panthermom29 Posted July 25, 2016 Report Share Posted July 25, 2016 my computer won't let me do anything because of pop-ups and viruses. Link to post Share on other sites
flashh4 Posted July 25, 2016 Report Share Posted July 25, 2016 Howdy Panthermom and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer. Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !! If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !! Perform all actions in the order given. Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =================================== AdwCleaner Please download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner] by Xplode onto your desktop. Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the "Clean" button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder. NEXT Please download http://thisisudax.org/downloads/JRT.exe]JUNKWARE Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !! NEXT Download the free version Malwarebytes' Anti-Malware (save it to your desktop). >>> https://www.malwarebytes.org/antimalware/ * Windows XP : Double click on the icon to run it. * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" * Select Scan tab. * Select type of scan to perform: * Threat Scan < --- Select this type of scan * Custom Scan * Hyper Scan Next click the Scan button. When the scan is complete, if no malicious items are found you can close the program. If malicious items are found be sure that everything is checked, and click Quarantine . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. NEXT Download DDS and save it to your Desktop. >>> http://download.bleepingcomputer.com/sUBs/dds.com Double click dds.scr to run the tool. If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt. DDS will now scan your computer. When the scan is complete, DDS will open two (2) logs: DDS.txt Attach.txt If not saved these logs will be automatically deleted when closed, so save both to your Desktop. Please note it is important that you post BOTH logs in your topic. Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead. Post next: 1. AdwCleaner Log 2. Junkware Removal Log 3. Malwarebytes Log 4. DDS logs (2 logs) Thanks Chuck Link to post Share on other sites
flashh4 Posted August 2, 2016 Report Share Posted August 2, 2016 Can you run these programs now ?? Chuck Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 i'm here!!! Link to post Share on other sites
flashh4 Posted August 2, 2016 Report Share Posted August 2, 2016 I will be in & out so post the logs as you get them ! Chuck Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 # AdwCleaner v5.201 - Logfile created 02/08/2016 at 12:51:10 # Updated 30/06/2016 by ToolsLib # Database : 2016-08-02.2 [Server] # Operating system : Windows 10 Home (X64) # Username : Janet - JANET # Running from : C:\Users\Janet\Downloads\adwcleaner_5.201(2).exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdTrustMedia [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair [-] Folder Deleted : C:\Program Files (x86)\AdTrustMedia [-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone [-] Folder Deleted : C:\Program Files (x86)\PCAPDownloader [-] Folder Deleted : C:\Program Files (x86)\PCBackup360 [-] Folder Deleted : C:\Users\Janet\AppData\Local\AdTrustMedia [-] Folder Deleted : C:\Users\Janet\AppData\LocalLow\download Manager [-] Folder Deleted : C:\Users\Janet\AppData\Roaming\AdTrustMedia [-] Folder Deleted : C:\Users\Janet\AppData\Roaming\K9AMW [-] Folder Deleted : C:\Users\Janet\AppData\Roaming\Itibiti [-] Folder Deleted : C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [-] Folder Deleted : C:\Users\Janet\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [-] Folder Deleted : C:\Program Files\AdTrustMedia [-] Folder Deleted : C:\Program Files\Reimage ***** [ Files ] ***** [-] File Deleted : C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [-] File Deleted : C:\WINDOWS\Reimage.ini [-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll [-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini [-] File Deleted : C:\WINDOWS\SysNative\reimage.rep [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : APSnotifierCA [-] Task Deleted : Reimage Reminder [-] Task Deleted : ReimageUpdater [-] Task Deleted : System HealerStartUp [-] Task Deleted : System HealerPeriod [-] Task Deleted : PC360\PC360Downloader\PC360 Downloader [-] Task Deleted : AVG-Secure-Search-Update_0214b_rel [-] Task Deleted : AVG-Secure-Search-Update_0214b_rmv [-] Task Deleted : AVG-Secure-Search-Update_0414c_rel [-] Task Deleted : AVG-Secure-Search-Update_0414c_rmv [-] Task Deleted : AVG-Secure-Search-Update_0214b_rel [-] Task Deleted : AVG-Secure-Search-Update_0214b_rmv [-] Task Deleted : AVG-Secure-Search-Update_0414c_rel [-] Task Deleted : AVG-Secure-Search-Update_0414c_rmv [-] Task Deleted : DNSMILAN [-] Task Deleted : Reimage Reminder [-] Task Deleted : ReimageUpdater ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe [-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe] [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe] [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [MediaPlayerEnhance-bg.exe] [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Plus-HD-7.5-bg.exe] [-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6376e9bc} [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myscrapnook.com [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController [-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKCU\Software\APN PIP [-] Key Deleted : HKCU\Software\K9Tools [-] Key Deleted : HKCU\Software\PRODUCTSETUP [-] Key Deleted : HKCU\Software\RapidMediaConverterApp [-] Key Deleted : HKCU\Software\Reimage [-] Key Deleted : HKCU\Software\System Healer [-] Key Deleted : HKCU\Software\WebDiscoverBrowser [-] Key Deleted : HKCU\Software\Yahoo\Companion [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar [-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. [-] Key Deleted : HKCU\Software\NowUSeeItPlayer [-] Key Deleted : HKCU\Software\InSTab [-] Key Deleted : HKCU\Software\ACPTab [-] Key Deleted : HKCU\Software\PC360 [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\K9Tools [-] Key Deleted : HKLM\SOFTWARE\RrFilter [-] Key Deleted : HKLM\SOFTWARE\Taronja [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1 [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} [-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage [-] Key Deleted : [x64] HKLM\SOFTWARE\WebDiscoverBrowser [-] Key Deleted : [x64] HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair [-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork [-] Key Deleted : HKU\.DEFAULT\Software\ByteFence [-] Key Deleted : HKU\.DEFAULT\Software\WebDiscoverBrowser [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2551327239-2481401676-1268998139-1002\Software\FindRight [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2551327239-2481401676-1268998139-1002\Software\mysearchdial [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2551327239-2481401676-1268998139-1002\Software\wecarereminder [-] Key Deleted : HKU\S-1-5-21-2551327239-2481401676-1268998139-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\MediaPlayerEnhance [-] Key Deleted : HKU\S-1-5-21-2551327239-2481401676-1268998139-1008\Software\System Healer [-] Key Deleted : HKU\S-1-5-21-2551327239-2481401676-1268998139-1008\Software\TechAgent [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4 [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Data Restored : HKU\S-1-5-21-2551327239-2481401676-1268998139-1002\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{D1A756C4-AE24-4F61-BD29-F5E313AAB39A}C:\program files (x86)\itibiti soft phone\itibiti.exe] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{B514FF7A-0D1D-4F48-AF7A-C3F7FC36B7C1}C:\program files (x86)\itibiti soft phone\itibiti.exe] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{B3FFEAF5-A631-46EE-A946-ADEA7B19ADF4}C:\program files (x86)\itibiti soft phone\itibiti.exe] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{5E0FC4E8-1DF6-4DF9-9234-9FA6BA9F5566}C:\program files (x86)\itibiti soft phone\itibiti.exe] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7cab9679-5869-4834-9ded-f0ae350c7af3} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7cab9679-5869-4834-9ded-f0ae350c7af3} [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [-] Data Restored : HKU\S-1-5-21-2551327239-2481401676-1268998139-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a66fc120-4b59-4aba-a50d-275ef46a6b6b} [NameServer] [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{bff28cd7-4df7-452a-8e4d-12b3c2182e83} [NameServer] [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f3888b1e-5315-4806-85bb-1d61349c3060} [NameServer] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mmotraffic.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearchdial.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nowuseeitplayer.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ui.nowuseeitplayer.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\web.itibitiphone.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\007go.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.livelyrics00.live-lyrics.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\us.yhs4.search.yahoo.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe] [#] Value Deleted : HKU\S-1-5-21-2551327239-2481401676-1268998139-1002\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe] ***** [ Web browsers ] ***** [-] [C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com [-] [C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com [-] [C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_15_51¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyCzzzy0D0F0C0ByCtB0CyE0E0F0FtN0D0Tzu0StCyEyEyEtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCtA0F0CtDyDtCyCtGtB0D0DyEtGyB0C0AyBtGtD0FzyzztGtC0EyCyByC0C0EtC0FyCtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0C0D0CtDzytCzytG0E0BtDyEtGyEyCtAtBtGzyyEyEyEtGyC0DtB0BtCzzzyyCtAzyzy0A2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D2021870676%26a%3Dwbf_mdaffmarmarie_15_51%26os%3DWindows%2B8.1 [-] [C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_15_51¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyCzzzy0D0F0C0ByCtB0CyE0E0F0FtN0D0Tzu0StCyEyEyEtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCtA0F0CtDyDtCyCtGtB0D0DyEtGyB0C0AyBtGtD0FzyzztGtC0EyCyByC0C0EtC0FyCtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0C0D0CtDzytCzytG0E0BtDyEtGyEyCtAtBtGzyyEyEyEtGyC0DtB0BtCzzzyyCtAzyzy0A2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D2021870676%26a%3Dwbf_mdaffmarmarie_15_51%26os%3DWindows%2B8.1&p={searchTerms} [-] [C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cmaiofennmphjldldcpphcechfnnohja [-] [C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_15_51¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyCzzzy0D0F0C0ByCtB0CyE0E0F0FtN0D0Tzu0StCyEyEyEtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCtA0F0CtDyDtCyCtGtB0D0DyEtGyB0C0AyBtGtD0FzyzztGtC0EyCyByC0C0EtC0FyCtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0C0D0CtDzytCzytG0E0BtDyEtGyEyCtAtBtGzyyEyEyEtGyC0DtB0BtCzzzyyCtAzyzy0A2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D2021870676%26a%3Dwbf_mdaffmarmarie_15_51%26os%3DWindows%2B8.1 ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [4507 bytes] - [02/08/2016 12:47:09] C:\AdwCleaner\AdwCleaner[C2].txt - [20164 bytes] - [02/08/2016 12:51:10] C:\AdwCleaner\AdwCleaner[R0].txt - [12556 bytes] - [22/08/2014 10:43:02] C:\AdwCleaner\AdwCleaner[R1].txt - [1144 bytes] - [26/08/2014 09:54:26] C:\AdwCleaner\AdwCleaner[R2].txt - [1205 bytes] - [26/08/2014 09:57:46] C:\AdwCleaner\AdwCleaner[S0].txt - [11749 bytes] - [22/08/2014 10:44:14] C:\AdwCleaner\AdwCleaner[S1].txt - [26894 bytes] - [26/08/2014 09:58:51] C:\AdwCleaner\AdwCleaner[S2].txt - [21746 bytes] - [02/08/2016 12:49:15] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [20680 bytes] ########## Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Home x64 Ran by Janet (Administrator) on Tue 08/02/2016 at 13:08:58.38 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 34 Successfully deleted: C:\Users\Janet\AppData\Local\{0C28329A-886A-4FE8-9394-6820BE8BBC5E} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{0FE5E0D5-1B19-4E25-9023-43772FD3A5B8} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{139A86D1-24E2-403D-AB97-33E9CDE92500} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{13AC9232-65CC-4239-9B58-EFF88F7D9735} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{16FD42C1-7B31-4CB0-9CB0-24DB7ACA8A09} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{213C6474-7555-4CCD-B6F3-6E4C57DEB536} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{33F82120-FD1C-4859-ABAE-11D043608E09} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{358BAAB8-D2DE-4482-8B92-D90860F67376} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{38A526D1-638E-4F9D-A9D6-FEB7009240B6} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{4C28F0E3-3DD1-431D-957A-DC85CF74C364} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{5082AC7C-91DF-4063-A620-CAD7025285EE} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{54FDB5ED-86B2-4483-B9FA-C9A0AB070A0D} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{5A78C245-D1A2-4ABC-990C-5491260187B0} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{61632748-4FE0-4918-9C1D-DED61427890D} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{64BC180F-00F7-47E8-A47E-D8331DEF4D04} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{64D6294C-9761-4864-8823-E19FF9A0FDBC} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{6746B4B8-0BA5-467A-A65A-10528F67153F} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{6D246DCF-9AC5-42B1-BA67-176E641B3438} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{6E3DC328-AC0C-40D1-8F30-B2501D567470} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{7C7F35C8-06CC-423D-BC92-D86CD2441164} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{881F31A0-D189-4C3B-9C73-9F834AB2ECFC} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{95B218FC-6708-4188-AE2A-53430BF3A91C} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{9A70198B-E183-40F5-AB0E-C3CA7796D887} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{A8130B6C-5592-4B3E-AB64-4EC3B28F872F} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{A860879D-0895-4594-B1A3-84C94572B64C} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{AEC072E9-B3AF-4392-B263-23040DE9D964} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{B0311B34-F1F7-472A-902D-461200A4C85A} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{BAC1654A-5E8C-4697-B6A8-757982FD68FC} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{C48A59A8-A335-4880-8E17-DF3F5BA44426} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{EC0C2781-E25C-446C-9847-B748910B9ABB} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{F1D2AE67-3380-413A-A426-406C02E339E1} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{FEE9F911-4E63-4D97-A28C-5BE117176F77} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Janet\AppData\Roaming\nico mak computing (Folder) Registry: 2 Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AE7471D-5150-48CF-8498-4CB9E8FAEA90} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AE7471D-5150-48CF-8498-4CB9E8FAEA90} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/02/2016 at 13:12:46.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Home x64 Ran by Janet (Administrator) on Tue 08/02/2016 at 13:08:58.38 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 34 Successfully deleted: C:\Users\Janet\AppData\Local\{0C28329A-886A-4FE8-9394-6820BE8BBC5E} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{0FE5E0D5-1B19-4E25-9023-43772FD3A5B8} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{139A86D1-24E2-403D-AB97-33E9CDE92500} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{13AC9232-65CC-4239-9B58-EFF88F7D9735} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{16FD42C1-7B31-4CB0-9CB0-24DB7ACA8A09} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{213C6474-7555-4CCD-B6F3-6E4C57DEB536} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{33F82120-FD1C-4859-ABAE-11D043608E09} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{358BAAB8-D2DE-4482-8B92-D90860F67376} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{38A526D1-638E-4F9D-A9D6-FEB7009240B6} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{4C28F0E3-3DD1-431D-957A-DC85CF74C364} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{5082AC7C-91DF-4063-A620-CAD7025285EE} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{54FDB5ED-86B2-4483-B9FA-C9A0AB070A0D} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{5A78C245-D1A2-4ABC-990C-5491260187B0} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{61632748-4FE0-4918-9C1D-DED61427890D} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{64BC180F-00F7-47E8-A47E-D8331DEF4D04} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{64D6294C-9761-4864-8823-E19FF9A0FDBC} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{6746B4B8-0BA5-467A-A65A-10528F67153F} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{6D246DCF-9AC5-42B1-BA67-176E641B3438} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{6E3DC328-AC0C-40D1-8F30-B2501D567470} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{7C7F35C8-06CC-423D-BC92-D86CD2441164} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{881F31A0-D189-4C3B-9C73-9F834AB2ECFC} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{95B218FC-6708-4188-AE2A-53430BF3A91C} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{9A70198B-E183-40F5-AB0E-C3CA7796D887} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{A8130B6C-5592-4B3E-AB64-4EC3B28F872F} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{A860879D-0895-4594-B1A3-84C94572B64C} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{AEC072E9-B3AF-4392-B263-23040DE9D964} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{B0311B34-F1F7-472A-902D-461200A4C85A} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{BAC1654A-5E8C-4697-B6A8-757982FD68FC} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{C48A59A8-A335-4880-8E17-DF3F5BA44426} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{EC0C2781-E25C-446C-9847-B748910B9ABB} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{F1D2AE67-3380-413A-A426-406C02E339E1} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\{FEE9F911-4E63-4D97-A28C-5BE117176F77} (Empty Folder) Successfully deleted: C:\Users\Janet\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Janet\AppData\Roaming\nico mak computing (Folder) Registry: 2 Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AE7471D-5150-48CF-8498-4CB9E8FAEA90} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AE7471D-5150-48CF-8498-4CB9E8FAEA90} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/02/2016 at 13:12:46.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 i don't know if this is the same as the second....I am having a hard time finding where the computer put it once I saved it so if this isn't the right third report let me know and I will keep looking. Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 Malwarebytes Anti-Malwarewww.malwarebytes.org Update, 8/4/2014 7:48 AM, SYSTEM, JANET, Scheduler, Rootkit Database, 2014.7.17.1, 2014.8.1.1, Update, 8/4/2014 7:49 AM, SYSTEM, JANET, Scheduler, Malware Database, 2014.7.31.5, 2014.8.4.4, Detection, 8/4/2014 8:00 AM, SYSTEM, JANET, Protection, Malicious Website Protection, IP, 66.45.56.109, 114333.displayadfeed.com, 57128, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe, Detection, 8/4/2014 8:00 AM, SYSTEM, JANET, Protection, Malicious Website Protection, IP, 66.45.56.109, 114333.displayadfeed.com, 57128, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe, Detection, 8/4/2014 8:00 AM, SYSTEM, JANET, Protection, Malicious Website Protection, IP, 66.45.56.109, 114333.displayadfeed.com, 57129, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe, Detection, 8/4/2014 8:01 AM, SYSTEM, JANET, Protection, Malicious Website Protection, IP, 66.45.56.109, 114333.displayadfeed.com, 57207, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe, Detection, 8/4/2014 8:01 AM, SYSTEM, JANET, Protection, Malicious Website Protection, IP, 66.45.56.109, 114333.displayadfeed.com, 57206, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe, Update, 8/4/2014 8:39 AM, SYSTEM, JANET, Manual, Malware Database, 2014.8.4.4, 2014.8.4.5, Protection, 8/4/2014 8:39 AM, SYSTEM, JANET, Protection, Refresh, Starting, Protection, 8/4/2014 8:39 AM, SYSTEM, JANET, Protection, Malicious Website Protection, Stopping, Protection, 8/4/2014 8:39 AM, SYSTEM, JANET, Protection, Malicious Website Protection, Stopped, Protection, 8/4/2014 8:39 AM, SYSTEM, JANET, Protection, Refresh, Success, Protection, 8/4/2014 8:39 AM, SYSTEM, JANET, Protection, Malicious Website Protection, Starting, Protection, 8/4/2014 8:39 AM, SYSTEM, JANET, Protection, Malicious Website Protection, Started, (end) Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 finally found it lol!!! Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.10586.494 BrowserJavaVersion: 10.67.2 Run by Janet at 14:19:51 on 2016-08-02Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.7644.5324 [GMT -6:00] . AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\system32\dwm.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\atiesrxx.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\System32\WUDFHost.exe C:\WINDOWS\system32\atieclxx.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\system32\Hpservice.