The issues have been happening for a few weeks. It started when my computer, (HP AIO Omni 220 PC, running Windows 7), became very slow. Had cable company check connection, still slow. Then, one day last week, Internet Explorer went missing. I searched for it in my Programs and Features listing. I searched for it on the bottom tool bar. Whenever I selected the IE icon or selected IE on a search, Yahoo would open. I tried to download IE from Microsoft website and kept getting an error (Did not write it down!). One night, I think it was last Monday, I ran the Malwarebytes Anti-Malware software. The software ran, I did not delete what it found because I was not sure if it really was malware because the notation said the items were POTENTIALLY a threat. IE still would not work. I then started searching the internet and out of nowhere, the computer froze. I performed a hard reset, (Held the power button down for about 10 seconds), waited a few minutes then powered unit back on. Start-up repair was performed automatically and system was running like a top! The next day, expecting everything was fine, I clicked the IE icon and nothing happened and on top of that, the system was running like molasses, REALLY SLOW. I have ran IOLO and Malwarebytes and no success.
As of today, the IE icon is working and the system is working fine. After what I have been through, I don't trust it.
I would appreciate it if someone took a look and determine what the trouble is. I suspect malware or a virus.
Please assist.
Thank you,
MiamE52
GO DOLPHINS!!!
Below are the results from the FRST scan. And I am still unable to use IE; I must use Chromium or Google Chrome and then Yahoo! opens.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01
Ran by MiamE52 (administrator) on MIAME52-HP (03-07-2017 19:48:32)
Running from C:\Users\MiamE52\Downloads
Loaded Profiles: MiamE52 (Available Profiles: MiamE52)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\hp\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\hp\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulAlert.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\4.0.4017.4\mcupdatemgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(DoD PKE Engineering) C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-17] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKLM\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKLM\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKLM\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\hp\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [Chromium] => c:\users\miame52\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [GoogleChromeAutoLaunch_14D3130BA01A617676C66D5709557B32] => C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
Startup: C:\Users\MiamE52\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-11-08]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{071900BA-B282-42C9-A9F4-C6B9335BF40B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE9B4996-A37B-470D-9C97-D585B5A1334C}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=NqVcNGRdMapcNZ%3D%3D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=NqVcNGRdMapcNZ%3D%3D
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=NqVcNGRdMapcNZ%3D%3D
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {BB169596-B627-4D49-85CB-A2C52EE8439F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0BtByDyEtCtBtAtD0AtC0AtN0D0Tzu0StCzytCyCtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEtBzztA0C0B0DtCtGtAyE0AzztG0B0AyC0DtGtAyDtBzztG0AyC0CtAyDtC0EyEtD0F0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0AyCtD0FyBtDtG0BtBtB0AtGyE0ByB0BtGzyyDyE0AtG0FtByEtB0AtAzyzztB0A0F0D2QtN0A0LzuyE%26cr%3D1938107633%26a%3Dwbf_dwndlm_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {BB169596-B627-4D49-85CB-A2C52EE8439F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0BtByDyEtCtBtAtD0AtC0AtN0D0Tzu0StCzytCyCtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEtBzztA0C0B0DtCtGtAyE0AzztG0B0AyC0DtGtAyDtBzztG0AyC0CtAyDtC0EyEtD0F0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0AyCtD0FyBtDtG0BtBtB0AtGyE0ByB0BtGzyyDyE0AtG0FtByEtB0AtAzyzztB0A0F0D2QtN0A0LzuyE%26cr%3D1938107633%26a%3Dwbf_dwndlm_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {BB169596-B627-4D49-85CB-A2C52EE8439F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-04-17] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-04-17] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-05-10] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2016-12-31] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/?mkt=en-US&pc=__PARAM__
CHR NewTab: Default -> Active:"chrome-extension://effifihbpogpocajanfldchhhaeldccl/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
CHR Extension: (Google Docs) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-14]
CHR Extension: (Google Drive) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-20]
CHR Extension: (Rapport) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-10-20]
CHR Extension: (YouTube) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-20]
CHR Extension: (Google Search) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (My Quick Converter Version 2) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\effifihbpogpocajanfldchhhaeldccl [2017-07-03]
CHR Extension: (Google Docs Offline) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-20]
CHR Extension: (Chrome Media Router) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-966165078-3032698903-2344235266-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-966165078-3032698903-2344235266-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-966165078-3032698903-2344235266-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [144864 2017-03-22] () [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-17] (Portrait Displays, Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-12-31] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 InstallRoot; C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe [1029224 2016-07-11] (DoD PKE Engineering)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-04-04] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2408432 2017-05-23] (IBM Corp.)
S2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-03-31] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [96656 2017-04-01] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-03-31] (CACE Technologies, Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [384256 2017-05-23] (IBM Corp.)
R4 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-03-15] (IBM Corp.)
R1 RapportCerberus_1804058; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804058.sys [1271232 2017-06-26] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [585376 2017-05-23] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [253856 2017-05-23] (IBM Corp.)
