 2.3.3 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden KaraokeMedia Home PC (HKLM-x32\...\{D47F5FBE-A027-4833-AFE0-A23288DD2194}_is1) (Version: 3.4.0.0 - ECLIPSE PRODUCCIONES S.L.) LINE (HKLM-x32\...\LINE) (Version: 4.3.0.724 - LINE Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) ManyCam 4.0.109 (HKLM-x32\...\ManyCam) (Version: 4.0.109 - Visicom Media Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - ) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 02-12-2015 18:44:20 Installed HP Support Assistant 09-12-2015 09:14:50 Windows Update 13-12-2015 21:44:08 Windows Update 16-12-2015 08:23:27 Removed Brother Software Suite 18-12-2015 07:49:10 JRT Pre-Junkware Removal 18-12-2015 11:24:46 JRT Pre-Junkware Removal ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0151302E-0485-41F8-A258-5CA7D933B928} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {020603E6-0A09-4836-B709-36B6CBFE6F8E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {0BF8980B-C48F-4996-8A0F-E4FB9560813A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {0CA92A89-5AEF-4155-A2A6-44256D7E05CD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {155BCE40-0B0B-4899-AA22-A2D9CB496A05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {4F423F3C-F2AF-4374-BEB7-F80B6C4DA01D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {6134D5B7-F394-4CA0-A310-9FAD329386DD} - System32\Tasks\{42953E43-8276-405E-BA53-8C009DEF4179} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.14.0.104&amp;LastError=12007 Task: {B8509F01-9101-4DA2-BB6F-5C7D492C6E69} - System32\Tasks\HPCeeScheduleForHP-14 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {BF397B42-FB2F-4E46-B3FA-B9D2DE8319AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {DD4C38AE-916B-45A3-B553-BDC23313743E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard) Task: {EF81D7D4-E346-46A8-87E4-94A7EFB94A91} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-11] (Microsoft Corporation) Task: {F356B095-6B3B-4DBD-9C3C-6C56B3E807F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForHP-14.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-10-15 02:30 - 2013-10-15 02:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2013-10-15 02:25 - 2013-10-15 02:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-15 02:22 - 2013-10-15 02:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-15 02:22 - 2013-10-15 02:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll 2012-11-14 10:22 - 2012-11-14 10:22 - 02010624 _____ () C:\Program Files (x86)\ManyCam\opencv_core220.dll 2012-11-14 10:23 - 2012-11-14 10:23 - 01241088 _____ () C:\Program Files (x86)\ManyCam\opencv_imgproc220.dll 2012-11-14 10:23 - 2012-11-14 10:23 - 00241152 _____ () C:\Program Files (x86)\ManyCam\opencv_objdetect220.dll 2012-11-14 10:23 - 2012-11-14 10:23 - 00775680 _____ () C:\Program Files (x86)\ManyCam\opencv_highgui220.dll 2012-11-14 10:23 - 2012-11-14 10:23 - 00201216 _____ () C:\Program Files (x86)\ManyCam\opencv_video220.dll 2015-12-19 10:52 - 2015-12-19 10:52 - 00086016 _____ () C:\Users\HP-14\AppData\Local\Temp\qt_temp.Hp4320 ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-11426632-2631853391-3235129497-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdaptiveSleepService => 2 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AMD FUEL Service => 2 MSCONFIG\Services: ApHidMonitorService => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BrYNSvc => 3 MSCONFIG\Services: Cachedrv server => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: HPWMISVC => 2 MSCONFIG\Services: omniserv => 2 HKU\S-1-5-21-11426632-2631853391-3235129497-1002\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{CF44DDB4-6AF8-4FDE-827F-9F4AA1B16CCC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A6409434-A9CE-492E-8A23-0425E0BF0CFC}] => (Allow) LPort=2869 FirewallRules: [{49F19F4C-9924-4C25-9847-B20F3F2FE0A2}] => (Allow) LPort=1900 FirewallRules: [{D9692EBE-0545-4A23-84A4-9681B91DA370}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D5885569-3BCD-4FE7-8D08-BC8D5B167294}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0BB5094F-106A-46E2-B6AC-973048D77B7D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0BA76161-62A6-49FC-BF57-6661803C037A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{12C4CDF7-773B-48D9-BD33-8D8E8BCEEF0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{90815BCF-A5ED-4B02-A03F-68CC7D8D6134}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{457F99EA-B47F-477F-A5A4-E44F24BCBA1D}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{DCDBAE70-FBDC-4B08-AA80-C3F750FE07AC}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [{0839395C-B7BB-462D-961E-1093C23A62E9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{18AF51F5-DBE9-46FA-8FF5-598E5E4EB6FF}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe FirewallRules: [{6BF6C7DA-B498-4334-8E3A-F6079F7B9111}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe FirewallRules: [{F9EBB4AD-EAD3-45EB-AB5D-C596DC50BF28}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EEA9E206-0355-4464-A9D6-6F5187DA1438}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/19/2015 10:52:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ManyCam.exe, version: 4.0.77.5404, time stamp: 0x53326df6 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc Exception code: 0xe06d7363 Fault offset: 0x00015b68 Faulting process id: 0x10e0 Faulting application start time: 0xManyCam.exe0 Faulting application path: ManyCam.exe1 Faulting module path: ManyCam.exe2 Report Id: ManyCam.exe3 Faulting package full name: ManyCam.exe4 Faulting package-relative application ID: ManyCam.exe5 Error: (12/19/2015 10:41:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPSmplPass.exe, version: 8.0.0.57, time stamp: 0x525c1c34 Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x525c1aea Exception code: 0xc0000005 Fault offset: 0x000000000002ff27 Faulting process id: 0x93c Faulting application start time: 0xHPSmplPass.exe0 Faulting application path: HPSmplPass.exe1 Faulting module path: HPSmplPass.exe2 Report Id: HPSmplPass.exe3 Faulting package full name: HPSmplPass.exe4 Faulting package-relative application ID: HPSmplPass.exe5 Error: (12/19/2015 09:02:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ManyCam.exe, version: 4.0.77.5404, time stamp: 0x53326df6 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc Exception code: 0xe06d7363 Fault offset: 0x00015b68 Faulting process id: 0x820 Faulting application start time: 0xManyCam.exe0 Faulting application path: ManyCam.exe1 Faulting module path: ManyCam.exe2 Report Id: ManyCam.exe3 Faulting package full name: ManyCam.exe4 Faulting package-relative application ID: ManyCam.exe5 Error: (12/19/2015 09:00:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPSmplPass.exe, version: 8.0.0.57, time stamp: 0x525c1c34 Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x525c1aea Exception code: 0xc0000005 Fault offset: 0x000000000002ff27 Faulting process id: 0xd48 Faulting application start time: 0xHPSmplPass.exe0 Faulting application path: HPSmplPass.exe1 Faulting module path: HPSmplPass.exe2 Report Id: HPSmplPass.exe3 Faulting package full name: HPSmplPass.exe4 Faulting package-relative application ID: HPSmplPass.exe5 Error: (12/19/2015 08:59:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TeamViewer_Service.exe, version: 11.0.53254.0, time stamp: 0x566ee0ba Faulting module name: TeamViewer_Service.exe, version: 11.0.53254.0, time stamp: 0x566ee0ba Exception code: 0xc0000409 Fault offset: 0x0031c75c Faulting process id: 0x7b0 Faulting application start time: 0xTeamViewer_Service.exe0 Faulting application path: TeamViewer_Service.exe1 Faulting module path: TeamViewer_Service.exe2 Report Id: TeamViewer_Service.exe3 Faulting package full name: TeamViewer_Service.exe4 Faulting package-relative application ID: TeamViewer_Service.exe5 Error: (12/18/2015 01:03:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ManyCam.exe, version: 4.0.77.5404, time stamp: 0x53326df6 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc Exception code: 0xe06d7363 Fault offset: 0x00015b68 Faulting process id: 0xa80 Faulting application start time: 0xManyCam.exe0 Faulting application path: ManyCam.exe1 Faulting module path: ManyCam.exe2 Report Id: ManyCam.exe3 Faulting package full name: ManyCam.exe4 Faulting package-relative application ID: ManyCam.exe5 Error: (12/18/2015 12:58:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPSmplPass.exe, version: 8.0.0.57, time stamp: 0x525c1c34 Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x525c1aea