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k apphost C:\WINDOWS\System32\svchost.exe -k utcsvc C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe C:\WINDOWS\system32\svchost.exe -k appmodel C:\WINDOWS\system32\dashost.exe C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\system32\sihost.exe C:\WINDOWS\system32\taskhostw.exe C:\Windows\System32\RuntimeBroker.exe C:\WINDOWS\Explorer.EXE C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\WINDOWS\system32\SettingSyncHost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe C:\Users\Janet\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\Janet\AppData\Roaming\Interstatnogui\interstatnogui.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe C:\Program Files (x86)\Office Suite X 3\program\soffice.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Office Suite X 3\program\soffice.bin C:\Program Files\Windows Defender\MpCmdRun.exe C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup C:\WINDOWS\system32\ApplicationFrameHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\helppane.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uProxyOverride = <-loopback>;*.local BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll uRun: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2971C5ZL05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 uRun: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [OneDrive] "C:\Users\Janet\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background uRun: [Interstatnogui] C:\Users\Janet\AppData\Roaming\Interstatnogui\interstatnogui.exe mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Office Suite X 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\REALTI~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: DSCAutomationHostEnabled = dword:2 mPolicies-System: EnableVirtualization = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - Trusted Zone: localhost DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab TCP: NameServer = 8.8.8.8,8.8.8.4 TCP: NameServer = 72.21.70.3 67.215.21.202 192.168.1.1 TCP: Interfaces\{a66fc120-4b59-4aba-a50d-275ef46a6b6b} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{a66fc120-4b59-4aba-a50d-275ef46a6b6b} : DHCPNameServer = 82.163.143.171 TCP: Interfaces\{bff28cd7-4df7-452a-8e4d-12b3c2182e83} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{bff28cd7-4df7-452a-8e4d-12b3c2182e83} : DHCPNameServer = 72.21.70.3 67.215.21.202 192.168.1.1 TCP: Interfaces\{f3888b1e-5315-4806-85bb-1d61349c3060} : DHCPNameServer = 82.163.143.171 Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll x64-mStart Page = hxxp://www.google.com x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll x64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" x64-mPolicies-System: DSCAutomationHostEnabled = dword:2 x64-mPolicies-System: EnableVirtualization = dword:0 x64-mPolicies-System: ConsentPromptBehaviorUser = dword:0 x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\z4m9nsxw.default-1468162040373\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrlui.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll . ============= SERVICES / DRIVERS =============== . R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520] R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944] R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008] R1 admnfd;admnfd;C:\WINDOWS\System32\drivers\admnfd.sys [2014-12-4 49496] R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624] R1 avgtp;avgtp;C:\WINDOWS\System32\drivers\avgtpx64.sys [2013-9-1 50976] R1 browserMon;browserMon;C:\WINDOWS\System32\drivers\browserMon.sys [2014-12-4 20728] R1 CFRMD;CFRMD;C:\WINDOWS\System32\drivers\CFRMD.sys [2014-6-25 40224] R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2013-12-8 91712] R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-12 87552] R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192] R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\WINDOWS\System32\drivers\hmd.sys [2014-6-25 14888] R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-8-1 263200] R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-20 59648] R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768] R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944] R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944] R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2012-9-24 31040] R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 29760] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2016-1-1 2457232] R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2016-5-13 32544] R2 RealTimes Desktop Service;RealTimes Desktop Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2016-6-12 1095440] R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848] R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944] R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912] R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944] R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-8-2 192216] R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-5 310528] R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824] R3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2016-1-8 52392] R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944] R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\drivers\usbfilter.sys [2012-12-7 57000] R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112] R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464] R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2012-8-3 20288] S2 APXACC;AppEx Networks Accelerator LWF;C:\WINDOWS\System32\drivers\appexDrv.sys [2012-12-7 199008] S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944] S2 Privacy Content Firewall;Privacy Content Firewall; [x] S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456] S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944] S3 amd_sata;amd_sata;C:\WINDOWS\System32\drivers\amd_sata.sys [2012-7-24 79528] S3 amd_xata;amd_xata;C:\WINDOWS\System32\drivers\amd_xata.sys [2012-7-24 26280] S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944] S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944] S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728] S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728] S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944] S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376] S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-3-7 117248] S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944] S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744] S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944] S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992] S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016] S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408] S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888] S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128] S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152] S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120] S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800] S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760] S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432] S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624] S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800] S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168] S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376] S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128] S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944] S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208] S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720] S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944] S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656] S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408] S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488] S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2012-12-7 43832] S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944] S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200] S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144] S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304] S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-12 63488] S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592] S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056] S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512] S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-17 258912] S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048] S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-12 131424] S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512] S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696] S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488] S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-17 54784] S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744] S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944] S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944] S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944] S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-13 694784] S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944] S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976] S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232] S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944] S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944] S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-7 238592] S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944] S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-13 26112] S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-7-4 344064] S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944] S4 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320] S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232] S4 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256] S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice] . =============== Created Last 30 ================ . 2016-08-02 20:10:02 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C86FEA6F-E3CE-4B18-A56C-09F86C673A85}\mpengine.dll 2016-08-02 20:02:03 -------- d--h--w- C:\OneDriveTemp 2016-08-02 19:27:08 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys 2016-08-02 19:26:27 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys 2016-08-02 19:26:27 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys 2016-08-02 19:26:27 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys 2016-08-02 19:26:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-02 19:21:32 -------- d-----w- C:\Users\Janet\AppData\Local\CrashRpt 2016-08-02 19:04:58 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2016-08-02 16:01:46 -------- d-----w- C:\Users\Janet\AppData\Roaming\EurekaLog 2016-08-02 15:53:00 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D877431-4896-4AAF-8DA5-ACF3F34AE0EB}\gapaengine.dll 2016-07-25 18:00:42 12710 ----a-w- C:\WINDOWS\System32\Native.exe 2016-07-13 22:06:59 5503488 ----a-w- C:\WINDOWS\System32\d2d1.dll 2016-07-13 22:05:49 1467392 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll 2016-07-13 22:04:58 836760 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll 2016-07-13 21:58:06 3577344 ----a-w- C:\WINDOWS\System32\tquery.dll 2016-07-13 21:57:27 1717248 ----a-w- C:\WINDOWS\System32\GdiPlus.dll 2016-07-13 21:56:57 992256 ----a-w- C:\WINDOWS\System32\sbe.dll 2016-07-13 21:55:55 882688 ----a-w- C:\WINDOWS\System32\ntshrui.dll 2016-07-13 21:54:59 892416 ----a-w- C:\WINDOWS\System32\Windows.Devices.SmartCards.dll 2016-07-13 21:53:57 504320 ----a-w- C:\WINDOWS\System32\AppReadiness.dll 2016-07-13 21:53:57 1037824 ----a-w- C:\WINDOWS\System32\SmartcardCredentialProvider.dll 2016-07-13 21:53:56 638976 ----a-w- C:\WINDOWS\System32\ShareHost.dll 2016-07-13 21:53:56 529408 ----a-w- C:\WINDOWS\System32\NotificationController.dll 2016-07-13 21:53:55 625000 ----a-w- C:\WINDOWS\System32\ClipSVC.dll 2016-07-13 21:53:55 285184 ----a-w- C:\WINDOWS\System32\oemlicense.dll 2016-07-13 21:53:55 1128104 ----a-w- C:\WINDOWS\System32\ClipUp.exe 2016-07-13 21:53:54 78040 ----a-w- C:\WINDOWS\System32\Clipc.dll 2016-07-13 21:53:54 577024 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll 2016-07-13 21:53:54 236032 ----a-w- C:\WINDOWS\System32\licensingdiag.exe . ==================== Find3M ==================== . 2016-08-02 19:55:52 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin 2016-07-27 19:25:34 504488 ------w- C:\WINDOWS\System32\MpSigStub.exe 2016-07-02 04:37:58 828408 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe 2016-07-02 04:37:58 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl 2016-07-01 05:30:46 1505984 ----a-w- C:\WINDOWS\System32\appraiser.dll 2016-07-01 05:30:45 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll 2016-07-01 05:30:45 587456 ----a-w- C:\WINDOWS\System32\generaltel.dll 2016-07-01 05:30:45 559808 ----a-w- C:\WINDOWS\System32\devinv.dll 2016-07-01 05:30:45 50368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe 2016-07-01 05:30:45 310464 ----a-w- C:\WINDOWS\System32\invagent.dll 2016-07-01 05:30:45 284352 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe 2016-07-01 05:30:45 1223872 ----a-w- C:\WINDOWS\System32\aeinv.dll 2016-07-01 05:05:16 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll 2016-07-01 04:50:22 37232 ----a-w- C:\WINDOWS\System32\wldp.dll 2016-07-01 04:49:41 277856 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys 2016-07-01 04:49:21 1997328 ----a-w- C:\WINDOWS\System32\KernelBase.dll 2016-07-01 04:49:20 874968 ----a-w- C:\WINDOWS\System32\winresume.exe 2016-07-01 04:49:20 1030416 ----a-w- C:\WINDOWS\System32\winresume.efi 2016-07-01 04:49:15 7469408 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe 2016-07-01 04:49:13 337336 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll 2016-07-01 04:49:11 1317640 ----a-w- C:\WINDOWS\System32\winload.efi 2016-07-01 04:49:11 1141504 ----a-w- C:\WINDOWS\System32\winload.exe 2016-07-01 04:48:59 2656408 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll 2016-07-01 04:48:51 1238584 ----a-w- C:\WINDOWS\System32\Taskmgr.exe 2016-07-01 04:45:06 1613664 ----a-w- C:\WINDOWS\System32\diagtrack.dll 2016-07-01 04:43:41 3449168 ----a-w- C:\WINDOWS\System32\WSService.dll 2016-07-01 04:39:09 1557776 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll 2016-07-01 04:38:57 32552 ----a-w- C:\WINDOWS\SysWow64\wldp.dll 2016-07-01 04:38:57 256192 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll 2016-07-01 04:38:51 1862008 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll 2016-07-01 04:38:28 1083656 ----a-w- C:\WINDOWS\SysWow64\Taskmgr.exe 2016-07-01 04:35:49 498960 ----a-w- C:\WINDOWS\System32\MFCaptureEngine.dll 2016-07-01 04:35:49 1299504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll 2016-07-01 04:35:47 847656 ----a-w- C:\WINDOWS\System32\mfsvr.dll 2016-07-01 04:35:47 35656 ----a-w- C:\WINDOWS\System32\mfpmp.exe 2016-07-01 04:35:47 1092464 ----a-w- C:\WINDOWS\System32\mfplat.dll 2016-07-01 04:35:45 586208 ----a-w- C:\WINDOWS\System32\mf.dll 2016-07-01 04:35:45 1554152 ----a-w- C:\WINDOWS\System32\wmpmde.dll 2016-07-01 04:35:44 1552104 ----a-w- C:\WINDOWS\System32\winmde.dll 2016-07-01 04:35:00 331616 ----a-w- C:\WINDOWS\System32\drivers\pci.sys 2016-07-01 04:34:39 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll 2016-07-01 04:34:26 808288 ----a-w- C:\WINDOWS\System32\WWAHost.exe 2016-07-01 04:33:40 1750440 ----a-w- C:\WINDOWS\System32\WpcMon.exe 2016-07-01 04:33:26 566104 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe 2016-07-01 04:33:22 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe 2016-07-01 04:33:21 730352 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll 2016-07-01 04:33:21 374008 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe 2016-07-01 04:33:02 725776 ----a-w- C:\WINDOWS\System32\SHCore.dll 2016-07-01 04:33:02 4515256 ----a-w- C:\WINDOWS\explorer.exe 2016-07-01 04:32:57 6605544 ----a-w- C:\WINDOWS\System32\windows.storage.dll 2016-07-01 04:32:55 1040800 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll 2016-07-01 04:32:52 1603224 ----a-w- C:\WINDOWS\System32\propsys.dll 2016-07-01 04:32:28 6536256 ----a-w- C:\WINDOWS\System32\sppsvc.exe 2016-07-01 04:32:27 692136 ----a-w- C:\WINDOWS\System32\sppwinob.dll 2016-07-01 04:32:26 1540224 ----a-w- C:\WINDOWS\System32\sppobjs.dll 2016-07-01 04:32:01 106928 ----a-w- C:\WINDOWS\System32\phoneactivate.exe 2016-07-01 04:31:59 604928 ----a-w- C:\WINDOWS\System32\drivers\cng.sys 2016-07-01 04:31:59 161632 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys 2016-07-01 04:31:29 1848584 ----a-w- C:\WINDOWS\System32\crypt32.dll 2016-07-01 04:25:52 2145032 ----a-w- C:\WINDOWS\System32\d3d9.dll 2016-07-01 04:25:38 2773096 ----a-w- C:\WINDOWS\System32\d3d11.dll 2016-07-01 04:25:27 1987936 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys 2016-07-01 04:25:23 393568 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys 2016-07-01 04:25:22 648256 ----a-w- C:\WINDOWS\System32\dxgi.dll 2016-07-01 04:25:17 577376 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys 2016-07-01 04:24:52 1776768 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll 2016-07-01 04:24:44 911648 ----a-w- C:\WINDOWS\System32\dcomp.dll 2016-07-01 04:23:07 32040 ----a-w- C:\WINDOWS\SysWow64\mfpmp.exe 2016-07-01 04:23:05 511320 ----a-w- C:\WINDOWS\SysWow64\mf.dll 2016-07-01 04:23:03 451936 ----a-w- C:\WINDOWS\SysWow64\MFCaptureEngine.dll 2016-07-01 04:23:01 1349640 ----a-w- C:\WINDOWS\SysWow64\winmde.dll 2016-07-01 04:23:00 925576 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll 2016-07-01 04:23:00 709176 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll 2016-07-01 04:23:00 1118208 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll 2016-07-01 04:21:34 28851224 ----a-w- C:\WINDOWS\System32\WindowsCodecsRaw.dll 2016-07-01 04:21:25 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe 2016-07-01 04:21:24 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll 2016-07-01 04:21:18 2403168 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys 2016-07-01 04:21:02 376536 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll 2016-07-01 04:20:59 388896 ----a-w- C:\WINDOWS\System32\wmpps.dll 2016-07-01 04:20:56 503600 ----a-w- C:\WINDOWS\System32\DMRServer.dll 2016-07-01 04:20:04 254656 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe 2016-07-01 04:20:03 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe 2016-07-01 04:19:53 4074160 ----a-w- C:\WINDOWS\SysWow64\explorer.exe 2016-07-01 04:19:46 5240960 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll 2016-07-01 04:19:46 1355336 ----a-w- C:\WINDOWS\SysWow64\propsys.dll 2016-07-01 04:19:45 569752 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll 2016-07-01 04:18:32 64584 ----a-w- C:\WINDOWS\SysWow64\Clipc.dll 2016-07-01 04:17:59 1536600 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll 2016-07-01 04:12:20 1866104 ----a-w- C:\WINDOWS\SysWow64\d3d9.dll 2016-07-01 04:12:02 2186864 ----a-w- C:\WINDOWS\SysWow64\d3d11.dll 2016-07-01 04:11:45 521152 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll 2016-07-01 04:11:05 1522160 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll 2016-07-01 04:10:57 675064 ----a-w- C:\WINDOWS\SysWow64\dcomp.dll 2016-07-01 04:07:09 28083144 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecsRaw.dll 2016-07-01 04:03:18 84480 ----a-w- C:\WINDOWS\System32\rdpudd.dll 2016-07-01 04:03:04 89088 ----a-w- C:\WINDOWS\System32\MapsCSP.dll 2016-07-01 04:00:30 957952 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL 2016-07-01 03:59:03 66560 ----a-w- C:\WINDOWS\System32\MosHostClient.dll 2016-07-01 03:58:43 824320 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll . ============= FINISH: 14:21:38.20 =============== Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 i am not sure how to zip a folder----but I have that log ready to send as soon as I figure it out. Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) .Microsoft Windows 10 Home Boot Device: \Device\HarddiskVolume2 Install Date: 3/8/2016 6:24:53 PM System Uptime: 8/2/2016 1:56:07 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 182D Processor: AMD A10-4600M APU with Radeon(tm) HD Graphics | Socket FT1 | 2300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 670 GiB total, 601.986 GiB free. D: is FIXED (NTFS) - 27 GiB total, 3.198 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP12: 6/20/2016 7:32:24 AM - Windows Update RP13: 6/24/2016 11:48:08 AM - Windows Update RP14: 7/17/2016 9:16:01 AM - Windows Update RP16: 7/25/2016 12:00:52 PM - Reimage Repair Restore Point RP17: 8/2/2016 1:09:03 PM - JRT Pre-Junkware Removal . ==== Installed Programs ====================== . 4 Elements II Adobe Reader XI (11.0.09) Adobe Shockwave Player 12.1 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Control Center AMD Catalyst Install Manager AMD Fuel AMD Quick Stream AMD VISION Engine Control Center Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update AuthenTec TrueAPI 64-bit Bejeweled 3 Bonjour Build-a-lot 4 - Power Source Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Cisco Connect Cradle Of Egypt Collector's Edition Cradle of Rome 2 CyberLink LabelPrint CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink Power2Go 8 CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Farm Frenzy FATE: The Cursed King Final Drive Fury FlatOut 2 Google Chrome Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.2.3 Hoyle Card Games HP 3D DriveGuard HP Connected Music (Meridian - installer) HP CoolSense HP Customer Experience Enhancements HP Deskjet 3520 series Basic Device Software HP Deskjet 3520 series Help HP Deskjet 3520 series Product Improvement Study HP Deskjet 3520 series Setup Guide HP Documentation HP Games HP MyRoom HP Photo Creations HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP SimplePass HP Software Framework HP Support Assistant HP Support Solutions Framework HP Update HP Utility Center iCloud IDT Audio iTunes Java 7 Update 67 Java Auto Updater Jewel Match 3 John Deere Drive Green Luxor Evolved Mahjongg Dimensions Deluxe: Tiles in Time Malwarebytes Anti-Malware version 2.2.1.1043 Microsoft Application Error ReportingMicrosoft Office Microsoft OLE DB Provider for Visual FoxPro Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Mortimer Beckett and the Crimson Thief Premium Edition Mozilla Firefox 47.