S3 RapportIaso; no ImagePath
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [507904 2017-05-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [610560 2017-05-23] (IBM Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-03 19:48 - 2017-07-03 19:49 - 00037681 _____ C:\Users\MiamE52\Downloads\FRST.txt
2017-07-03 19:47 - 2017-07-03 19:48 - 00000000 ____D C:\FRST
2017-07-03 19:47 - 2017-07-03 19:47 - 02436096 _____ (Farbar) C:\Users\MiamE52\Downloads\FRST64 (2).exe
2017-07-03 19:44 - 2017-07-03 19:44 - 02436096 _____ (Farbar) C:\Users\MiamE52\Downloads\FRST64 (1).exe
2017-07-03 19:41 - 2017-07-03 19:41 - 02436096 _____ (Farbar) C:\Users\MiamE52\Downloads\FRST64.exe
2017-07-03 15:46 - 2017-07-03 15:48 - 00000000 ____D C:\Users\MiamE52\AppData\Local\DoD-PKE
2017-07-03 15:45 - 2017-07-03 15:45 - 00001153 _____ C:\Users\Public\Desktop\InstallRoot 5.0.1.lnk
2017-07-03 15:45 - 2017-07-03 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoD-PKE
2017-07-03 15:45 - 2017-07-03 15:45 - 00000000 ____D C:\Program Files\DoD-PKE
2017-07-03 15:43 - 2017-07-03 15:43 - 29253632 _____ C:\Users\MiamE52\Downloads\InstallRoot_5.0.1x64 (1).msi
2017-07-03 15:38 - 2017-07-03 15:38 - 29253632 _____ C:\Users\MiamE52\Downloads\InstallRoot_5.0.1x64.msi
2017-06-19 20:57 - 2017-04-01 01:30 - 00096656 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2017-06-19 07:01 - 2017-06-02 03:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-19 07:01 - 2017-06-02 03:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-19 07:01 - 2017-05-14 15:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-19 07:01 - 2017-05-14 14:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-19 07:01 - 2017-05-14 14:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-19 07:01 - 2017-05-14 13:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-19 07:01 - 2017-05-14 13:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-19 07:01 - 2017-05-14 13:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-19 07:01 - 2017-05-14 13:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-19 07:01 - 2017-05-14 13:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-19 07:01 - 2017-05-12 13:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-19 07:01 - 2017-05-12 12:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-19 07:01 - 2017-05-10 10:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-19 07:01 - 2017-05-10 10:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-19 07:01 - 2017-04-27 17:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-19 07:01 - 2017-04-12 08:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-19 07:00 - 2017-06-02 03:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-19 07:00 - 2017-06-02 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-19 07:00 - 2017-06-02 03:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-19 07:00 - 2017-06-02 03:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-19 07:00 - 2017-06-02 03:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-19 07:00 - 2017-06-02 02:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-19 07:00 - 2017-06-02 02:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-19 07:00 - 2017-06-02 02:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-19 07:00 - 2017-06-02 02:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-19 07:00 - 2017-05-20 23:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-19 07:00 - 2017-05-20 23:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-19 07:00 - 2017-05-20 23:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-19 07:00 - 2017-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-19 07:00 - 2017-05-20 22:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-19 07:00 - 2017-05-20 22:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-19 07:00 - 2017-05-20 22:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-19 07:00 - 2017-05-20 22:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-19 07:00 - 2017-05-20 22:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-19 07:00 - 2017-05-20 22:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-19 07:00 - 2017-05-16 13:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-19 07:00 - 2017-05-16 12:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-19 07:00 - 2017-05-14 15:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-19 07:00 - 2017-05-14 15:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-19 07:00 - 2017-05-14 15:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-19 07:00 - 2017-05-14 15:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-19 07:00 - 2017-05-14 15:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-19 07:00 - 2017-05-14 15:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-19 07:00 - 2017-05-14 15:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-19 07:00 - 2017-05-14 15:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-19 07:00 - 2017-05-14 15:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-19 07:00 - 2017-05-14 15:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-19 07:00 - 2017-05-14 15:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-19 07:00 - 2017-05-14 15:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-19 07:00 - 2017-05-14 15:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-19 07:00 - 2017-05-14 15:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-19 07:00 - 2017-05-14 15:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-19 07:00 - 2017-05-14 15:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-19 07:00 - 2017-05-14 14:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-19 07:00 - 2017-05-14 14:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-19 07:00 - 2017-05-14 14:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-19 07:00 - 2017-05-14 14:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-19 07:00 - 2017-05-14 14:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-19 07:00 - 2017-05-14 14:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-19 07:00 - 2017-05-14 14:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-19 07:00 - 2017-05-14 14:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-19 07:00 - 2017-05-14 14:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-19 07:00 - 2017-05-14 14:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-19 07:00 - 2017-05-14 14:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-19 07:00 - 2017-05-14 14:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-19 07:00 - 2017-05-14 14:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-19 07:00 - 2017-05-14 14:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-19 07:00 - 2017-05-14 