Exception code: 0xc0000005 Fault offset: 0x000000000002ff27 Faulting process id: 0x1040 Faulting application start time: 0xHPSmplPass.exe0 Faulting application path: HPSmplPass.exe1 Faulting module path: HPSmplPass.exe2 Report Id: HPSmplPass.exe3 Faulting package full name: HPSmplPass.exe4 Faulting package-relative application ID: HPSmplPass.exe5 Error: (12/18/2015 11:40:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ManyCam.exe, version: 4.0.77.5404, time stamp: 0x53326df6 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc Exception code: 0xe06d7363 Fault offset: 0x00015b68 Faulting process id: 0x13f8 Faulting application start time: 0xManyCam.exe0 Faulting application path: ManyCam.exe1 Faulting module path: ManyCam.exe2 Report Id: ManyCam.exe3 Faulting package full name: ManyCam.exe4 Faulting package-relative application ID: ManyCam.exe5 Error: (12/18/2015 11:23:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPSmplPass.exe, version: 8.0.0.57, time stamp: 0x525c1c34 Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x525c1aea Exception code: 0xc0000005 Fault offset: 0x000000000002ff27 Faulting process id: 0x13b4 Faulting application start time: 0xHPSmplPass.exe0 Faulting application path: HPSmplPass.exe1 Faulting module path: HPSmplPass.exe2 Report Id: HPSmplPass.exe3 Faulting package full name: HPSmplPass.exe4 Faulting package-relative application ID: HPSmplPass.exe5 Error: (12/18/2015 10:23:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ManyCam.exe, version: 4.0.77.5404, time stamp: 0x53326df6 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc Exception code: 0xe06d7363 Fault offset: 0x00015b68 Faulting process id: 0x149c Faulting application start time: 0xManyCam.exe0 Faulting application path: ManyCam.exe1 Faulting module path: ManyCam.exe2 Report Id: ManyCam.exe3 Faulting package full name: ManyCam.exe4 Faulting package-relative application ID: ManyCam.exe5 System errors: ============= Error: (12/19/2015 10:39:03 AM) (Source: DCOM) (EventID: 10010) (User: HP) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/19/2015 10:39:03 AM) (Source: DCOM) (EventID: 10010) (User: HP) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/19/2015 08:58:25 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:55:31 AM on ‎12/‎19/‎2015 was unexpected. Error: (12/18/2015 11:17:38 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (12/18/2015 11:17:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s). Error: (12/18/2015 11:17:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (12/18/2015 11:17:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s). Error: (12/18/2015 11:17:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s). Error: (12/18/2015 11:17:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Camfrog Update Service service terminated unexpectedly.  It has done this 1 time(s). Error: (12/18/2015 11:17:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s). CodeIntegrity: ===================================   Date: 2015-09-03 13:15:11.178   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avscan.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avnotify.exe that did not meet the Microsoft signing level requirements.   Date: 2015-09-03 12:35:42.289   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avscan.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avnotify.exe that did not meet the Microsoft signing level requirements.   Date: 2015-09-03 12:35:00.376   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avscan.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avnotify.exe that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics Percentage of memory in use: 54% Total physical RAM: 3542.01 MB Available physical RAM: 1626.13 MB Total Virtual: 4182.01 MB Available Virtual: 2030.76 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:446.91 GB) (Free:397.01 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:18.08 GB) (Free:1.86 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 44106F1D) Partition: GPT. ==================== End of Addition.txt ============================ -
  14. Ok, I will get back to this one later tonight. Thanks for all your help.
  15. Have to close this thread. I'm sorry Broni. They want go off on there own to fix it now . :(