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Mystery P.I. - Curious Case of Counterfeit CoveOffice Suite X 3.3 OpenOffice 4.1.1 Peggle Nights Penguins! Polar Bowler Polar Golfer PrivDog PrivDog 2 Legacy Browser Plug-ins Product Support Qualcomm Atheros Driver Installation Program QuickTime 7 RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer (RealTimes)Realtek Ethernet Controller Driver Realtek PCIE Card Reader RealUpgrade 1.1 Roads of Rome 3 swMSM Synaptics Pointing Device Driver Tales of Lagoona Update Installer for WildTangent Games App UpdateService Vacation Quest™ - Australia Validity WBF DDK vc2012_redist Video Downloader Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 8/2/2016 2:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user Janet\Janet SID (S-1-5-21-2551327239-2481401676-1268998139-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool. 8/2/2016 2:01:17 PM, Error: Service Control Manager [7022] - The Delivery Optimization service hung on starting. 8/2/2016 12:52:25 PM, Error: Service Control Manager [7031] - The User Data Storage_a1628 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 12:52:25 PM, Error: Service Control Manager [7031] - The User Data Access_a1628 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 12:52:25 PM, Error: Service Control Manager [7031] - The Sync Host_a1628 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 12:52:25 PM, Error: Service Control Manager [7031] - The Contact Data_a1628 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 12:51:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 8/2/2016 12:51:10 PM, Error: Service Control Manager [7031] - The IconMan_R service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/2/2016 12:51:10 PM, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/2/2016 12:51:09 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 8/2/2016 12:51:09 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 8/2/2016 12:47:08 PM, Error: Service Control Manager [7034] - The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:08 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:08 PM, Error: Service Control Manager [7031] - The IconMan_R service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/2/2016 12:47:07 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:07 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 8/2/2016 12:47:06 PM, Error: Service Control Manager [7034] - The Reimage Real Time Protector service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:06 PM, Error: Service Control Manager [7034] - The RealTimes Desktop Service service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:06 PM, Error: Service Control Manager [7034] - The RealPlayer Update Service service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:06 PM, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/2/2016 12:47:05 PM, Error: Service Control Manager [7034] - The HP Service service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:05 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:05 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:05 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). 8/2/2016 12:47:05 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 8/2/2016 1:57:04 PM, Error: Service Control Manager [7000] - The Privacy Content Firewall service failed to start due to the following error: The system cannot find the path specified. 8/2/2016 1:56:53 PM, Error: Service Control Manager [7000] - The APXACC service failed to start due to the following error: A device attached to the system is not functioning. 8/2/2016 1:56:53 PM, Error: APXACC [1003] - The NDIS6 LWF initialization has failed. (0xC0000001) 8/2/2016 1:56:45 PM, Error: Service Control Manager [7000] - The luafv service failed to start due to the following error: This driver has been blocked from loading 8/2/2016 1:55:31 PM, Error: Service Control Manager [7031] - The User Data Storage_103fd7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 1:55:31 PM, Error: Service Control Manager [7031] - The User Data Access_103fd7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 1:55:31 PM, Error: Service Control Manager [7031] - The Sync Host_103fd7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 1:55:31 PM, Error: Service Control Manager [7031] - The Contact Data_103fd7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 1:55:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 8/2/2016 1:17:08 PM, Error: Service Control Manager [7031] - The User Data Storage_b9a6e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 1:17:08 PM, Error: Service Control Manager [7031] - The User Data Access_b9a6e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 1:17:08 PM, Error: Service Control Manager [7031] - The Sync Host_b9a6e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 8/2/2016 1:17:08 PM, Error: Service Control Manager [7031] - The Contact Data_b9a6e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. . ==== End Of File =========================== Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 well, not sure if I was suppose to send that last log but I did...I didn't read all the way through the instructions, sorry. I am going to take my dog to the groomer so will check in when I get back!!! Thanks for your help so far....not sure why I keep getting infected----guess I need to learn so I quit doing it...but I doubt I am the only one :-) tty soon Link to post Share on other sites
flashh4 Posted August 2, 2016 Report Share Posted August 2, 2016 There ya go, good job ! Now i'm going to read threw the logs & pick out some bad stuff we got to get rid of ! Meanwhile run this program also then i will write up a FIX for THIS COMPUTER ONLY !! Download OldTimer to your desk top ! Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). * Double click OTL.exe to launch the program. * Check the following. o Scan all users. o Standard Output. o Lop check. o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList * Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins). * When finished it will produce two logs. o OTL.txt (open on your desktop). o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL. * Please post me both logs. This may have to be broken into more than one post ! Then give me some time after you post the OTL Logs & i will write the script to clean all !! Thanks Chuck Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 OTL logfile created on: 8/2/2016 3:43:25 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Janet\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.10586.0) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.47 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 65.59% Memory free 8.65 Gb Paging File | 5.97 Gb Available in Paging File | 69.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 669.92 Gb Total Space | 601.66 Gb Free Space | 89.81% Space Free | Partition Type: NTFS Drive D: | 27.15 Gb Total Space | 3.20 Gb Free Space | 11.78% Space Free | Partition Type: NTFS Computer Name: JANET | User Name: Janet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2016/08/02 15:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Janet\Downloads\OTL.com PRC - [2016/07/05 18:18:36 | 000,714,992 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe PRC - [2016/06/29 10:29:59 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2016/06/12 14:27:26 | 007,500,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe PRC - [2016/06/12 14:27:24 | 001,095,440 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe PRC - [2016/06/12 14:27:19 | 000,293,768 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2016/06/08 09:27:30 | 004,110,848 | ---- | M] (Global surveys) -- C:\Users\Janet\AppData\Roaming\Interstatnogui\interstatnogui.exe PRC - [2016/05/24 16:42:51 | 000,554,184 | ---- | M] (Microsoft Corporation) -- C:\Users\Janet\AppData\Local\Microsoft\OneDrive\OneDrive.exe PRC - [2016/05/13 15:13:26 | 000,032,544 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe PRC - [2016/04/19 07:52:01 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2016/01/01 10:49:28 | 000,323,072 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv64.exe PRC - [2014/08/29 20:49:43 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2014/07/25 12:29:36 | 000,511,872 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2013/08/05 02:51:14 | 001,713,416 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe PRC - [2013/08/05 01:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe PRC - [2012/07/27 20:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012/03/28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011/12/18 01:51:24 | 009,007,616 | ---- | M] (Office Suite X) -- C:\Program Files (x86)\Office Suite X 3\program\soffice.exe PRC - [2011/12/18 01:51:24 | 008,999,424 | ---- | M] (Office Suite X) -- C:\Program Files (x86)\Office Suite X 3\program\soffice.bin ========== Modules (No Company Name) ========== MOD - [2016/07/05 18:18:40 | 000,077,552 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll MOD - [2016/07/05 18:18:36 | 000,714,992 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe MOD - [2016/06/12 14:29:25 | 000,096,136 | ---- | M] () -- c:\Program Files (x86)\Real\RealPlayer\CrashRpt\CrashRpt1402.dll MOD - [2016/06/12 14:27:32 | 000,022,800 | ---- | M] () -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\mediautil.dll MOD - [2016/06/12 14:27:29 | 000,654,608 | ---- | M] () -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll MOD - [2016/05/24 16:42:45 | 000,679,624 | ---- | M] () -- C:\Users\Janet\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll MOD - [2016/05/13 14:20:10 | 001,382,048 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll MOD - [2016/04/19 07:52:07 | 022,284,800 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll MOD - [2016/04/19 07:52:01 | 000,144,384 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe MOD - [2016/04/19 07:52:00 | 000,141,312 | ---- | M] () -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll MOD - [2014/08/29 20:49:41 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppgooglenaclpluginchrome.dll MOD - [2014/08/29 20:49:38 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll MOD - [2014/08/29 20:49:30 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll MOD - [2013/08/05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2013/08/05 02:51:27 | 000,806,664 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll MOD - [2013/08/05 02:51:25 | 000,175,880 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll MOD - [2013/08/05 01:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2013/03/05 21:04:53 | 001,321,944 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\Language\Enu\P2GRC.dll MOD - [2011/12/17 09:16:50 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\Office Suite X 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2016/06/30 23:10:31 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2016/06/30 22:45:06 | 001,613,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2016/06/30 22:43:41 | 003,449,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2016/06/30 22:32:35 | 000,024,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2016/06/30 22:32:03 | 000,625,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC) SRV:64bit: - [2016/06/30 21:52:47 | 000,087,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate) SRV:64bit: - [2016/06/30 21:52:31 | 000,072,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker) SRV:64bit: - [2016/06/30 21:50:42 | 000,379,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc) SRV:64bit: - [2016/06/30 21:47:23 | 000,314,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc) SRV:64bit: - [2016/06/30 21:46:42 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc) SRV:64bit: - [2016/06/30 21:46:22 | 000,287,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc) SRV:64bit: - [2016/06/30 21:42:39 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2016/06/30 21:41:41 | 000,587,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2016/06/30 21:39:12 | 001,872,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2016/06/30 21:37:58 | 001,073,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo) SRV:64bit: - [2016/06/30 21:29:51 | 002,168,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2016/06/30 21:25:39 | 001,097,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc) SRV:64bit: - [2016/06/30 21:25:06 | 002,745,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository) SRV:64bit: - [2016/05/27 22:22:06 | 000,163,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc) SRV:64bit: - [2016/05/27 22:21:09 | 000,207,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc) SRV:64bit: - [2016/05/27 22:18:23 | 000,380,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2016/05/27 22:17:50 | 000,278,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV:64bit: - [2016/05/27 22:16:00 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc) SRV:64bit: - [2016/05/05 22:03:20 | 000,649,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc) SRV:64bit: - [2016/05/05 21:49:14 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc) SRV:64bit: - [2016/04/22 23:24:13 | 000,754,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV:64bit: - [2016/04/22 22:20:58 | 000,606,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2016/03/29 01:27:45 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService) SRV:64bit: - [2016/03/29 01:20:21 | 000,948,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager) SRV:64bit: - [2016/03/28 23:45:48 | 000,338,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2016/03/07 10:29:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2016/03/07 10:29:26 | 001,035,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc) SRV:64bit: - [2016/03/07 10:29:26 | 000,749,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc) SRV:64bit: - [2016/03/07 10:29:26 | 000,591,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter) SRV:64bit: - [2016/03/07 10:29:19 | 001,139,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave) SRV:64bit: - [2016/03/07 10:29:19 | 000,912,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager) SRV:64bit: - [2016/03/07 10:29:19 | 000,163,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2016/03/07 10:29:12 | 000,847,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2016/03/07 10:29:11 | 002,057,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2016/03/07 10:18:31 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc) SRV:64bit: - [2016/02/24 01:19:10 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc) SRV:64bit: - [2016/02/24 01:07:53 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc) SRV:64bit: - [2016/02/24 00:59:32 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2016/02/24 00:40:53 | 001,224,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc) SRV:64bit: - [2016/02/24 00:18:37 | 001,490,432 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc) SRV:64bit: - [2016/01/01 10:49:28 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2015/10/30 01:19:28 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2015/10/30 01:19:26 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService) SRV:64bit: - [2015/10/30 01:18:46 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2015/10/30 01:18:41 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2015/10/30 01:18:19 | 001,297,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService) SRV:64bit: - [2015/10/30 01:18:18 | 000,729,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2015/10/30 01:18:14 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2015/10/30 01:18:01 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService) SRV:64bit: - [2015/10/30 01:18:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker) SRV:64bit: - [2015/10/30 01:18:01 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc) SRV:64bit: - [2015/10/30 01:18:01 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager) SRV:64bit: - [2015/10/30 01:17:59 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode) SRV:64bit: - [2015/10/30 01:17:59 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter) SRV:64bit: - [2015/10/30 01:17:53 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2015/10/30 01:17:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2015/10/30 01:17:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2015/10/30 01:17:52 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2015/10/30 01:17:51 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_bf40b) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_14ac5e9) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_117e2e) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_bf40b) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_14ac5e9) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_117e2e) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_bf40b) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_14ac5e9) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_117e2e) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_bf40b) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_14ac5e9) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_117e2e) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_bf40b) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_14ac5e9) SRV:64bit: - [2015/10/30 01:17:49 | 000,043,944 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_117e2e) SRV:64bit: - [2015/10/30 01:17:48 | 000,444,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2015/10/30 01:17:48 | 000,205,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2015/10/30 01:17:47 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2015/10/30 01:17:46 | 000,290,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService) SRV:64bit: - [2015/10/30 01:17:46 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc) SRV:64bit: - [2015/10/30 01:17:46 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2015/10/30 01:17:46 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2015/10/30 01:17:43 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice) SRV:64bit: - [2015/10/30 01:17:41 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService) SRV:64bit: - [2015/10/30 01:17:39 | 000,547,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2015/10/30 01:17:37 | 000,364,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc) SRV:64bit: - [2015/10/30 01:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2015/10/30 01:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession) SRV:64bit: - [2015/10/30 01:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2015/10/30 01:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2015/10/30 01:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2015/10/30 01:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2015/10/30 01:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2015/10/30 01:17:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2015/10/30 01:17:18 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:64bit: - [2015/08/01 01:51:30 | 000,263,200 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2014/07/04 21:33:34 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012/07/16 08:59:12 | 000,401,256 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService) SRV - [2016/07/04 07:12:08 | 000,029,760 | ---- | M] (HP Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService) SRV - [2016/06/30 23:10:31 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2016/06/30 21:12:03 | 002,179,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository) SRV - [2016/06/29 10:29:58 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2016/06/12 14:27:24 | 001,095,440 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealTimes Desktop Service) SRV - [2016/05/27 22:14:46 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV - [2016/05/13 15:13:26 | 000,032,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc) SRV - [2016/04/22 21:45:56 | 000,461,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV - [2016/03/07 10:18:35 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2016/03/07 10:18:29 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc) SRV - [2016/03/07 10:18:27 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2016/02/24 00:07:45 | 000,949,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc) SRV - [2016/01/01 10:51:53 | 002,457,232 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2015/10/30 01:18:31 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc) SRV - [2015/10/30 01:18:23 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2014/09/12 03:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/07 17:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012/08/10 03:36:54 | 001,641,320 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService) SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2016/08/02 14:03:49 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2016/06/30 22:49:41 | 000,277,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2016/05/27 23:22:08 | 000,211,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2016/05/27 