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-19 07:00 - 2017-05-14 14:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-19 07:00 - 2017-05-14 14:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-19 07:00 - 2017-05-14 14:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-19 07:00 - 2017-05-14 14:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-19 07:00 - 2017-05-14 14:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-19 07:00 - 2017-05-14 14:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-19 07:00 - 2017-05-14 14:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-19 07:00 - 2017-05-14 14:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-19 07:00 - 2017-05-14 14:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-19 07:00 - 2017-05-14 14:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-19 07:00 - 2017-05-14 14:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-19 07:00 - 2017-05-14 14:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-19 07:00 - 2017-05-14 13:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-19 07:00 - 2017-05-14 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-19 07:00 - 2017-05-14 13:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-19 07:00 - 2017-05-14 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-19 07:00 - 2017-05-14 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-19 07:00 - 2017-05-14 13:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-19 07:00 - 2017-05-14 13:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-19 07:00 - 2017-05-14 13:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-19 07:00 - 2017-05-14 13:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-19 07:00 - 2017-05-14 13:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-19 07:00 - 2017-05-14 13:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-19 07:00 - 2017-05-14 13:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-19 07:00 - 2017-05-14 13:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-19 07:00 - 2017-05-14 13:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-19 07:00 - 2017-05-14 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-19 07:00 - 2017-05-12 13:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-19 07:00 - 2017-05-12 13:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-19 07:00 - 2017-05-12 13:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-19 07:00 - 2017-05-12 13:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-19 07:00 - 2017-05-12 13:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-19 07:00 - 2017-05-12 13:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-19 07:00 - 2017-05-12 13:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 12:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-19 07:00 - 2017-05-12 12:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-19 07:00 - 2017-05-12 12:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-19 07:00 - 2017-05-12 12:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-19 07:00 - 2017-05-12 12:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-19 07:00 - 2017-05-12 12:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-19 07:00 - 2017-05-12 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-19 07:00 - 2017-05-12 12:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-19 07:00 - 2017-05-12 12:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-19 07:00 - 2017-05-12 12:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-19 07:00 - 2017-05-12 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-19 07:00 - 2017-05-12 12:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 12:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 12:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 12:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 11:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-19 07:00 - 2017-05-12 10:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-19 07:00 - 2017-05-12 10:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-19 07:00 - 2017-05-10 10:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-19 07:00 - 2017-05-10 10:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-19 07:00 - 2017-05-10 10:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-19 07:00 - 2017-05-10 10:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-19 07:00 - 2017-05-10 10:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-19 07:00 - 2017-05-10 10:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-19 07:00 - 2017-05-10 10:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-19 07:00 - 2017-05-10 10:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-19 07:00 - 2017-05-10 10:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-19 07:00 - 2017-05-10 10:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-19 07:00 - 2017-05-10 10:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-19 07:00 - 2017-05-10 10:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-19 07:00 - 2017-05-10 10:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-19 07:00 - 2017-05-10 10:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-19 07:00 - 2017-05-10 10:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-19 07:00 - 2017-05-10 10:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-19 07:00 - 2017-05-10 10:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-19 07:00 - 2017-05-10 10:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-19 07:00 - 2017-05-10 10:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-19 07:00 - 2017-05-10 10:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-19 07:00 - 2017-05-10 09:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-19 07:00 - 2017-05-09 10:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-19 07:00 - 2017-05-09 10:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-19 07:00 - 2017-05-09 10:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-19 07:00 - 2017-05-07 10:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-19 07:00 - 2017-05-07 10:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-19 07:00 - 2017-03-30 10:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-19 07:00 - 2017-03-30 09:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-11 20:20 - 2017-06-11 20:21 - 150436469 _____ C:\Users\MiamE52\Downloads\B-JM53BSPWWB-1015.0.zip
2017-06-11 18:59 - 2017-06-11 18:59 - 09966975 _____ C:\Users\MiamE52\Downloads\SAC33601901_6-en.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-03 19:36 - 2017-03-31 20:36 - 00000282 _____ C:\Windows\Tasks\{5E41B75B-B16F-DD27-A97C-55B67D218453}.job
2017-07-03 19:35 - 2017-03-31 20:35 - 00000986 _____ C:\Windows\Tasks\Yahoo! Powered midem.job
2017-07-03 15:43 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-03 15:43 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-03 14:01 - 2015-03-01 20:54 - 00002302 ____H C:\Users\MiamE52\Documents\Default.rdp
2017-07-03 08:00 - 2016-05-08 10:17 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMiamE52
2017-07-03 08:00 - 2016-05-08 10:17 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForMiamE52.job
2017-07-03 06:39 - 2015-03-01 20:16 - 00000000 ____D C:\ProgramData\PDFC
2017-06-28 09:05 - 2015-03-14 18:31 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 09:05 - 2015-03-14 18:31 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 09:02 - 2017-04-02 17:21 - 00000000 ____D C:\Users\MiamE52\AppData\Local\NETGEARGenie
2017-06-26 07:36 - 2017-04-02 17:22 - 00000259 _____ C:\Users\MiamE52\AppData\Roaming\WB.CFG
2017-06-26 07:36 - 2017-03-31 20:35 - 00000000 ____D C:\Users\MiamE52\AppData\Roaming\Pudohopor
2017-06-26 06:58 - 2009-07-14 00:13 - 00799374 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-26 06:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-06-26 06:54 - 2016-12-21 08:50 - 00000000 __RSD C:\Users\MiamE52\Documents\McAfee Vaults
2017-06-26 06:52 - 2015-09-19 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-06-26 06:51 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-26 06:50 - 2009-07-13 23:45 - 00413136 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-26 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-26 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-19 21:08 - 2015-03-14 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-19 21:07 - 2016-12-23 15:43 - 00000000 ____D C:\Windows\system32\MRT
2017-06-19 21:07 - 2015-03-14 19:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-19 21:07 - 2015-03-14 19:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-19 21:02 - 2016-12-23 15:43 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-19 20:57 - 2016-12-21 08:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-19 20:15 - 2015-03-21 07:51 - 00000000 ____D C:\Users\MiamE52\Documents\Outlook Files
2017-06-19 20:15 - 2014-08-24 11:24 - 00000000 ____D C:\Users\Miss Edith\Documents\Outlook Files
2017-06-05 15:31 - 2016-12-21 08:49 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
==================== Files in the root of some directories =======
2017-04-28 18:36 - 2017-04-28 18:36 - 7649280 _____ () C:\Program Files (x86)\GUT6512.tmp
2017-04-02 17:22 - 2017-06-26 07:36 - 0000259 _____ () C:\Users\MiamE52\AppData\Roaming\WB.CFG
2015-11-02 20:29 - 2015-11-02 20:29 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\{5E41B75B-B16F-DD27-A97C-55B67D218453}.job
Some files in TEMP:
====================
2016-05-23 18:08 - 2017-02-09 21:19 - 10779584 _____ () C:\Users\MiamE52\AppData\Local\Temp\HPPSdr.exe
2016-10-20 13:02 - 2016-10-20 13:02 - 0737856 _____ (Oracle Corporation) C:\Users\MiamE52\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-01-20 19:09 - 2016-01-20 19:09 - 0644704 _____ (Oracle Corporation) C:\Users\MiamE52\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-06-25 14:59 - 2016-06-25 14:59 - 0739904 _____ (Oracle Corporation) C:\Users\MiamE52\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-05-31 04:13 - 2016-05-31 04:13 - 0219264 _____ (McAfee, Inc.) C:\Users\MiamE52\AppData\Local\Temp\McCSPInstall.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-12 00:42
==================== End of FRST.txt ============================
Next is the addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by MiamE52 (03-07-2017 19:50:29)
Running from C:\Users\MiamE52\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-03-01 23:54:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-966165078-3032698903-2344235266-500 - Administrator - Disabled)
Guest (S-1-5-21-966165078-3032698903-2344235266-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-966165078-3032698903-2344235266-1002 - Limited - Enabled)
MiamE52 (S-1-5-21-966165078-3032698903-2344235266-1001 - Administrator - Enabled) => C:\Users\MiamE52
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WTA-a620de4f-43cd-4ad3-9ced-d8fc6e852013) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-17786eca-eca6-4e1e-acd3-209134259f3b) (Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (HKLM-x32\...\WTA-665a303a-742f-4639-9a24-4fb79a28b9ba) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WTA-7c4cc3fc-6b7b-406f-aeca-4b36e2a0a85a) (Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-04712b30-f7ac-40d3-9f26-963d3e650776) (Version: 2.2.0.97 - WildTangent) Hidden
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.7.0.1 - Byte Technologies LLC) <==== ATTENTION
Cake Mania (HKLM-x32\...\WTA-f5cbfcce-0a98-456f-9bb7-ce5b0df94a9b) (Version: 2.2.0.95 - WildTangent) Hidden
Chromium (HKLM-x32\...\{E02508E5-B0A5-D965-0125-A9E5D1A57A65}) (Version: - )
Chronicles of Albian (HKLM-x32\...\WTA-3fe0a1ec-53fc-40f4-95a8-96f2457d07e9) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-cc88d482-e88c-445d-917c-b7653d581adc) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-8da6f84f-eee6-44fe-af60-f381590df958) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3922 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Farm Frenzy (HKLM-x32\...\WTA-b8412d97-5345-431e-b4c0-819ec81d8274) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-31231939-b873-4011-b256-d3a9b471b015) (Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-2396831a-741d-4d28-889c-fc6d999f7657) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.04.022 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT)
InstallRoot (HKLM\...\{8A5017FC-128C-446E-93FF-7115DDDFA430}) (Version: 5.0.1 - DoD PKE)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (HKLM-x32\...\WTA-0b33844c-c941-4e52-8552-b68426e5c48f) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
Mah Jong Medley (HKLM-x32\...\WTA-c924b05b-2987-4f7c-9adf-7b20cc35f4c9) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Multi Access - Internet Security (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Castle: The Mirror's Secret Platinum Edition (HKLM-x32\...\WTA-ad0e4638-d7c9-46e9-a461-90b3ccd940af) (Version: 3.0.2.126 - WildTangent) Hidden