23:08:25 | 000,258,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000) DRV:64bit: - [2016/05/27 22:24:38 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2016/04/28 00:53:48 | 000,622,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2016/04/28 00:53:48 | 000,052,392 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2016/04/22 23:24:37 | 000,099,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2016/04/22 23:11:14 | 000,131,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys) DRV:64bit: - [2016/04/22 22:56:52 | 000,534,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2016/04/22 22:34:19 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2016/04/22 22:33:59 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101) DRV:64bit: - [2016/04/22 22:29:32 | 000,087,552 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt) DRV:64bit: - [2016/03/29 02:21:40 | 000,378,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2016/03/29 02:16:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid) DRV:64bit: - [2016/03/29 01:23:41 | 000,694,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi) DRV:64bit: - [2016/03/07 10:29:10 | 000,238,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip) DRV:64bit: - [2016/03/07 10:29:10 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg) DRV:64bit: - [2016/03/07 10:29:10 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2016/01/01 10:49:30 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2015/10/30 03:07:05 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2015/10/30 03:06:56 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2015/10/30 01:19:39 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2015/10/30 01:18:42 | 000,052,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2015/10/30 01:18:09 | 000,930,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1) DRV:64bit: - [2015/10/30 01:18:09 | 000,385,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2015/10/30 01:18:08 | 000,218,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2015/10/30 01:18:03 | 000,200,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2015/10/30 01:18:03 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT) DRV:64bit: - [2015/10/30 01:18:03 | 000,078,848 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt) DRV:64bit: - [2015/10/30 01:18:03 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2015/10/30 01:18:03 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2015/10/30 01:18:03 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos) DRV:64bit: - [2015/10/30 01:18:01 | 000,154,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2015/10/30 01:17:57 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS) DRV:64bit: - [2015/10/30 01:17:52 | 000,163,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2015/10/30 01:17:52 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000) DRV:64bit: - [2015/10/30 01:17:52 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist) DRV:64bit: - [2015/10/30 01:17:51 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2015/10/30 01:17:51 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2015/10/30 01:17:51 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2015/10/30 01:17:51 | 000,074,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2015/10/30 01:17:51 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2015/10/30 01:17:50 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2015/10/30 01:17:46 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2015/10/30 01:17:46 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv) DRV:64bit: - [2015/10/30 01:17:42 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2015/10/30 01:17:42 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2015/10/30 01:17:39 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2015/10/30 01:17:37 | 000,293,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2015/10/30 01:17:37 | 000,209,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000) DRV:64bit: - [2015/10/30 01:17:37 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2015/10/30 01:17:37 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2015/10/30 01:17:37 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt) DRV:64bit: - [2015/10/30 01:17:37 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx) DRV:64bit: - [2015/10/30 01:17:37 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2015/10/30 01:17:37 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf) DRV:64bit: - [2015/10/30 01:17:26 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy) DRV:64bit: - [2015/10/30 01:17:25 | 000,046,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2015/10/30 01:17:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2015/10/30 01:17:25 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea) DRV:64bit: - [2015/10/30 01:17:25 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys) DRV:64bit: - [2015/10/30 01:17:25 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2015/10/30 01:17:23 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus) DRV:64bit: - [2015/10/30 01:17:23 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64) DRV:64bit: - [2015/10/30 01:17:23 | 000,532,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2015/10/30 01:17:23 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus) DRV:64bit: - [2015/10/30 01:17:23 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2015/10/30 01:17:23 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2015/10/30 01:17:23 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i) DRV:64bit: - [2015/10/30 01:17:23 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i) DRV:64bit: - [2015/10/30 01:17:23 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea) DRV:64bit: - [2015/10/30 01:17:23 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2015/10/30 01:17:23 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2015/10/30 01:17:23 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2015/10/30 01:17:23 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr) DRV:64bit: - [2015/10/30 01:17:23 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2015/10/30 01:17:23 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs) DRV:64bit: - [2015/10/30 01:17:23 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i) DRV:64bit: - [2015/10/30 01:17:23 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i) DRV:64bit: - [2015/10/30 01:17:23 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2015/10/30 01:17:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi) DRV:64bit: - [2015/10/30 01:17:23 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2015/10/30 01:17:23 | 000,034,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs) DRV:64bit: - [2015/10/30 01:17:23 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2015/10/30 01:17:23 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad) DRV:64bit: - [2015/10/30 01:17:22 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2015/10/30 01:17:22 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:64bit: - [2015/10/30 01:17:22 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2015/10/30 01:17:22 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2015/10/30 01:17:22 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2015/10/30 01:17:22 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:64bit: - [2015/10/30 01:17:22 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2015/10/30 01:17:22 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2015/10/30 01:17:22 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt) DRV:64bit: - [2015/10/30 01:17:22 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter) DRV:64bit: - [2015/10/30 01:17:22 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2015/10/30 01:17:22 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2015/10/30 01:17:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2015/10/30 01:17:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn) DRV:64bit: - [2015/10/30 01:17:22 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2015/10/30 01:17:22 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2015/10/30 01:17:22 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:64bit: - [2015/10/30 01:17:22 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn) DRV:64bit: - [2015/10/30 01:17:21 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2015/10/30 01:17:18 | 000,165,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C) DRV:64bit: - [2015/10/30 01:17:18 | 000,117,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2015/10/30 01:17:18 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:64bit: - [2015/10/30 01:17:18 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c) DRV:64bit: - [2015/10/30 01:17:18 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2015/10/30 01:17:18 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2015/10/30 01:17:18 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2015/10/30 01:17:18 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2015/10/30 01:17:18 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:64bit: - [2015/10/30 01:17:18 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2015/10/30 01:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2015/10/30 01:17:18 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:64bit: - [2015/10/30 01:17:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2015/10/30 01:17:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2015/10/30 01:17:18 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2015/10/30 01:17:18 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2015/08/28 23:56:32 | 004,318,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw10x.sys -- (athr) DRV:64bit: - [2015/08/01 01:51:32 | 021,637,664 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2015/08/01 01:51:32 | 000,682,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2015/06/17 17:04:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2015/06/05 03:12:54 | 000,310,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2015/05/28 08:00:44 | 000,102,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService) DRV:64bit: - [2014/12/04 16:29:54 | 000,049,496 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\admnfd.sys -- (admnfd) DRV:64bit: - [2014/12/04 16:29:54 | 000,020,728 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\browserMon.sys -- (browserMon) DRV:64bit: - [2014/08/12 08:15:23 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2014/06/25 23:33:56 | 000,014,888 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hmd.sys -- (HMD) DRV:64bit: - [2014/06/25 23:33:42 | 000,040,224 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD) DRV:64bit: - [2014/04/28 03:33:58 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2013/09/20 00:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0) DRV:64bit: - [2013/03/05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012/08/24 19:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/03 16:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012/07/24 03:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012/07/24 03:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012/06/23 08:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC) DRV:64bit: - [2012/06/19 08:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV - [2015/10/30 01:17:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys -- (CompositeBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 52 D5 32 96 A2 E6 D1 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 57 00 00 00 B9 68 83 8D F0 FC EC 09 C1 4B 42 C6 A5 6C 8C 4B 24 7D 7D C8 BF B7 B2 5B 10 F4 D6 9C 75 C1 FC 8E 07 3C F4 D1 07 43 05 D7 95 93 2B 1A EC D2 0A 93 00 B6 80 0D 17 2E 6B 5F 61 F1 5D EB CC 59 96 9D C6 36 2C 34 78 BF C2 B7 25 1F 07 49 8D 0D 2D D9 2E 27 4D 1B 58 2F 6A 02 00 00 00 0E 00 00 00 61 50 32 53 44 59 4A 6A 54 6F 59 25 33 64 [Binary data over 200 bytes] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;*.local ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "US" FF - prefs.js..browser.search.region: "US" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=18.1.4.135: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=18.1.4.135: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 47.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 47.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/01/12 14:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\Extensions [2016/07/10 08:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\Firefox\Profiles\z4m9nsxw.default-1468162040373\extensions [2016/06/29 10:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2016/01/16 08:05:06 | 000,000,100 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (HP) O2:64bit: - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll File not found O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (HP) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe () O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [Interstatnogui] C:\Users\Janet\AppData\Roaming\Interstatnogui\interstatnogui.exe (Global surveys) O4 - HKCU..\Run: [OneDrive] C:\Users\Janet\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) O4 - HKCU..\Run: [Power2GoExpress8] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.) O4 - Startup: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Suite X 3.3.lnk = C:\Program Files (x86)\Office Suite X 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard Company) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard Company) O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll File not found O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard Company) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard Company) O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab (Java Plug-in 10.67.2) O16 - DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab (Java Plug-in 1.7.0_67) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab (Java Plug-in 10.67.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.21.70.3 67.215.21.202 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{a66fc120-4b59-4aba-a50d-275ef46a6b6b}: DhcpNameServer = 82.163.143.171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{a66fc120-4b59-4aba-a50d-275ef46a6b6b}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{bff28cd7-4df7-452a-8e4d-12b3c2182e83}: DhcpNameServer = 72.21.70.3 67.215.21.202 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{bff28cd7-4df7-452a-8e4d-12b3c2182e83}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f3888b1e-5315-4806-85bb-1d61349c3060}: DhcpNameServer = 82.163.143.171 O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation) O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (livessp) - File not found O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2016/08/02 14:02:03 | 000,000,000 | -H-D | C] -- C:\OneDriveTemp [2016/08/02 13:27:08 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2016/08/02 13:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2016/08/02 13:26:27 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys [2016/08/02 13:26:27 | 000,065,408 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys [2016/08/02 13:26:27 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2016/08/02 13:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2016/08/02 13:21:32 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Local\CrashRpt [2016/08/02 10:01:46 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Roaming\EurekaLog [2016/07/13 16:07:08 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MosStorage.dll [2016/07/13 16:07:08 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MosHostClient.dll [2016/07/13 16:07:07 | 005,205,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll [2016/07/13 16:07:07 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JpMapControl.dll [2016/07/13 16:07:07 | 000,784,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NMAA.dll [2016/07/13 16:07:07 | 000,711,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapControlCore.dll [2016/07/13 16:07:07 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapConfiguration.dll [2016/07/13 16:07:07 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapsBtSvc.dll [2016/07/13 16:07:06 | 006,295,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll [2016/07/13 16:07:05 | 013,018,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll [2016/07/13 16:07:04 | 018,674,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll [2016/07/13 16:07:00 | 002,582,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll [2016/07/13 16:06:59 | 005,503,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll [2016/07/13 16:06:59 | 004,895,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2016/07/13 16:06:58 | 005,660,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll [2016/07/13 16:06:58 | 000,577,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys [2016/07/13 16:06:57 | 000,648,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll [2016/07/13 16:06:56 | 022,379,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll [2016/07/13 16:06:55 | 007,832,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll [2016/07/13 16:06:54 | 007,469,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2016/07/13 16:06:54 | 000,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll [2016/07/13 16:06:53 | 001,322,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll [2016/07/13 16:06:53 | 000,605,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2016/07/13 16:06:52 | 003,589,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys [2016/07/13 16:06:52 | 001,387,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys [2016/07/13 16:06:51 | 002,773,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll [2016/07/13 16:06:45 | 001,073,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll [2016/07/13 16:06:45 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll [2016/07/13 16:06:44 | 000,990,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModel.dll [2016/07/13 16:06:44 | 000,730,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll [2016/07/13 16:06:43 | 001,390,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Shell.dll [2016/07/13 16:06:43 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll [2016/07/13 16:06:43 | 000,303,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppHost.exe [2016/07/13 16:06:41 | 004,515,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2016/07/13 16:06:41 | 003,994,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll [2016/07/13 16:06:41 | 000,703,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe [2016/07/13 16:06:39 | 000,808,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe [2016/07/13 16:06:39 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll [2016/07/13 16:06:38 | 011,545,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll [2016/07/13 16:06:36 | 003,585,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsThresholdAdminFlowUI.dll [2016/07/13 16:06:35 | 001,946,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll [2016/07/13 16:06:34 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapConfiguration.dll [2016/07/13 16:06:34 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppCapture.dll [2016/07/13 16:06:34 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MosHostClient.dll [2016/07/13 16:06:33 | 002,168,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll [2016/07/13 16:06:33 | 001,716,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll [2016/07/13 16:06:33 | 001,056,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JpMapControl.dll [2016/07/13 16:06:33 | 000,853,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsStore.dll [2016/07/13 16:06:33 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcastdvr.exe [2016/07/13 16:06:32 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NMAA.dll [2016/07/13 16:06:32 | 000,965,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll [2016/07/13 16:06:31 | 007,200,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BingMaps.dll [2016/07/13 16:06:31 | 000,939,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapControlCore.dll [2016/07/13 16:06:30 | 007,977,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mos.dll [2016/07/13 16:06:30 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll [2016/07/13 16:06:29 | 006,973,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll [2016/07/13 16:06:29 | 004,074,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe [2016/07/13 16:06:29 | 000,254,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppHost.exe [2016/07/13 16:06:28 | 001,582,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll [2016/07/13 16:06:27 | 009,919,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll [2016/07/13 16:06:27 | 005,323,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll [2016/07/13 16:06:21 | 002,062,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll [2016/07/13 16:06:21 | 000,026,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2016/07/13 16:06:20 | 001,445,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRHInproc.dll [2016/07/13 16:06:20 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll [2016/07/13 16:06:19 | 000,559,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll [2016/07/13 16:06:18 | 001,223,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll [2016/07/13 16:06:18 | 000,310,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll [2016/07/13 16:06:18 | 000,092,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll [2016/07/13 16:06:17 | 000,050,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe [2016/07/13 16:06:15 | 001,505,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll [2016/07/13 16:06:15 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredProvDataModel.dll [2016/07/13 16:06:15 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserbroker.dll [2016/07/13 16:05:49 | 001,467,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll [2016/07/13 16:05:45 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanui.dll [2016/07/13 16:05:44 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wcnwiz.dll [2016/07/13 16:05:44 | 000,879,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WebcamUi.dll [2016/07/13 16:05:44 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wiaaut.dll [2016/07/13 16:05:44 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll [2016/07/13 16:05:44 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WLanConn.dll [2016/07/13 16:05:43 | 006,740,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll [2016/07/13 16:05:43 | 002,519,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themecpl.dll [2016/07/13 16:05:43 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll [2016/07/13 16:05:42 | 002,632,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpcore.dll [2016/07/13 16:05:42 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\taskcomp.dll [2016/07/13 16:05:39 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll [2016/07/13 16:05:39 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sud.dll [2016/07/13 16:05:39 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SimCfg.dll [2016/07/13 16:05:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll [2016/07/13 16:05:39 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SimAuth.dll [2016/07/13 16:05:36 | 000,754,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll [2016/07/13 16:05:36 | 000,569,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SHCore.dll [2016/07/13 16:05:36 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll [2016/07/13 16:05:36 | 000,465,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe [2016/07/13 16:05:35 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasgcw.dll [2016/07/13 16:05:35 | 000,777,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll [2016/07/13 16:05:35 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll [2016/07/13 16:05:35 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll [2016/07/13 16:05:35 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingMonitor.dll [2016/07/13 16:05:35 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSSync.dll [2016/07/13 16:05:34 | 001,448,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.3D.dll [2016/07/13 16:05:34 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.dll [2016/07/13 16:05:33 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntprint.dll [2016/07/13 16:05:30 | 002,679,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll [2016/07/13 16:05:30 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcenter.dll [2016/07/13 16:05:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netplwiz.dll [2016/07/13 16:05:29 | 003,301,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncCenter.dll [2016/07/13 16:05:29 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msieftp.dll [2016/07/13 16:05:26 | 000,645,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.Search.dll [2016/07/13 16:05:25 | 004,078,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbgeng.dll [2016/07/13 16:05:22 | 001,526,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2016/07/13 16:05:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\IdCtrls.dll [2016/07/13 16:05:21 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2016/07/13 16:05:18 | 001,448,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dui70.dll [2016/07/13 16:05:18 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hgcpl.dll [2016/07/13 16:05:18 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActionCenterCPL.dll [2016/07/13 16:05:17 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll [2016/07/13 16:05:17 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dot3ui.dll [2016/07/13 16:05:17 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmdskmgr.dll [2016/07/13 16:05:16 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll [2016/07/13 16:05:14 | 002,102,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsservices.dll [2016/07/13 16:05:14 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appwiz.cpl [2016/07/13 16:05:14 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll [2016/07/13 16:05:13 | 002,155,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll [2016/07/13 16:05:13 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SmartcardCredentialProvider.dll [2016/07/13 16:05:13 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.AccountsControl.dll [2016/07/13 16:05:12 | 002,771,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll [2016/07/13 16:05:12 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\licensingdiag.exe [2016/07/13 16:05:12 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\oemlicense.dll [2016/07/13 16:05:12 | 000,064,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Clipc.dll [2016/07/13 16:05:11 | 001,984,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll [2016/07/13 16:05:11 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Search.ProtocolHandler.MAPI2.dll [2016/07/13 16:05:11 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll [2016/07/13 16:05:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msscntrs.dll [2016/07/13 16:05:10 | 002,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepository.dll [2016/07/13 16:05:10 | 001,117,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll [2016/07/13 16:05:10 | 000,256,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll [2016/07/13 16:05:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll [2016/07/13 16:05:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepositoryBroker.dll [2016/07/13 16:05:09 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GamePanel.exe [2016/07/13 16:05:08 | 003,555,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsrchvw.exe [2016/07/13 16:05:08 | 002,604,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CertEnroll.dll [2016/07/13 16:05:07 | 001,497,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe [2016/07/13 16:05:07 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.dll [2016/07/13 16:05:07 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WmpDui.dll [2016/07/13 16:05:06 | 001,349,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll [2016/07/13 16:05:04 | 028,083,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WindowsCodecsRaw.dll [2016/07/13 16:05:04 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\webio.dll [2016/07/13 16:05:03 | 000,584,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbonRes.dll [2016/07/13 16:05:02 | 004,404,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll [2016/07/13 16:05:02 | 003,459,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbon.dll [2016/07/13 16:05:02 | 000,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll [2016/07/13 16:05:02 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll [2016/07/13 16:05:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll [2016/07/13 16:05:01 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll [2016/07/13 16:04:58 | 002,849,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themeui.dll [2016/07/13 16:04:58 | 002,000,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll [2016/07/13 16:04:58 | 000,836,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.appcore.dll [2016/07/13 16:04:58 | 000,581,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.dll [2016/07/13 16:04:57 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sbe.dll [2016/07/13 16:04:57 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2016/07/13 16:04:55 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Speech.Pal.dll [2016/07/13 16:04:53 | 000,639,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll [2016/07/13 16:04:53 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll [2016/07/13 16:04:52 | 002,798,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll [2016/07/13 16:04:52 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll [2016/07/13 16:04:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efswrt.dll [2016/07/13 16:04:52 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\schtasks.exe [2016/07/13 16:04:49 | 001,508,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmsipc.dll [2016/07/13 16:04:49 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Editing.dll [2016/07/13 16:04:49 | 000,980,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winipcsecproc.dll [2016/07/13 16:04:49 | 000,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winipcfile.dll [2016/07/13 16:04:49 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ProximityCommon.dll [2016/07/13 16:04:48 | 002,217,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll [2016/07/13 16:04:48 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WpcWebFilter.dll [2016/07/13 16:04:48 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PrintDialogs.dll [2016/07/13 16:04:48 | 000,517,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToManager.dll [2016/07/13 16:04:48 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll [2016/07/13 16:04:48 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToReceiver.dll [2016/07/13 16:04:46 | 006,471,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe [2016/07/13 16:04:46 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll [2016/07/13 16:04:45 | 002,680,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll [2016/07/13 16:04:45 | 000,925,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll [2016/07/13 16:04:44 | 001,118,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll [2016/07/13 16:04:43 | 012,586,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll [2016/07/13 16:04:43 | 000,835,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll [2016/07/13 16:04:43 | 000,709,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll [2016/07/13 16:04:43 | 000,511,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mf.dll [2016/07/13 16:04:43 | 000,032,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfpmp.exe [2016/07/13 16:04:42 | 005,240,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll [2016/07/13 16:04:42 | 000,451,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFCaptureEngine.dll [2016/07/13 16:04:41 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApiPublic.dll [2016/07/13 16:04:41 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mbsmsapi.dll [2016/07/13 16:04:41 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LogonController.dll [2016/07/13 16:04:41 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll [2016/07/13 16:04:40 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll [2016/07/13 16:04:37 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll [2016/07/13 16:04:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll [2016/07/13 16:04:36 | 004,413,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll [2016/07/13 16:04:36 | 002,578,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll [2016/07/13 16:04:35 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll [2016/07/13 16:04:35 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edputil.dll [2016/07/13 16:04:35 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll [2016/07/13 16:04:35 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExecModelClient.dll [2016/07/13 16:04:35 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll [2016/07/13 16:04:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappprxy.dll [2016/07/13 16:04:34 | 003,695,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll [2016/07/13 16:04:34 | 002,186,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll [2016/07/13 16:04:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll [2016/07/13 16:04:33 | 000,675,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll [2016/07/13 16:04:33 | 000,569,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qdvd.dll [2016/07/13 16:04:33 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFiDirect.dll [2016/07/13 16:04:32 | 001,626,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll [2016/07/13 16:04:32 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.SmartCards.dll [2016/07/13 16:04:32 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dlnashext.dll [2016/07/13 16:04:32 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Picker.dll [2016/07/13 16:04:29 | 000,032,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wldp.dll [2016/07/13 16:04:28 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredProvDataModel.dll [2016/07/13 16:04:28 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepsync.dll [2016/07/13 16:04:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovs.dll [2016/07/13 16:04:27 | 001,083,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Taskmgr.exe [2016/07/13 16:04:27 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepapi.dll [2016/07/13 16:04:26 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll [2016/07/13 16:04:26 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bcastdvr.exe [2016/07/13 16:04:26 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppCapture.dll [2016/07/13 15:58:06 | 003,577,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll [2016/07/13 15:58:06 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe [2016/07/13 15:58:05 | 002,597,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll [2016/07/13 15:58:05 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Search.ProtocolHandler.MAPI2.dll [2016/07/13 15:58:05 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssphtb.dll [2016/07/13 15:58:05 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFilterHost.exe [2016/07/13 15:58:05 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll [2016/07/13 15:58:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msscntrs.dll [2016/07/13 15:58:04 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepository.dll [2016/07/13 15:58:04 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll [2016/07/13 15:58:04 | 000,337,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll [2016/07/13 15:58:04 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryClient.dll [2016/07/13 15:58:04 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryBroker.dll [2016/07/13 15:58:01 | 000,277,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys [2016/07/13 15:57:27 | 001,717,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll [2016/07/13 15:57:23 | 000,715,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe [2016/07/13 15:57:22 | 006,572,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wwanmm.dll [2016/07/13 15:57:22 | 004,646,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\xpsrchvw.exe [2016/07/13 15:57:22 | 002,912,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CertEnroll.dll [2016/07/13 15:57:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\zipfldr.dll [2016/07/13 15:57:21 | 002,088,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpdshext.dll [2016/07/13 15:57:21 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wwanconn.dll [2016/07/13 15:57:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WPDShServiceObj.dll [2016/07/13 15:57:20 | 001,847,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe [2016/07/13 15:57:20 | 000,373,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WmpDui.dll [2016/07/13 15:57:19 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WLanConn.dll [2016/07/13 15:57:19 | 000,412,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanui.dll [2016/07/13 15:57:19 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.dll [2016/07/13 15:57:19 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmicmiplugin.dll [2016/07/13 15:57:19 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll [2016/07/13 15:57:18 | 001,797,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll [2016/07/13 15:57:18 | 001,776,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll [2016/07/13 15:57:18 | 001,552,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll [2016/07/13 15:57:18 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.dll [2016/07/13 15:57:16 | 028,851,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecsRaw.dll [2016/07/13 15:57:16 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wiaaut.dll [2016/07/13 15:57:16 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\webio.dll [2016/07/13 15:57:16 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecsExt.dll [2016/07/13 15:57:15 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebcamUi.dll [2016/07/13 15:57:15 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll [2016/07/13 15:57:14 | 001,554,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll [2016/07/13 15:57:14 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcnwiz.dll [2016/07/13 15:57:13 | 004,170,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbon.dll [2016/07/13 15:57:13 | 001,385,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll [2016/07/13 15:57:13 | 000,651,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserLanguagesCpl.dll [2016/07/13 15:57:13 | 000,584,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbonRes.dll [2016/07/13 15:57:12 | 006,312,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll [2016/07/13 15:57:12 | 001,211,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Cred.dll [2016/07/13 15:57:12 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.BioFeedback.dll [2016/07/13 15:57:12 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusUpdateHandlers.dll [2016/07/13 15:57:12 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack_win.dll [2016/07/13 15:57:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll [2016/07/13 15:57:11 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotificationUx.exe [2016/07/13 15:57:09 | 000,379,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usocore.dll [2016/07/13 15:57:09 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatehandlers.dll [2016/07/13 15:57:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe [2016/07/13 15:57:08 | 001,613,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll [2016/07/13 15:57:08 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.BlockedShutdown.dll [2016/07/13 15:57:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\musdialoghandlers.dll [2016/07/13 15:57:05 | 002,444,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll [2016/07/13 15:57:05 | 001,040,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll [2016/07/13 15:57:05 | 000,701,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.dll [2016/07/13 15:57:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TpmTasks.dll [2016/07/13 15:57:04 | 002,902,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\themeui.dll [2016/07/13 15:57:04 | 002,563,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\themecpl.dll [2016/07/13 15:57:03 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskeng.exe [2016/07/13 15:57:02 | 007,533,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll [2016/07/13 15:57:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskcomp.dll [2016/07/13 15:57:01 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RADCUI.dll [2016/07/13 15:57:00 | 003,053,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcore.dll [2016/07/13 15:57:00 | 001,087,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll [2016/07/13 15:57:00 | 000,304,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\systemreset.exe [2016/07/13 15:56:57 | 003,449,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll [2016/07/13 15:56:57 | 000,992,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sbe.dll [2016/07/13 15:56:57 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sud.dll [2016/07/13 15:56:57 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2016/07/13 15:56:56 | 000,961,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll [2016/07/13 15:56:56 | 000,859,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll [2016/07/13 15:56:56 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll [2016/07/13 15:56:54 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StikyNot.exe [2016/07/13 15:56:52 | 001,487,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SpeechPal.dll [2016/07/13 15:56:52 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Speech.Pal.dll [2016/07/13 15:56:51 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SimCfg.dll [2016/07/13 15:56:51 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll [2016/07/13 15:56:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SimAuth.dll [2016/07/13 15:56:48 | 000,725,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SHCore.dll [2016/07/13 15:56:47 | 000,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll [2016/07/13 15:56:47 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll [2016/07/13 15:56:47 | 000,566,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe [2016/07/13 15:56:47 | 000,515,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneDriveSettingSyncProvider.dll [2016/07/13 15:56:46 | 000,865,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AzureSettingSyncProvider.dll [2016/07/13 15:56:46 | 000,821,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll [2016/07/13 15:56:46 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll [2016/07/13 15:56:46 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingMonitor.dll [2016/07/13 15:56:45 | 000,106,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\phoneactivate.exe [2016/07/13 15:56:44 | 000,853,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadtb.dll [2016/07/13 15:56:43 | 