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-0b291a3a-9c8d-42c2-9ff6-5c8e0e6183c2) (Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (HKLM-x32\...\WTA-e7cc80df-668d-4f3b-8a39-42e8b422792a) (Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.23.exe - NETGEAR Inc.)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WTA-43f188d3-fb58-4036-96dd-dec6ac328afa) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-768270fa-48a1-4356-8237-382d7f458af4) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-a90ee1c2-0ef0-436c-b0e0-94c329b860ee) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-7d11e879-0fc7-4672-b25a-71c43b0e119b) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-7204a585-ee47-49f2-bcf2-539cf1acc559) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.9.3 - Intuit)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.112 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SkyTools 3 Starter Edition (HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\SkyTools 3 Starter Edition) (Version: - )
Slingo Supreme (HKLM-x32\...\WTA-2612c666-5be7-42d6-9a41-c55c485ea5de) (Version: 2.2.0.97 - WildTangent) Hidden
Solitaire Mystery Double Pack (HKLM-x32\...\WTA-9811747f-6c43-4789-868d-28860117fcc2) (Version: 3.0.2.59 - WildTangent) Hidden
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.25 - iolo technologies, LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.112 - Trusteer)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (HKLM-x32\...\WTA-39b40dbd-141e-4e43-bd5c-086873809231) (Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-355490d3-5d00-46e9-80f2-2b5469e39e2c) (Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zuma Deluxe (HKLM-x32\...\WTA-08347955-0f33-4a0d-8a46-912fa2184771) (Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-04-17] (McAfee, Inc.)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers03: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-05] (Hewlett-Packard)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-06-26] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-04-17] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {024A914E-5E8C-4D4E-8612-527844F99A13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {0978AC47-510F-4E7C-A9A2-C92E661AB826} - System32\Tasks\MirageAgent => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-23] (CyberLink)
Task: {1349C47A-A38F-42D8-8428-74E3D2B1972E} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {1B2C4E9A-2CA2-4322-B8E6-85EF87F09228} - System32\Tasks\HPCeeScheduleForMiamE52 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3436A15F-6E1F-4365-B351-A28D5A4F72AC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {44A874C8-7384-4B8A-83FF-8FC6D0598EC7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {52012E99-BC4F-4BA4-A7A8-BF6A8D8D7714} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {57719A5F-5EF8-464D-9908-0CFE4BDCCBDE} - System32\Tasks\Yahoo! Powered midem => Wscript.exe "C:\ProgramData\{3DF2F891-B7B0-7257-3176-EC15AB3467DB}\cito.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b33444632463839312d423742302d373235372d333137362d4543313541423334363744427d5c6c6f63656469" "433a5c50726f6772616d446174615c7b33444632463839312d423742302d373235372d3331 (the data entry has 80 more characters). <==== ATTENTION
Task: {5A850D28-A471-4989-ADA8-4EB8BECF6026} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {5B2C70F8-CC17-41C2-92FF-3268FD9D5A54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {5B896022-4678-4FB2-9010-D5F01B2CA620} - System32\Tasks\{5E41B75B-B16F-DD27-A97C-55B67D218453} => C:\Users\MiamE52\AppData\Roaming\Pudohopor\SyncVersion.exe [2013-05-06] ()
Task: {6E12BEAA-4837-4E4C-B6A3-54AA9EAC347D} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9d0cb78121f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {774C92D9-CC62-4986-94DD-DCC0753D31ED} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e9d0cbb3e2b1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {77C59F3A-EF6C-4B8C-9AB8-44DC2C692B04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {7B66DB56-64A4-4ACF-8430-2FEB3139CCD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8882A8F9-BD9C-43FC-A39B-63CAC110C363} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {927B5B8D-145E-4B7D-8329-F120784B9C25} - System32\Tasks\WBUpdateTask => C:\Program Files\WebBarMedia\5.5.6275.25383\winwb.exe
Task: {932B0228-BF20-4952-8FCC-D5087350046C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-966165078-3032698903-2344235266-1001
Task: {974DBDCC-EAFB-459F-BBD1-72ACED4C33D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {A3F07606-872B-4506-8DDD-BAF8F680AA2E} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-03-22] () <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C9086497-37A0-47E4-9DDB-858632E8DC74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-05] (Adobe Systems Incorporated)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {CF8D9C0B-8241-4E1C-ACD7-C12B219A9934} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {D2A4E555-0382-4F3D-BF64-9221F325DC65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {D76881E1-1722-487A-9C09-DF08421C67EF} - System32\Tasks\WBLaunchTask => C:\Program Files\WebBarMedia\5.5.6275.25383\winwb.exe
Task: {DF3A30A4-B239-4362-83E5-7D564FA9024F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-03-22] () <==== ATTENTION
Task: {E163EA96-62CB-46ED-B23E-0CBE992DE9A2} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {EFC54C18-FA72-4124-A5C3-BFA412FB0D70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FED2AFFE-0FBA-4558-9907-1E210E28EC7B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-02-26] (McAfee, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMiamE52.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Yahoo! Powered midem.job => Wscript.exe C:\ProgramData\{3DF2F891-B7B0-7257-3176-EC15AB3467DB}\cito.txt <==== ATTENTION
Task: C:\Windows\Tasks\{5E41B75B-B16F-DD27-A97C-55B67D218453}.job => C:\Users\MiamE52\AppData\Roaming\PUDOHO~1\SYNCVE~1.EXE <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-01 19:57 - 2011-06-26 21:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2013-04-07 06:38 - 2013-04-07 06:38 - 01044224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2013-04-07 06:42 - 2013-04-07 06:42 - 00123136 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2017-06-28 09:05 - 2017-06-22 22:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 09:05 - 2017-06-22 22:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-07-11 18:03 - 2016-07-11 18:03 - 06504040 _____ () C:\Program Files\DoD-PKE\InstallRoot\IrTampLib_SWIG_vc.DLL
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2013-05-16 21:48 - 2013-05-16 21:48 - 00480768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 01553920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 22:12 - 2013-05-09 22:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 03:43 - 2013-03-27 03:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-16 00:04 - 2013-05-16 00:04 - 04334080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 03:52 - 2013-03-27 03:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 03:50 - 2013-03-27 03:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 21:56 - 2013-05-14 21:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-28 01:25 - 2013-04-28 01:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-14 00:18 - 2013-05-14 00:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 21:58 - 2013-03-26 21:58 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2015-03-01 20:13 - 2011-02-15 14:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
2017-03-31 20:39 - 2017-01-20 18:27 - 02246144 _____ () C:\Users\MiamE52\AppData\Local\chromium\Application\58.0.2988.0\libglesv2.dll
2017-03-31 20:39 - 2017-01-20 18:27 - 00079360 _____ () C:\Users\MiamE52\AppData\Local\chromium\Application\58.0.2988.0\libegl.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\chase.com -> hxxps://chaseonline.chase.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2017-04-07 19:21 - 00002024 _____ C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MiamE52\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8AFB36BA-8CDA-4B0D-BEF4-8E5893FCF03A}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{2B118035-09FB-4033-8C16-23BD1ABF26E1}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{2F8DD39C-04D8-422C-AB01-DDACB0C305AF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{10D39BB9-9B84-46DC-8707-CC63F9B2E31F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{CACEF1D7-5BDC-4895-9441-BE04C2953451}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{999E65B9-4DF6-4E9D-8B72-67781502C73B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{2027E5D2-FAC1-4F7D-BC86-1BCCECC26E83}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{DD50D504-3E38-4F58-B078-E0E14E193B17}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{9D9A6439-34A7-4977-96F2-715DBC7FBF45}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6E003523-460C-48F0-A81C-5DFCB092EBB9}] => (Allow) LPort=2869
FirewallRules: [{9803AF46-C38C-449D-84DB-70E251215CB7}] => (Allow) LPort=1900
FirewallRules: [{B2563306-71C5-488F-89EC-66216FEAC354}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6DE1FA35-819C-4942-8804-8A94301E020B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{BB70FE89-9B63-4307-B6E8-BCFC367E5C1B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{D6B98C57-C2A4-4796-8F09-EA83AE54A1C4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{9FDFBAAE-3901-4F46-AD12-7D6F58E70FB2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{72C6C5D4-C29D-46C3-9122-8E1BB8BCC888}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{E3D2434E-67A5-4A7A-8F4D-E5AEABF7E9FB}] => (Allow) LPort=5357
FirewallRules: [{DADFF874-231F-49C1-8400-975E74518C8D}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D541BC26-83F6-485E-80EC-C80C85CFF20E}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS314A\HPDiagnosticCoreUI.exe
FirewallRules: [{DCF08687-5417-4ACC-991F-C9341A03B259}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS314A\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{951DCB7A-FB39-40F7-9777-D8ABC686CA66}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{CA9D965E-DA0F-4B4E-BD7F-74EDE8CA01DA}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{1CD60C29-BAC7-4FF1-B1EC-461DD14B23C2}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1416\HPDiagnosticCoreUI.exe
FirewallRules: [{C7625CE0-7A5E-4B6C-8B6B-FC3FCCB74D28}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1416\HPDiagnosticCoreUI.exe
FirewallRules: [{18BA22B3-EDEC-4900-A266-2B214985F4D0}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1440\HPDiagnosticCoreUI.exe
FirewallRules: [{938BA5CE-0ABA-4FEC-97A5-C548C7FD9646}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1440\HPDiagnosticCoreUI.exe
FirewallRules: [{0713BA27-DD75-4183-9397-92992F2A0142}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS199C\HPDiagnosticCoreUI.exe
FirewallRules: [{004C9B8A-E032-4009-A389-BC6882B7DF2A}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS199C\HPDiagnosticCoreUI.exe
FirewallRules: [{49B07921-F78D-4167-BAA3-4D57B1CD6990}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F5A5D65-6340-43D8-9D60-033EA838120F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA488D5D-8243-4248-BB78-0D616CD42FE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37D18EE7-7635-4BCA-8BF5-06427BC4395E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{455286C1-B42B-453F-93DD-139BAD481DEE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{662E658F-E1AD-467F-B91C-0D66A89C50BD}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS3AB4\HPDiagnosticCoreUI.exe
FirewallRules: [{353A0D48-97CF-45B2-AEFB-9CBD891539CA}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS3AB4\HPDiagnosticCoreUI.exe
FirewallRules: [{423D6CF5-DE0A-4A19-BA78-E462D1B4B186}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS13C4\HPDiagnosticCoreUI.exe
FirewallRules: [{6D62BCB4-00DC-4235-B753-74B7F13B0C60}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS13C4\HPDiagnosticCoreUI.exe
FirewallRules: [{E8A0F1F3-10D7-4BAF-97E7-5FB36B861C28}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1CC8\HPDiagnosticCoreUI.exe
FirewallRules: [{4D49728E-90CA-45A3-8DBD-8C5230367BB5}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1CC8\HPDiagnosticCoreUI.exe
FirewallRules: [{F7FD8583-2C7A-4079-BE42-C2974AED0C71}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1CF6\HPDiagnosticCoreUI.exe
FirewallRules: [{BE8F4F36-C343-405A-8119-0147BAD6A5E1}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1CF6\HPDiagnosticCoreUI.exe
FirewallRules: [{7B2A6592-F459-4A85-ABFE-E511AFA70129}] => (Allow) C:\Users\MiamE52\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{7930CE90-1926-4E43-9976-45AE01330322}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{C5F3FF1A-F7DB-4FC0-8BD7-0B92CE06BAFA}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{657D1CBD-36C5-4CCE-9946-6E08D758BE74}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{F2DDFEDF-8520-44E0-BF82-2B4C0ABCA93E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{EE3F00D7-381C-4149-9535-205EE23377E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{88C0FAE5-4E45-4501-9556-75C5F720ADE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
03-06-2017 16:12:12 Scheduled Checkpoint
04-06-2017 03:00:22 Windows Update
05-06-2017 15:31:34 Windows Update
19-06-2017 20:57:01 Windows Update
26-06-2017 06:51:25 Installed Rapport
27-06-2017 03:00:30 Windows Update
03-07-2017 15:40:16 Installed InstallRoot
03-07-2017 15:44:52 Installed InstallRoot
==================== Faulty Device Manager Devices =============
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/03/2017 07:24:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 5.1.168.192.in-addr.arpa. PTR MiamE52-HP.local.