001,213,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdengin2.dll [2016/07/13 15:56:43 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll [2016/07/13 15:56:43 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\schtasks.exe [2016/07/13 15:56:43 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdshext.dll [2016/07/13 15:56:42 | 002,609,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkMobileSettings.dll [2016/07/13 15:56:42 | 001,540,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll [2016/07/13 15:56:42 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadcloudap.dll [2016/07/13 15:56:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkDesktopSettings.dll [2016/07/13 15:56:41 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Bluetooth.dll [2016/07/13 15:56:41 | 001,051,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MsSpellCheckingFacility.dll [2016/07/13 15:56:41 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.UserAccountsHandlers.dll [2016/07/13 15:56:41 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Maps.dll [2016/07/13 15:56:40 | 000,484,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DataSenseHandlers.dll [2016/07/13 15:56:40 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneBackupHandler.dll [2016/07/13 15:56:37 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.OnlineId.dll [2016/07/13 15:56:36 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_StorageSense.dll [2016/07/13 15:56:33 | 001,159,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ApplicationFrame.dll [2016/07/13 15:56:30 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.Handlers.dll [2016/07/13 15:56:30 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efswrt.dll [2016/07/13 15:56:30 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\easwrt.dll [2016/07/13 15:56:29 | 000,374,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe [2016/07/13 15:56:22 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSSync.dll [2016/07/13 15:56:19 | 000,692,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppwinob.dll [2016/07/13 15:56:18 | 003,428,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll [2016/07/13 15:56:18 | 000,947,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasgcw.dll [2016/07/13 15:56:18 | 000,556,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PsmServiceExtHost.dll [2016/07/13 15:56:16 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasapi32.dll [2016/07/13 15:56:15 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll [2016/07/13 15:56:14 | 004,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll [2016/07/13 15:56:14 | 002,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmsipc.dll [2016/07/13 15:56:14 | 001,434,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Editing.dll [2016/07/13 15:56:14 | 001,141,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winipcsecproc.dll [2016/07/13 15:56:13 | 000,448,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winipcfile.dll [2016/07/13 15:56:13 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\provhandlers.dll [2016/07/13 15:56:13 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\provisioningcsp.dll [2016/07/13 15:56:13 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\provops.dll [2016/07/13 15:56:12 | 002,103,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.3D.dll [2016/07/13 15:56:12 | 001,603,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll [2016/07/13 15:56:12 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.dll [2016/07/13 15:56:12 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PrintDialogs.dll [2016/07/13 15:56:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\provengine.dll [2016/07/13 15:56:12 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NFCProvisioningPlugin.dll [2016/07/13 15:56:11 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PrintDialogs3D.dll [2016/07/13 15:56:11 | 001,814,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pnidui.dll [2016/07/13 15:56:11 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToReceiver.dll [2016/07/13 15:56:10 | 000,697,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToManager.dll [2016/07/13 15:56:10 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhotoScreensaver.scr [2016/07/13 15:56:10 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToDevice.dll [2016/07/13 15:56:10 | 000,394,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll [2016/07/13 15:56:09 | 002,285,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebSync.dll [2016/07/13 15:56:09 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PackageStateRoaming.dll [2016/07/13 15:56:09 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.PicturePassword.dll [2016/07/13 15:56:08 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wpc.dll [2016/07/13 15:56:08 | 001,121,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll [2016/07/13 15:56:08 | 000,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll [2016/07/13 15:56:08 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntprint.dll [2016/07/13 15:56:08 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetpp.dll [2016/07/13 15:56:05 | 001,750,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe [2016/07/13 15:56:05 | 000,870,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll [2016/07/13 15:56:05 | 000,824,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebFilter.dll [2016/07/13 15:55:55 | 000,882,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntshrui.dll [2016/07/13 15:55:55 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LegacyNetUXHost.exe [2016/07/13 15:55:54 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcenter.dll [2016/07/13 15:55:54 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LegacyNetUX.dll [2016/07/13 15:55:53 | 002,800,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netshell.dll [2016/07/13 15:55:52 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netplwiz.dll [2016/07/13 15:55:50 | 000,576,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.UX.EapRequestHandler.dll [2016/07/13 15:55:50 | 000,510,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll [2016/07/13 15:55:49 | 000,900,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll [2016/07/13 15:55:48 | 006,675,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mspaint.exe [2016/07/13 15:55:48 | 003,355,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll [2016/07/13 15:55:48 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msieftp.dll [2016/07/13 15:55:47 | 003,415,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncCenter.dll [2016/07/13 15:55:47 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MiracastReceiver.dll [2016/07/13 15:55:47 | 000,870,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\modernexecserver.dll [2016/07/13 15:55:46 | 001,299,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetsrc.dll [2016/07/13 15:55:46 | 001,092,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll [2016/07/13 15:55:45 | 014,252,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll [2016/07/13 15:55:45 | 000,388,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpps.dll [2016/07/13 15:55:44 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll [2016/07/13 15:55:44 | 000,847,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll [2016/07/13 15:55:44 | 000,586,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mf.dll [2016/07/13 15:55:44 | 000,035,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfpmp.exe [2016/07/13 15:55:43 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\APHostService.dll [2016/07/13 15:55:42 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshostcore.dll [2016/07/13 15:55:42 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsBtSvc.dll [2016/07/13 15:55:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsCSP.dll [2016/07/13 15:55:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MosStorage.dll [2016/07/13 15:55:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshost.dll [2016/07/13 15:55:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mapsupdatetask.dll [2016/07/13 15:55:35 | 000,498,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFCaptureEngine.dll [2016/07/13 15:55:34 | 006,605,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll [2016/07/13 15:55:34 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApiPublic.dll [2016/07/13 15:55:34 | 000,817,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.Search.dll [2016/07/13 15:55:34 | 000,674,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mbsmsapi.dll [2016/07/13 15:55:34 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppBroker.dll [2016/07/13 15:55:34 | 000,393,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys [2016/07/13 15:55:33 | 001,997,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll [2016/07/13 15:55:33 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll [2016/07/13 15:55:33 | 000,450,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Bluetooth.dll [2016/07/13 15:55:33 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll [2016/07/13 15:55:32 | 005,123,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbgeng.dll [2016/07/13 15:55:29 | 000,784,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2016/07/13 15:55:28 | 001,752,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2016/07/13 15:55:28 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2016/07/13 15:55:27 | 000,585,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll [2016/07/13 15:55:27 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IdCtrls.dll [2016/07/13 15:55:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IconCodecService.dll [2016/07/13 15:55:21 | 002,127,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2016/07/13 15:55:14 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hgcpl.dll [2016/07/13 15:55:13 | 001,567,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll [2016/07/13 15:55:13 | 000,994,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe [2016/07/13 15:55:13 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ActionCenterCPL.dll [2016/07/13 15:55:13 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll [2016/07/13 15:55:12 | 002,731,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gameux.dll [2016/07/13 15:55:12 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsettingsprovider.dll [2016/07/13 15:55:12 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhengine.dll [2016/07/13 15:55:11 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcfg.dll [2016/07/13 15:55:11 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FingerprintEnrollment.dll [2016/07/13 15:55:10 | 004,827,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll [2016/07/13 15:55:09 | 001,291,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\werconcpl.dll [2016/07/13 15:55:09 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\werui.dll [2016/07/13 15:55:09 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edputil.dll [2016/07/13 15:55:09 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExecModelClient.dll [2016/07/13 15:55:08 | 001,872,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll [2016/07/13 15:55:08 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll [2016/07/13 15:55:08 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll [2016/07/13 15:55:08 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EnterpriseAppMgmtSvc.dll [2016/07/13 15:55:08 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll [2016/07/13 15:55:08 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll [2016/07/13 15:55:08 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappprxy.dll [2016/07/13 15:55:07 | 001,755,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dui70.dll [2016/07/13 15:55:07 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll [2016/07/13 15:55:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll [2016/07/13 15:55:07 | 000,503,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DMRServer.dll [2016/07/13 15:55:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dot3ui.dll [2016/07/13 15:55:06 | 002,145,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll [2016/07/13 15:55:06 | 001,240,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10.dll [2016/07/13 15:55:06 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmdskmgr.dll [2016/07/13 15:55:06 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10_1.dll [2016/07/13 15:55:05 | 004,456,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll [2016/07/13 15:55:05 | 002,445,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll [2016/07/13 15:55:04 | 016,985,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll [2016/07/13 15:55:03 | 000,911,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll [2016/07/13 15:55:03 | 000,849,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll [2016/07/13 15:55:03 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qdvd.dll [2016/07/13 15:55:02 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll [2016/07/13 15:55:02 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFiDirect.dll [2016/07/13 15:55:02 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceaccess.dll [2016/07/13 15:55:02 | 000,284,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe [2016/07/13 15:55:01 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dosvc.dll [2016/07/13 15:55:01 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\domgmt.dll [2016/07/13 15:55:00 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll [2016/07/13 15:55:00 | 000,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dlnashext.dll [2016/07/13 15:54:59 | 000,892,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.SmartCards.dll [2016/07/13 15:54:59 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Picker.dll [2016/07/13 15:54:59 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUDFPlatform.dll [2016/07/13 15:54:59 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmcsps.dll [2016/07/13 15:54:58 | 001,848,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll [2016/07/13 15:54:55 | 000,587,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll [2016/07/13 15:54:54 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll [2016/07/13 15:54:54 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdpsvc.dll [2016/07/13 15:54:54 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdpreference.exe [2016/07/13 15:54:54 | 000,037,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wldp.dll [2016/07/13 15:54:53 | 003,046,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\xpsservices.dll [2016/07/13 15:54:53 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll [2016/07/13 15:54:47 | 001,443,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagperf.dll [2016/07/13 15:54:45 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Cortana.OneCore.dll [2016/07/13 15:54:44 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Cortana.Desktop.dll [2016/07/13 15:54:43 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovs.dll [2016/07/13 15:54:39 | 000,874,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe [2016/07/13 15:54:38 | 001,317,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi [2016/07/13 15:54:38 | 001,141,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe [2016/07/13 15:54:38 | 001,030,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi [2016/07/13 15:54:07 | 000,376,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.MediaControl.dll [2016/07/13 15:54:06 | 004,775,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll [2016/07/13 15:54:06 | 001,238,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Taskmgr.exe [2016/07/13 15:54:06 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl [2016/07/13 15:54:06 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepsync.dll [2016/07/13 15:54:06 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepapi.dll [2016/07/13 15:54:05 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.AccountsControl.dll [2016/07/13 15:54:05 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ActivationManager.dll [2016/07/13 15:54:05 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll [2016/07/13 15:54:04 | 002,352,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll [2016/07/13 15:54:04 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tzautoupdate.dll [2016/07/13 15:53:57 | 001,037,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SmartcardCredentialProvider.dll [2016/07/13 15:53:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppReadiness.dll [2016/07/13 15:53:56 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ShareHost.dll [2016/07/13 15:53:56 | 000,529,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationController.dll [2016/07/13 15:53:55 | 001,128,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ClipUp.exe [2016/07/13 15:53:55 | 000,625,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ClipSVC.dll [2016/07/13 15:53:55 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oemlicense.dll [2016/07/13 15:53:54 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\licensingdiag.exe [2016/07/13 15:53:54 | 000,078,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Clipc.dll [2016/07/10 08:47:27 | 000,000,000 | ---D | C] -- C:\Users\Janet\Desktop\Old Firefox Data [5 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/08/02 15:10:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2016/08/02 14:31:17 | 000,003,861 | ---- | M] () -- C:\Users\Janet\Desktop\attach.zip [2016/08/02 14:10:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2016/08/02 14:05:09 | 000,982,800 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2016/08/02 14:05:09 | 000,216,830 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2016/08/02 14:05:09 | 000,006,428 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2016/08/02 14:03:49 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2016/08/02 13:58:44 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2016/08/02 13:56:34 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2016/08/02 13:56:24 | 3206,234,112 | -HS- | M] () -- C:\hiberfil.sys [2016/08/02 13:55:52 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin [2016/08/02 13:26:44 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016/08/02 10:05:47 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForJanet.job [2016/07/25 12:00:42 | 000,012,710 | ---- | M] () -- C:\WINDOWS\SysNative\Native.exe [5 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/08/02 14:31:17 | 000,003,861 | ---- | C] () -- C:\Users\Janet\Desktop\attach.zip [2016/08/02 13:26:44 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016/07/25 12:00:42 | 000,012,710 | ---- | C] () -- C:\WINDOWS\SysNative\Native.exe [2016/07/13 16:04:29 | 001,862,008 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll [2016/07/13 15:54:55 | 002,656,408 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll [2016/04/13 18:34:51 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll [2016/03/08 19:25:16 | 000,000,608 | RHS- | C] () -- C:\Users\Janet\ntuser.pol [2016/03/07 09:48:18 | 000,929,278 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2016/03/07 09:44:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2016/03/07 09:40:04 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2015/10/30 01:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2015/10/30 01:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2015/10/30 01:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll [2015/10/30 01:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2015/10/30 01:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2015/10/30 01:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll [2015/10/30 01:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll [2015/10/30 01:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe [2015/10/30 01:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2015/10/30 01:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll [2015/10/30 01:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll [2015/10/30 01:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2015/10/30 01:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat [2015/10/30 01:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2015/08/01 01:51:32 | 000,119,840 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll [2015/08/01 01:51:30 | 001,012,784 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe [2015/08/01 01:51:30 | 000,161,312 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe [2015/08/01 01:51:28 | 000,816,176 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe [2015/08/01 01:51:28 | 000,207,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll [2015/08/01 01:51:28 | 000,140,832 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll [2015/07/12 04:53:34 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat [2015/07/12 04:53:34 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat [2014/11/29 17:09:33 | 000,000,515 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2014/02/25 08:01:26 | 000,000,157 | ---- | C] () -- C:\Users\Janet\AppData\Roaming\WB.CFG [2014/02/01 11:02:27 | 002,905,689 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20140126-2033.dat [2013/11/25 21:36:36 | 002,971,556 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20131126-0225.dat [2013/11/07 07:46:53 | 002,825,858 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20131107-0348.dat [2013/10/15 20:13:00 | 002,798,421 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20131016-0212.dat [2013/08/29 21:30:11 | 002,833,940 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130830-0326.dat [2013/07/07 13:50:05 | 002,742,387 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130707-1950.dat [2013/05/14 19:03:35 | 002,669,928 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130515-0103.dat [2013/05/05 18:58:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013/04/29 19:23:51 | 002,777,018 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130430-0123.dat [2013/04/14 14:29:31 | 002,689,660 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130414-2028.dat [2013/04/06 19:33:57 | 002,627,472 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130407-0133.dat [2013/02/22 15:26:04 | 002,631,747 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130222-2125.dat [2013/02/14 20:22:53 | 002,699,733 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130215-0222.dat [2013/02/09 19:27:15 | 002,737,189 | ---- | C] () -- C:\Users\Janet\PPPlus-Janet-Partridge-20130210-0126.dat ========== ZeroAccess Check ========== [2016/06/08 09:30:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\windows.storage.dll -- [2016/06/30 22:32:57 | 006,605,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\windows.storage.dll -- [2016/06/30 22:19:46 | 005,240,960 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 01:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 01:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 01:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\Janet\OneDrive:ms-properties @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720 < End of report > Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 OTL Extras logfile created on: 8/2/2016 3:43:25 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Janet\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.10586.0) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.47 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 65.59% Memory free 8.65 Gb Paging File | 5.97 Gb Available in Paging File | 69.