Error: (07/03/2017 07:24:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 20 5.1.168.192.in-addr.arpa. PTR MiamE52-HP-2.local.
Error: (07/03/2017 07:24:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 8.1.168.192.in-addr.arpa. PTR MiamE52-HP.local.
Error: (07/03/2017 07:24:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353 20 8.1.168.192.in-addr.arpa. PTR MiamE52-HP-2.local.
Error: (07/03/2017 05:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8533
Error: (07/03/2017 05:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8533
Error: (07/03/2017 05:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/03/2017 05:45:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7488
Error: (07/03/2017 05:45:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7488
Error: (07/03/2017 05:45:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (07/03/2017 03:14:10 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (06/27/2017 03:01:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - USB - 5/15/2017 12:00:00 AM - 2.12.5.0.
Error: (06/27/2017 03:00:22 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Error: (06/26/2017 06:56:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/26/2017 06:53:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NETGEARGenieDaemon service terminated unexpectedly. It has done this 1 time(s).
Error: (06/26/2017 06:51:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ByteFence Security Real-time Protection service failed to start due to the following error:
This version of ByteFence Security Real-time Protection is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
Error: (06/26/2017 06:51:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ByteFence Anti-Malware Service service failed to start due to the following error:
This version of ByteFence Anti-Malware Service is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
Error: (06/19/2017 09:00:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - USB - 5/15/2017 12:00:00 AM - 2.12.5.0.
Error: (06/19/2017 08:58:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/19/2017 08:58:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 74%
Total physical RAM: 4000.32 MB
Available physical RAM: 1002.4 MB
Total Virtual: 7998.82 MB
Available Virtual: 2874.05 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.92 GB) (Free:831.76 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.5 GB) (Free:1.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Elements) (Fixed) (Total:596.17 GB) (Free:149.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 796A506A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 00046C18)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
As of today, the IE icon is working and the system is working fine. After what I have been through, I don't trust it.
I would appreciate it if someone took a look and determine what the trouble is. I suspect malware or a virus.
Please assist.
Thank you,
MiamE52
GO DOLPHINS!!!
Below are the results from the FRST scan. And I am still unable to use IE; I must use Chromium or Google Chrome and then Yahoo! opens.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01
Ran by MiamE52 (administrator) on MIAME52-HP (03-07-2017 19:48:32)
Running from C:\Users\MiamE52\Downloads
Loaded Profiles: MiamE52 (Available Profiles: MiamE52)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\hp\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\hp\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulAlert.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\4.0.4017.4\mcupdatemgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe
(DoD PKE Engineering) C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-17] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKLM\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKLM\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKLM\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\hp\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [Chromium] => c:\users\miame52\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\Run: [GoogleChromeAutoLaunch_14D3130BA01A617676C66D5709557B32] => C:\Users\MiamE52\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
Startup: C:\Users\MiamE52\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-11-08]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{071900BA-B282-42C9-A9F4-C6B9335BF40B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE9B4996-A37B-470D-9C97-D585B5A1334C}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=NqVcNGRdMapcNZ%3D%3D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=NqVcNGRdMapcNZ%3D%3D
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=NqVcNGRdMapcNZ%3D%3D
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {BB169596-B627-4D49-85CB-A2C52EE8439F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0BtByDyEtCtBtAtD0AtC0AtN0D0Tzu0StCzytCyCtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEtBzztA0C0B0DtCtGtAyE0AzztG0B0AyC0DtGtAyDtBzztG0AyC0CtAyDtC0EyEtD0F0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0AyCtD0FyBtDtG0BtBtB0AtGyE0ByB0BtGzyyDyE0AtG0FtByEtB0AtAzyzztB0A0F0D2QtN0A0LzuyE%26cr%3D1938107633%26a%3Dwbf_dwndlm_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {BB169596-B627-4D49-85CB-A2C52EE8439F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0BtByDyEtCtBtAtD0AtC0AtN0D0Tzu0StCzytCyCtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEtBzztA0C0B0DtCtGtAyE0AzztG0B0AyC0DtGtAyDtBzztG0AyC0CtAyDtC0EyEtD0F0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0AyCtD0FyBtDtG0BtBtB0AtGyE0ByB0BtGzyyDyE0AtG0FtByEtB0AtAzyzztB0A0F0D2QtN0A0LzuyE%26cr%3D1938107633%26a%3Dwbf_dwndlm_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_4f036a1255d4d2335d¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYVNVE9JqYXwVQ4ISoUwVM9JmIYwVJdJCIWNVU9GqYVNUI3wGYGwVM3vCoVvFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVE3vmIVvFQ9JaYXNVE9I6IYNVA3vqYVwVxdJqYVNVRdISISwVVdJCoVNVM9I6k3vFFdImoWwVU4ICIWwVNdJmIXNVI9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFI9IWYYvFM9IWYTvFQ9ISISNVQ9JmIXNVU9I6oUNVQ4JqYXwVw3vCoVvFFdJCISNVA9JmoUwVRdJCIYvmo3vmIXNVVdIqYVNoU9GqYYNVc3wCoUQGR7B6RoN9J7MGN4NaZaNqJoNqAsQGMVvDIlC6MuNGwuNGouw7QnC7I6ynIhyE1cM81cNbFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D¶m2=MGR5LGtdNqV8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {BB169596-B627-4D49-85CB-A2C52EE8439F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-966165078-3032698903-2344235266-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-04-17] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-04-17] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-05-10] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2016-12-31] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/?mkt=en-US&pc=__PARAM__