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 669.92 Gb Total Space | 601.66 Gb Free Space | 89.81% Space Free | Partition Type: NTFS Drive D: | 27.15 Gb Total Space | 3.20 Gb Free Space | 11.78% Space Free | Partition Type: NTFS Computer Name: JANET | User Name: Janet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 70 01 14 AC 8D 78 D1 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = A4 D5 2B AC 8D 78 D1 01 [binary data] "DontEnumerateCommonFilesUpgradeExe" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{5644AF52-EC3F-4B5A-81C4-ADCAD4268A07}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{6C223ECA-53B5-449F-9F08-790EDCDBB806}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F15DE162-7FC0-400C-900A-A55034F8700F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0124201D-DE22-4A82-984B-807E4811F1A4}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} | "{0346E8D7-2832-4A60-A0EC-61480B32396F}" = dir=out | name=microsoft mahjong | "{04AA0DAE-AB2B-42DB-8D9D-5B2495D770E3}" = dir=in | name=allrecipes | "{09459285-FEA7-4B33-AD0A-01390858675A}" = dir=out | name=ebay | "{0964E8E0-5BC3-4A63-AE56-CADE687C42B6}" = dir=in | name=check point vpn | "{0A3A91E7-D6C1-4000-980C-98E117DDC8D5}" = dir=in | name=microsoft mahjong | "{0A6C7D11-0760-4BB0-AC95-C8876E487B1F}" = dir=out | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} | "{0A76D51A-92D5-4058-ADB0-8250470E40A4}" = dir=in | name=hp+ | "{0B76FA8F-5953-4AE0-B9A7-601C102DCF51}" = dir=out | name=skype | "{0B8D6F5A-CE2D-46BF-BC2A-ABAF54DDAFAA}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{0BD99A14-6FC6-4782-B81C-FFAD7A8CE004}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{0CBED0FA-4219-4DBD-BA5D-CBEA8B2384E3}" = dir=out | name=xbox | "{0E09B405-8CEB-4F63-AF88-A9F1BE252811}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{0EB7B57E-B7A5-4E93-8262-52CAD3754359}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{0FC19500-20B5-4225-BCF5-8D633608FB39}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{11AC6666-66E4-4D71-9E83-7F5D22A4EB8C}" = dir=out | name=facebook+ lite | "{11B2A081-1FC0-4A55-93E9-C8BEBF51DA41}" = dir=in | name=f5 vpn | "{1258F50A-B449-4960-B9EA-E8D31B782DB4}" = dir=out | name=megatube for youtube player/downloader | "{141A9C11-434E-4E2D-A78A-D1D830E548E3}" = dir=in | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} | "{164C476A-244B-4458-8E92-AE4A90C10021}" = dir=in | name=microsoft mahjong | "{166BB1BB-3EAA-44A8-94BA-786C5D87EBDE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{176DE7F0-3555-4671-B472-0741ECB4006F}" = dir=in | name=sway | "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | "{1BFF8BB1-5D2B-4B80-AADC-9021FA438574}" = dir=out | name=kindle | "{1D5E0444-1FED-444F-8843-C06CFA1C9776}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{1D7E429C-684D-4B86-A18F-71189FF47EED}" = dir=in | name=@{microsoft.bingweather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{1E862060-34A4-4039-BF55-427F420287F6}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{26548758-3A11-495B-BC7F-98437FC92803}" = dir=out | name=sudoku free | "{28555579-CF75-4D96-80F9-E0723DFD426B}" = dir=in | name=hp all-in-one printer remote | "{2CA77985-A817-4484-BAA1-86FBA1E7FC38}" = dir=out | name=hp connected photo | "{2D6B3ACE-8030-4A20-B829-2D0325F202EB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2DE0A9BA-D9A1-4538-860B-3658EE4AC86C}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{2DFC08E5-21EC-4799-9A59-22C79E51CAE0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{2EE7230C-505F-41CF-878D-956DD00F9D50}" = dir=in | name=juniper networks junos pulse | "{2F25D1BE-0F68-40B1-87CD-79677586B3A7}" = dir=in | name=@{ad2f1837.gettingstartedwithwindows8_1.5.3.1_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} | "{2F7DD621-F52D-4455-8111-CF64F2259575}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{2FA1DA1A-E69F-4051-8E2F-BC1E6048F674}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{30346551-344C-4A41-BB6A-95886CDB77BF}" = dir=out | name=@{microsoft.3dbuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | "{31388230-4C45-48E7-A22F-BB0A1CD2F92F}" = dir=out | name=@{microsoft.people_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | "{32D53170-E190-4A04-A1D8-8B6AC706770D}" = dir=out | name=windows_ie_ac_001 | "{34C2007F-7705-40AB-997B-CA7A854EEB35}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{3501746E-8DDD-46B3-A5E8-F771D0F95E9F}" = dir=out | name=@{microsoft.bingsports_4.12.207.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | "{3553EB05-D99E-43E4-BA72-990528EC0012}" = dir=out | name=@{ad2f1837.gettingstartedwithwindows8_1.5.3.1_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} | "{359EE991-DDD2-44C3-8F0B-A838CE8EC6DD}" = dir=out | name=@{microsoft.bingsports_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{37AB88C0-6D77-4DE0-AC34-62884781F3FD}" = dir=in | name=@{microsoft.zunemusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{388614AB-6686-43F6-B5F7-FB8DBABD9C89}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{3971E85B-03E9-44A8-A154-93B16AB3E29A}" = dir=out | name=onenote | "{3B1105A5-3369-4C11-9D32-D3083864DD36}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{3CD8ED17-FCD5-4591-A474-973711F8735C}" = dir=out | name=norton studio | "{3EA342F7-2405-4442-8519-180E7CDA8328}" = dir=out | name=twitter | "{3ED1A3A1-B3B4-4F1E-85B2-C3AE08B15B05}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | "{3EDD157B-5AF7-4D1C-A9F2-B0448689952B}" = dir=out | name=hp+ | "{415B9252-DA81-4CA5-A4E5-391D2F9B6C81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{428BD205-6CE8-488C-B89E-0A7593708748}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{43664FE4-7E48-493D-9FDC-96175A6ECFC6}" = dir=out | name=@{microsoft.bingweather_3.0.4.214_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{4419DD52-7421-4869-B886-492A0F50237F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | "{464F10D2-9814-47A8-A90E-5344D337F716}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{47F5BED9-969A-4463-B20C-21F8F55DAF9B}" = dir=in | name=microsoft solitaire collection | "{4B41A907-F84B-4DD8-A4C2-CCBA12B049B3}" = dir=out | name=sway | "{5174A204-2ECD-47B6-8CA1-425B907ABD27}" = dir=out | name=f5 vpn | "{523F9DF7-7D4F-4942-B70D-4B772D2A00C7}" = dir=in | name=f5 vpn | "{525D79C1-CF89-4946-A98C-D8E7DFDDB6EB}" = dir=out | name=netflix | "{52CAE367-46D5-4F9B-8303-B72B6D96D133}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe | "{535F094B-5B77-408F-82B8-11FF773E6435}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{54CD3462-F583-4502-B2F8-3A8A4BD22517}" = dir=out | name=f5 vpn | "{54FDEE7E-1DC4-49A8-AA06-CC00EB575471}" = dir=in | name=xbox | "{5544FC13-CFDA-45AB-98C8-A5965FD5E736}" = dir=out | name=youtube player | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{57F3184A-6F62-4F60-A9C2-EB1EABA4FA02}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{582B8718-AB96-4F09-B9EF-7AC94E1DF444}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{5AB53DDB-3E73-41E4-A26B-31A62E138E0E}" = dir=out | name=@{microsoft.zunemusic_2.6.343.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{5B19614D-EA31-4E7C-9909-D58AAD8C83CD}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{5CFE9FE5-9EC8-4D73-8E2C-3D2E7EBF7878}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5D56D9C7-25A3-4B53-A637-F04A0B71AF0B}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{5D965176-2ECF-4AEC-9772-729E3B0975D3}" = dir=out | name=candy crush soda saga | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{5F4C1BCD-14E9-4F0A-B171-96F4E63E9A6E}" = dir=out | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} | "{5FEBE10F-356F-4D4D-8D89-AB44A6EE7B43}" = dir=out | name=@{microsoft.bingnews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | "{5FFC8A6C-3962-4341-91F2-0AB816CE499F}" = dir=in | name=onenote | "{61F2576E-88E3-4C6A-8085-ACB6C5AEAC27}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{62C8CF1E-0ED7-4703-BF77-1EC19E89D9CD}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{63FD824C-BE7C-4A23-8969-A6B9DF465C23}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} | "{644D167E-8143-41EB-B855-D19E33708986}" = dir=out | name=@{microsoft.zunemusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{651C5C35-32C7-43E3-A6B5-52F33259EB8E}" = dir=in | name=hp connected photo | "{6A050BB5-FAA2-483D-8B32-AFB3F785D982}" = dir=out | name=microsoft solitaire collection | "{6A39FF8C-5036-4541-A28C-2266DFE19BC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6DF759D0-4012-4786-8A26-86B79840121B}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{6F078DDA-9DD7-42A5-BEEE-04EA7ECADCEC}" = dir=out | name=kindle | "{6FE76DFF-9F5A-4C70-978D-92329BA6B6BD}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} | "{73F97016-5452-4DE7-8E2A-C60B74110648}" = dir=out | name=@{microsoft.bingfinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | "{740A9664-2C41-4FEB-AD7A-2C1CE995C77F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{76C4C916-7914-4834-B1F1-AAC27CFB65AC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7810F615-4163-4BB3-B06F-6AB12CFF45B9}" = dir=in | name=@{microsoft.bingfinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | "{7818DC4B-1057-4ADE-8D2E-79072674D797}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{7839DC4C-0009-4176-880D-819BF6EDD0B7}" = dir=out | name=iheartradio | "{7BDF77E5-CC54-4EDB-A8AB-C468C93C98D9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7DFA55B6-A6B5-4592-A849-39A909398B8F}" = dir=out | name=juniper networks junos pulse | "{7EC7EA54-6389-4AFF-94F5-4BACBE57BF56}" = dir=out | name=sonicwall mobile connect | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{828CE9CD-AA2B-44B6-9870-255E1F01BB23}" = dir=in | name=iheartradio | "{8310FEF6-150F-41DE-82C3-68592559E78B}" = dir=out | name=microsoft mahjong | "{83B2BEFB-2994-4A58-9770-B1FA2E447CC9}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{83B7547D-36D6-4CCA-A737-66C242FA04DA}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe | "{86AFCD71-A911-429D-9917-50EF423E4F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{88517667-B5D5-4E6A-BA24-69AA77AF13C8}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{8863C461-78CE-4901-84BF-AC7EDDED27E3}" = dir=out | name=@{microsoft.windowsmaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | "{89D9735B-476E-4867-9E00-8004D07B957A}" = dir=out | name=allrecipes | "{8A6D413A-B4E0-469D-8082-AE91B411CE90}" = dir=out | name=hp all-in-one printer remote | "{8AB4E806-BBDB-4E3E-A945-9476269A3D52}" = dir=in | name=@{microsoft.bingnews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | "{8B98AFA1-AE02-465C-90AE-7F5F597ECE6F}" = dir=in | name=skype | "{8C242082-BB01-4427-BAA0-7F29046ED510}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} | "{8D32C799-C605-4EA4-863F-3FE745B004BC}" = dir=in | name=@{microsoft.bingsports_4.12.207.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | "{8EDB3FE3-0261-423C-B91A-F481A28D50F3}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{918EC886-4E40-4368-BDAB-36B83DF1E738}" = dir=in | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} | "{9301C2C5-D3D7-421D-B71D-C90F6EBA949A}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe | "{94CF55A5-4C02-417B-874C-5B082F471334}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{955F15ED-3363-445E-BD9F-976E3CAAD6E9}" = dir=out | name=musictube | "{95872051-9D63-4BF3-B49A-0617BC9EB36F}" = dir=in | name=sonicwall mobile connect | "{9892E515-FE7F-428B-BC94-23E38E0E61F6}" = dir=in | name=sonicwall mobile connect | "{9B8F7A8D-7F0D-42C9-8654-2369B100B8A0}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{9F1AC7EB-9794-4C12-B5DE-4148349E7A60}" = dir=out | name=onenote | "{9F340CF8-F5A2-4FC6-9EA8-4636AE2F6C05}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe | "{A0284AD9-4CEA-4460-A39A-91FFB031EDAE}" = dir=out | name=@{microsoft.zunevideo_2.6.376.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{A35D0A14-884E-4ED2-A768-56258EC12CF2}" = dir=in | name=@{microsoft.windows.photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{A470FB10-50E4-44AD-897C-809939BF7BCE}" = dir=out | name=@{microsoft.windowsstore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{A569ACED-C75C-443A-AD3B-1791A62BAA89}" = dir=out | name=microsoft solitaire collection | "{A622FA74-B91A-48B3-BB7E-2A3770E4CA7E}" = dir=out | name=juniper networks junos pulse | "{A7EE4715-4AD7-4471-B3F3-6D3E4390EF00}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{A9FF9215-25B0-4CBF-840E-509F87F583F9}" = dir=out | name=@{microsoft.getstarted_4.0.9.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | "{ABE48E75-BACD-499E-9905-076CFDBAFABD}" = dir=out | name=@{microsoft.windows.photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{B2E3E451-537F-4F3A-9900-EF41AFA48A76}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{B4DD2B2D-EF8B-47FD-A8EF-693C4D139EC6}" = dir=in | name=juniper networks junos pulse | "{B5D5B949-C07C-447D-ABFA-42E81BF28465}" = dir=in | app=c:\program files\itunes\itunes.exe | "{B61B2193-B228-4A4A-B286-864C57B16B20}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{B845E3F5-E4BA-463D-AE42-E270A2524227}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{B9C0D8EF-442D-4394-A670-4FC13591C817}" = dir=out | name=ebay | "{BB7577E1-12F9-4BC3-A312-745C8154BE6F}" = dir=in | name=onenote | "{BF22E559-CD1A-4C0A-A59F-4983ABBC7A94}" = dir=out | name=hp registration | "{C2E3CB1D-B01E-486C-A839-70C842691A90}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{C30C2DD1-18EE-48EE-ADC0-0D165FF1AB97}" = dir=out | name=hp+ | "{C41F7FE7-2AA0-4170-B297-60A0B380C9E0}" = dir=out | name=check point vpn | "{C55B3F52-ED4F-4CB2-8C85-1B0774A37603}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} | "{C57A8C3C-10C9-4A36-BBCD-796D04D98FE1}" = dir=in | name=@{microsoft.windowsstore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{C6DF9C33-4C2A-4891-A977-FC909D91B668}" = dir=in | name=netflix | "{C7300904-49BB-4657-B423-506991EB3C0B}" = dir=out | name=norton studio | "{C7B9BC76-3CD4-4640-84BB-062720A8B346}" = dir=in | name=@{microsoft.zunevideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{C9922D68-6D8E-4772-8426-C775866F8033}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{CD477BC0-EAF4-4E92-ACA7-FDAFCECADF60}" = dir=out | name=hp registration | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D9A6788A-F703-412C-BD9C-126FA5F6F727}" = dir=in | name=hp+ | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DE8098D2-0B70-4108-A39C-A7BC1C6F63C8}" = dir=out | name=netflix | "{DF295EBC-F784-4AA3-8185-6EB1788142BC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{E1E17A3E-D1C8-428D-B0C6-32A676ABB363}" = dir=in | name=@{microsoft.microsoftofficehub_17.7031.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{E37A37E7-1D61-46C1-AB90-5C7614616988}" = dir=out | name=@{microsoft.zunevideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{E45577BA-AE62-4560-97DC-5EFB3259F0C9}" = dir=out | name=@{microsoft.microsoftofficehub_17.7031.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{E51CCDC5-5857-422B-BE63-116263F7221C}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{E58FCE85-82D2-40FE-A21C-BA7F0CCEFA32}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E5E2B2CE-8096-4F10-BE53-6EF3C8AF8BAA}" = dir=out | name=google | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E7C0DA70-ACE0-45FB-9EB6-2E612E0C436C}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | "{EA6AD8A9-6946-4138-B752-25F78D0E562E}" = dir=out | name=windows_ie_ac_001 | "{EA8B138E-C479-477B-98E6-E1B8280842A7}" = dir=out | name=check point vpn | "{EB2F98FB-E387-4B60-9A37-14FDBFBDCFBE}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{EBFF882D-009F-4106-A6F2-86026F2321ED}" = dir=out | name=snapfish | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{EEE35F3A-76A6-46D8-8E9F-B99CA50B77F7}" = dir=out | name=@{microsoft.bingweather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{EFBFE427-D260-4B83-BF73-55E187F27A78}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{F1885501-1541-4B2F-B72C-8817F944370F}" = dir=in | name=check point vpn | "{F27F1A87-36EF-4449-98D8-5EF214FDEC81}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | "{F4061A58-62C6-4BCD-AC6D-F328ED8310AD}" = dir=out | name=@{microsoft.windowsphone_10.1607.1991.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} | "{F4AE00AE-CB42-466D-B808-4DB1A5D471C1}" = dir=out | name=iheartradio | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F7C985D9-0C80-487F-9868-65CC1CC90DCE}" = dir=out | name=sonicwall mobile connect | "{F90C7AE3-EBF2-4A98-B6F6-59426461144B}" = dir=out | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} | "{F95734CD-5888-40B9-A4BB-535BE59FD87E}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{F9C0B797-B4F0-4CF1-B9E3-71197BCF4961}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{FA3389E2-2F47-4EDE-A4BD-C682D7EB10EE}" = dir=in | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} | "{FB7ED5AF-B3AD-41CF-81F3-6C28951BF893}" = dir=in | name=microsoft solitaire collection | "{FF28CB32-C93F-4182-9FB7-EB1900CD8E6E}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} | "{FF637DBA-E338-4B0F-85A9-ECA5C48058F5}" = dir=in | name=megatube for youtube player/downloader | "TCP Query User{887DB22F-2224-4EF9-B29F-B9409DE1A489}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe | "UDP Query User{9860F07F-E281-4066-9950-0BDAA41CEEA3}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{08F2724F-3B6A-91BD-E63F-1B9F8463D097}" = AMD Accelerated Video Transcoding "{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}" = HP Deskjet 3520 series Product Improvement Study "{14D155F8-40FC-F843-30C6-8776BF5CEBAA}" = AMD Fuel "{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}" = Validity WBF DDK "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard "{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}" = iTunes "{A0A03B53-927D-4454-A456-CB0A72A4912F}" = HP Deskjet 3520 series Basic Device Software "{A257DDD7-AFD4-ABEA-0F67-9C3930091B19}" = ccc-utility64 "{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}" = iCloud "{C01D249F-23DA-45B1-A5FF-12ECD647D5C6}" = PrivDog "{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}" = Apple Application Support (64-bit) "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}" = AMD Catalyst Install Manager "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service "{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel "{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream "{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{097CB5A1-D19E-F62A-6400-91DBF8D97B17}" = CCC Help Turkish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center "{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding "{0EF2A1AF-6F24-FD4B-3140-3656CC9A6BEC}" = CCC Help Italian "{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional "{11230C68-9248-D3B8-A0C5-0461D8C0691E}" = CCC Help Dutch "{13743594-F75E-491E-9EFF-203C8F8DF705}" = RealDownloader "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "{200212F5-36B0-403A-950F-80B989132A10}" = Microsoft OLE DB Provider for Visual FoxPro "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding "{26356515-5821-40FA-9C3D-9785052A1062}" = Apple Application Support (32-bit) "{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67 "{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian "{29A6A747-07ED-DB5E-AD38-5F66B06E8888}" = CCC Help Russian "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{2BE3A1BC-D155-1D32-9080-685C54689C34}" = CCC Help Korean "{2F413B34-8C18-328C-E68C-0332AB527CFF}" = CCC Help Czech "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{34C821CA-6B55-44A0-8A9B-2EF471D6019E}" = HP SimplePass "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3D062C86-0CCA-8F10-A575-3564BD50372C}" = Catalyst Control Center Graphics Previews Common "{3E2D81D1-5FEE-6E90-2E0C-B8C15F05237A}" = CCC Help Norwegian "{47B3FDA1-E7F2-D3C3-0970-B9916C5530F3}" = AMD VISION Engine Control Center "{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager "{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian "{55065080-504F-43BB-BE00-36B80D7D39A5}" = HP Support Solutions Framework "{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59F8C5AA-91BD-423D-BF05-09A80F39898F}" = HP CoolSense "{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish "{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese "{5CBA9A98-4CAE-92DC-4662-A77268EE1D04}" = CCC Help English "{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center "{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish "{5F1C0CF4-49C6-B096-0F72-AA2C319BBEE0}" = CCC Help German "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian "{650AA9FB-CA49-A284-8E13-F3732CC20D9A}" = Catalyst Control Center Localization All "{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DF0DAF1-BED0-F5BB-B96E-10AA15DF65E7}" = CCC Help Swedish "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73AD6CBA-D50D-F30C-E579-14389FF41D1D}" = Catalyst Control Center InstallProxy "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{79C54A05-F146-4EA0-8A70-D4EFE6181E52}" = HP Support Assistant "{7AF962CF-7018-C589-8439-EA7C9F2FA200}" = CCC Help Danish "{7BB80D45-4024-2E0C-FC0D-45A319CD3F99}" = CCC Help Thai "{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French "{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B6202FD-3790-4DD4-B343-51736F7FF4E5}" = Video Downloader "{8D5E8DA1-0420-4A3B-9B29-8F3A00B32BDF}" = RealDownloader "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92524C67-A99D-44C6-8995-04F5E76486AF}" = HP Documentation "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9395F41D-0F80-432E-9A59-B8E477E7E163}" = OpenOffice 4.1.1 "{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}" = vc2012_redist "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{95A762D1-99E7-F428-99B3-E3CC636C48D9}" = CCC Help Hungarian "{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch "{96DAE3D0-5008-F1FC-186D-0B364071C98C}" = CCC Help French "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B42457E-3781-7293-5643-C722BA43397E}" = CCC Help Greek "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom "{9E2BCF78-EDAD-A8BC-123D-10E0D9234753}" = CCC Help Chinese Traditional "{9FEDC691-A307-D525-7D71-EDB97240CFF3}" = CCC Help Chinese Standard "{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB1F1677-926B-894A-A890-56A3FCD9794B}" = CCC Help Finnish "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) "{ACC5984D-6859-874C-B939-058DED2692FA}" = CCC Help Portuguese "{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide "{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard "{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}" = HP Deskjet 3520 series Help "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program "{C458E818-0B4F-C961-AFDF-29F172EE5A1B}" = CCC Help Spanish "{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German "{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}" = HP Customer Experience Enhancements "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E175B925-538F-6D69-A9C9-4D0699648752}" = CCC Help Japanese "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService "{E46BF405-4ADF-36F4-A0EA-EF4CDF1A21E6}" = CCC Help Polish "{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch "{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean "{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish "{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech "{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish "{f05bfa4b-0c78-4a3e-aa74-8c220b4a7782}" = RealDownloader "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese "{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}" = QuickTime 7 "Adobe Shockwave Player" = Adobe Shockwave Player 12.1 "Cisco Connect" = Cisco Connect "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043 "Mozilla Firefox 47.0 (x86 en-US)" = Mozilla Firefox 47.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office Suite X 3.3" = Office Suite X 3.3 "PrivDog" = PrivDog 2 Legacy Browser Plug-ins "RealPlayer 18.1" = RealPlayer (RealTimes) "StartHPConnectedMusic" = HP Connected Music (Meridian - installer) "test" = Product Support "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-029362cc-622e-409b-bfea-deb90ef48c20" = Jewel Match 3 "WTA-05c24aa9-18e4-43dd-bc53-2c4ec65e2d04" = Mahjongg Dimensions Deluxe: Tiles in Time "WTA-07ebc83a-afed-46d8-acf2-113864ffc298" = Hoyle Card Games "WTA-0c62b714-73eb-4f0d-8a08-5d5a7d5a02b9" = FATE: The Cursed King "WTA-0ccd6058-6ce8-450a-9180-1d28d4d2abc9" = Mortimer Beckett and the Crimson Thief Premium Edition "WTA-2fbce475-dc1e-4e50-803f-cbdebef9eecc" = Cradle Of Egypt Collector's Edition "WTA-35d03937-dfe0-4e5b-8143-2e80cdff4679" = Peggle Nights "WTA-36fafc6a-e744-4b43-8f34-703d80a63ee8" = Tales of Lagoona "WTA-48bc7d1c-c245-43f9-974c-8b2383f17d62" = Final Drive Fury "WTA-4942909c-4b6b-4e1d-a066-d8944a1146e5" = John Deere Drive Green "WTA-53205b96-557d-48fa-892f-a5504ab2ef5f" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-613117cb-557a-47f0-af4f-f0543ff3a3d9" = Penguins! "WTA-7aaf7ad1-ee98-4ab1-b9ba-86bd61369a3a" = Chuzzle Deluxe "WTA-7f97731f-a4eb-4c2a-875b-ad412fa248a6" = Polar Golfer "WTA-80c9e712-a5b2-459a-ae49-fa71abab1310" = 4 Elements II "WTA-810b7a6a-49a7-4584-90f6-d995e1549dfb" = Polar Bowler "WTA-9b1865dd-1740-4506-acfb-388c78543f2e" = Vacation Quest™ - Australia "WTA-a24f0703-300e-4990-84e0-a262b7103456" = Build-a-lot 4 - Power Source "WTA-abe3e5d1-4f10-4f17-9883-d993bf2d9f23" = FlatOut 2 "WTA-afaaaf61-3b2c-41df-a644-08d364102930" = Governor of Poker 2 Premium Edition "WTA-bbe12318-7619-469a-b335-2dfa5acb316f" = Roads of Rome 3 "WTA-ca0d6fbb-1272-426c-95c1-ef040b6f9776" = Bejeweled 3 "WTA-d2ef2a69-032e-410e-b7e0-c7ca1b986125" = Zuma's Revenge "WTA-dd1a4899-108c-404e-a712-16bb0e41eee8" = Luxor Evolved "WTA-ebc992a3-af6d-412c-9b79-981c69e7dd0d" = Cradle of Rome 2 "WTA-f578aee6-61da-4f27-a3b5-d942e3921a79" = Farm Frenzy "WUCCCApp" = Catalyst Control Center ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/2/2016 3:18:28 PM | Computer Name = Janet | Source = ATIeRecord | ID = 16396 Description = ATI EEU PnP start/stop failed Error - 8/2/2016 3:22:26 PM | Computer Name = Janet | Source = Application Error | ID = 1000 Description = Faulting application name: downloader2.exe, version: 18.1.4.144, time stamp: 0x577c5c60 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1580 Faulting application start time: 0x01d1ecf3173782f5 Faulting application path: C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe Faulting module path: unknown Report Id: 6c78c085-a171-4e3d-aee8-cfe509c59b89 Faulting package full name: Faulting package-relative application ID: Error - 8/2/2016 3:22:32 PM | Computer Name = Janet | Source = Application Error | ID = 1000 Description = Faulting application name: downloader2.exe, version: 18.1.4.144, time stamp: 0x577c5c60 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000041d Fault offset: 0x6670c6d1 Faulting process id: 0x1580 Faulting application start time: 0x01d1ecf3173782f5 Faulting application path: C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe Faulting module path: unknown Report Id: 4b511918-2aea-42aa-91b7-55816507020e Faulting package full name: Faulting package-relative application ID: Error - 8/2/2016 3:25:31 PM | Computer Name = Janet | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 8/2/2016 3:25:31 PM | Computer Name = Janet | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 8/2/2016 3:55:31 PM | Computer Name = Janet | Source = ATIeRecord | ID = 16396 Description = ATI EEU PnP start/stop failed Error - 8/2/2016 3:56:57 PM | Computer Name = Janet | Source = ATIeRecord | ID = 16396 Description = ATI EEU PnP start/stop failed Error - 8/2/2016 3:58:56 PM | Computer Name = Janet | Source = Microsoft-Windows-Immersive-Shell | ID = 2484 Description = Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error - 8/2/2016 4:05:06 PM | Computer Name = Janet | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 8/2/2016 4:05:06 PM | Computer Name = Janet | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. [ System Events ] Error - 8/2/2016 3:55:31 PM | Computer Name = Janet | Source = Service Control Manager | ID = 7031 Description = The User Data Storage_103fd7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 8/2/2016 3:55:31 PM | Computer Name = Janet | Source = Service Control Manager | ID = 7031 Description = The User Data Access_103fd7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 8/2/2016 3:56:45 PM | Computer Name = Janet | Source = Service Control Manager | ID = 7000 Description = The luafv service failed to start due to the following error: %%1275 Error - 8/2/2016 3:56:53 PM | Computer Name = Janet | Source = Service Control Manager | ID = 7000 Description = The APXACC service failed to start due to the following error: %%31 Error - 8/2/2016 3:56:53 PM | Computer Name = Janet | Source = APXACC | ID = 16778219 Description = The NDIS6 LWF initialization has failed. (0xC0000001) Error - 8/2/2016 3:57:04 PM | Computer Name = Janet | Source = Service Control Manager | ID = 7000 Description = The Privacy Content Firewall service failed to start due to the following error: %%3 Error - 8/2/2016 4:01:11 PM | Computer Name = Janet | Source = DCOM | ID = 10010 Description = Error - 8/2/2016 4:01:17 PM | Computer Name = Janet | Source = Service Control Manager | ID = 7022 Description = The Delivery Optimization service hung on starting. Error - 8/2/2016 4:04:42 PM | Computer Name = Janet | Source = DCOM | ID = 10016 Description = Error - 8/2/2016 4:04:43 PM | Computer Name = Janet | Source = DCOM | ID = 10016 Description = < End of report > Link to post Share on other sites
flashh4 Posted August 2, 2016 Report Share Posted August 2, 2016 Hi panthermom, do you have PrivDog 2 Legacy Browser installed ???? If so i need you to remove it from your Control Panel (add/remove/uninstall programs !! We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems. Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the http://img.photobucket.com/albums/v317/flashh4/customFix.png[/IMG]. text box of the OTL tool/program ! Start with and include the colon plus :OTL Copy everthing in RED and Paste into the box in the OTL program !!:OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} [2016/01/12 14:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\Extensions [2016/07/10 08:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\Firefox\Profiles\z4m9nsxw.default-1468162040373\extensions [2016/06/29 10:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll File not found O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (livessp) - File not found O30 - LSA: Security Packages - (livessp) - File not found :Commands [emptyjava] [emptyflash] [EMPTYTEMP] [RESETHOSTS] [CREATERESTOREPOINT] [Reboot] # Then click the Run Fix button at the top. # Click http://img.photobucket.com/albums/v317/flashh4/btnOK.png[/IMG] # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format. Remember to enable your real time protection. Post that log next ! Thanks Chuck Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found. C:\Users\Janet\AppData\Roaming\mozilla\Extensions folder moved successfully. C:\Users\Janet\AppData\Roaming\mozilla\Firefox\Profiles\z4m9nsxw.default-1468162040373\extensions folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_ folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\hi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\he folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fil folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\et folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\es_419 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en_US folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en_GB folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\en folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\ca folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales\ar folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\zh_TW folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\zh_CN folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\tr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\sv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\sr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\sl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\sk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\ru folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\ro folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\pt_PT folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\pt_BR folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\pl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\nl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\nb folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\lv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\lt folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\ko folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\ja folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\it folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\hr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\he folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\et folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\en folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales\ar folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\images folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_TW folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_CN folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\vi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\uk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\tr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\th folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ru folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ro folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_PT folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_BR folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\no folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\nl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ms folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lt folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ko folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ja folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\it folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\id folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\he folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fil folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\et folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es_419 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_US folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_GB folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ca folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ar folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0 folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales folder moved successfully. C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 folder moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2F5C139F-79BD-4C84-A95A-E7140525BC55}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F5C139F-79BD-4C84-A95A-E7140525BC55}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2F5C139F-79BD-4C84-A95A-E7140525BC55}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F5C139F-79BD-4C84-A95A-E7140525BC55}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Default.migrated User: Janet ->Java cache emptied: 0 bytes User: Public User: TEMP User: Test ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Default.migrated User: Janet ->Flash cache emptied: 23448 bytes User: Public User: TEMP User: Test Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default.migrated ->Temporary Internet Files folder emptied: 0 bytes User: Janet ->Temp folder emptied: 196521235 bytes ->Temporary Internet Files folder emptied: 5515849 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 42844068 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: TEMP ->Temp folder emptied: 0 bytes User: Test ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 2296168 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 236.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 08022016_170224 Files\Folders moved on Reboot... File move failed. C:\Users\Janet\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot. C:\WINDOWS\temp\HP Support Framework\HPSF_Config1.dll moved successfully. C:\WINDOWS\temp\etilqs_aV80VCwbT5exhdt moved successfully. C:\WINDOWS\temp\etilqs_gTkfnkP25sKMv3h moved successfully. C:\WINDOWS\temp\etilqs_hpm5ud7MPTEzhLG moved successfully. C:\WINDOWS\temp\etilqs_ohjlHOuwqECPYfh moved successfully. File\Folder C:\WINDOWS\temp\GoogleUpdate.exe.old821d9 not found! File\Folder C:\WINDOWS\temp\goopdate.dll8401f not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Link to post Share on other sites
flashh4 Posted August 2, 2016 Report Share Posted August 2, 2016 Panthermom, lets clean up the logs & programs we used !! Clean up of Malware Removal Tools Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded. Download Delfix to your desktop and double click it to start the program [url=http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14102815956339&key=bf4adfcbb328b51c165afd7f95bfc060&libId=64704d6e-537a-4ac2-beea-64e5d35e3f5f&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F342065-very-slow-computer-aswmbr-rootkit-not-working%2Fpage-2&v=1&out=https%3A%2F%2Ftoolslib.net%2Fdownloads%2Fviewdownload%2F2-delfix%2F&ref=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Fforum%2F37-virus-spyware-malware-removal%2F&title=Very%20slow%20computer%2C%20aswMBR%20rootkit%20not%20working%20%5BClosed%5D%20-%20Page%202%20-%20Virus%2C%20Spyware%2C%20Malware%20Removal&txt=here]here[/url] Ensure Remove disinfection tools is ticked Also tick: o Create registry backup o Purge system restore o Reset system settings o Click Run The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. You can delete any log files left on your desktop as these are no longer needed. ========================== Congratulation you are clean !!! Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. This is my standard "All Clean Speech." You may have some already installed, these are just recommendations ! Here are some tips to reduce the potential for spyware infection in the future: Here are some tips to reduce the potential for spyware/malware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click onOptions. Click once on theSecurity tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. 2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure. [url=https://addons.mozilla.org/en-US/firefox/addon/noscript/]NoScript[/url][/color] [url= https://adblockplus.org/en/firefox] adblock plus[/url] 3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below: [url=http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html]Online Armor Free[/url] [url=http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html]Agnitum Outpost Firewall Free [/url] [url=http://personalfirewall.comodo.com/]Comodo Firewall Free [/url] 5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6.[url=http://www.mywot.com/]WOT[/url](Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome. 7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware[/url] . Let me know how it's running ? Any problems ? It may run a tad slow until a few normal re-boots, but according to all logs you are clean !! Thanks Chuck Link to post Share on other sites
panthermom29 Posted August 2, 2016 Author Report Share Posted August 2, 2016 # DelFix v1.013 - Logfile created 02/08/2016 at 17:27:22 # Updated 17/04/2016 by Xplode # Username : Janet - JANET # Operating System : Windows 10 Home (64 bits) ~ Removing disinfection tools ... Deleted : C:\_OTL Deleted : C:\AdwCleaner Deleted : C:\Users\Janet\Desktop\dds.txt Deleted : C:\Users\Janet\Desktop\JRT.txt Deleted : C:\Users\Janet\Downloads\adwcleaner_3.308 (1).exe Deleted : C:\Users\Janet\Downloads\adwcleaner_3.308.exe Deleted : C:\Users\Janet\Downloads\adwcleaner_5.201(1).exe Deleted : C:\Users\Janet\Downloads\adwcleaner_5.201(2).exe Deleted : C:\Users\Janet\Downloads\adwcleaner_5.201.exe Deleted : C:\Users\Janet\Downloads\dds.com Deleted : C:\Users\Janet\Downloads\Extras.Txt Deleted : C:\Users\Janet\Downloads\JRT (1).exe Deleted : C:\Users\Janet\Downloads\JRT(1).exe Deleted : C:\Users\Janet\Downloads\JRT.exe Deleted : C:\Users\Janet\Downloads\OTL.Txt Deleted : C:\Users\Janet\Downloads\SecurityCheck.exe Deleted : HKCU\console_combofixbackup Deleted : HKLM\SOFTWARE\OldTimer Tools Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #13 [Windows Update | 06/24/2016 17:48:08] Deleted : RP #14 [Windows Update | 07/17/2016 15:16:01] Deleted : RP #16 [Reimage Repair Restore Point | 07/25/2016 18:00:52] Deleted : RP #17 [JRT Pre-Junkware Removal | 08/02/2016 19:09:03] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Link to post Share on other sites
flashh4 Posted August 2, 2016 Report Share Posted August 2, 2016 Looks Good ! Happy Surfing ! Chuck I will lock this topic in 5 days ! If you need it reopened please PM me or any Mod !! Link to post Share on other sites
flashh4 Posted August 7, 2016 Report Share Posted August 7, 2016 Seeing how the problems are now solved i will lock this topic, all others please start a new one. If you need this topic re-opened please PM me or any Mod ! Thanks Chuck Link to post Share on other sites
Recommended Posts