CHR NewTab: Default -> Active:"chrome-extension://effifihbpogpocajanfldchhhaeldccl/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
CHR Extension: (Google Docs) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-14]
CHR Extension: (Google Drive) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-20]
CHR Extension: (Rapport) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-10-20]
CHR Extension: (YouTube) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-20]
CHR Extension: (Google Search) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (My Quick Converter Version 2) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\effifihbpogpocajanfldchhhaeldccl [2017-07-03]
CHR Extension: (Google Docs Offline) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-20]
CHR Extension: (Chrome Media Router) - C:\Users\MiamE52\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-966165078-3032698903-2344235266-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-966165078-3032698903-2344235266-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-966165078-3032698903-2344235266-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [144864 2017-03-22] () [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-17] (Portrait Displays, Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-12-31] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 InstallRoot; C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe [1029224 2016-07-11] (DoD PKE Engineering)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-04-04] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2408432 2017-05-23] (IBM Corp.)
S2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-03-31] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [96656 2017-04-01] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-03-31] (CACE Technologies, Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [384256 2017-05-23] (IBM Corp.)
R4 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-03-15] (IBM Corp.)
R1 RapportCerberus_1804058; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804058.sys [1271232 2017-06-26] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [585376 2017-05-23] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [253856 2017-05-23] (IBM Corp.)
S3 RapportIaso; no ImagePath
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [507904 2017-05-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [610560 2017-05-23] (IBM Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-03 19:48 - 2017-07-03 19:49 - 00037681 _____ C:\Users\MiamE52\Downloads\FRST.txt
2017-07-03 19:47 - 2017-07-03 19:48 - 00000000 ____D C:\FRST
2017-07-03 19:47 - 2017-07-03 19:47 - 02436096 _____ (Farbar) C:\Users\MiamE52\Downloads\FRST64 (2).exe
2017-07-03 19:44 - 2017-07-03 19:44 - 02436096 _____ (Farbar) C:\Users\MiamE52\Downloads\FRST64 (1).exe
2017-07-03 19:41 - 2017-07-03 19:41 - 02436096 _____ (Farbar) C:\Users\MiamE52\Downloads\FRST64.exe
2017-07-03 15:46 - 2017-07-03 15:48 - 00000000 ____D C:\Users\MiamE52\AppData\Local\DoD-PKE
2017-07-03 15:45 - 2017-07-03 15:45 - 00001153 _____ C:\Users\Public\Desktop\InstallRoot 5.0.1.lnk
2017-07-03 15:45 - 2017-07-03 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoD-PKE
2017-07-03 15:45 - 2017-07-03 15:45 - 00000000 ____D C:\Program Files\DoD-PKE
2017-07-03 15:43 - 2017-07-03 15:43 - 29253632 _____ C:\Users\MiamE52\Downloads\InstallRoot_5.0.1x64 (1).msi
2017-07-03 15:38 - 2017-07-03 15:38 - 29253632 _____ C:\Users\MiamE52\Downloads\InstallRoot_5.0.1x64.msi
2017-06-19 20:57 - 2017-04-01 01:30 - 00096656 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2017-06-19 07:01 - 2017-06-02 03:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-19 07:01 - 2017-06-02 03:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-19 07:01 - 2017-05-14 15:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-19 07:01 - 2017-05-14 14:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-19 07:01 - 2017-05-14 14:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-19 07:01 - 2017-05-14 13:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-19 07:01 - 2017-05-14 13:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-19 07:01 - 2017-05-14 13:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-19 07:01 - 2017-05-14 13:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-19 07:01 - 2017-05-14 13:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-19 07:01 - 2017-05-12 13:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-19 07:01 - 2017-05-12 12:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-19 07:01 - 2017-05-10 10:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-19 07:01 - 2017-05-10 10:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-19 07:01 - 2017-04-27 17:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-19 07:01 - 2017-04-12 08:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-19 07:00 - 2017-06-02 03:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-19 07:00 - 2017-06-02 03:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-19 07:00 - 2017-06-02 03:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-19 07:00 - 2017-06-02 03:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-19 07:00 - 2017-06-02 03:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-19 07:00 - 2017-06-02 03:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-19 07:00 - 2017-06-02 03:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-19 07:00 - 2017-06-02 02:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-19 07:00 - 2017-06-02 02:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-19 07:00 - 2017-06-02 02:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-19 07:00 - 2017-06-02 02:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-19 07:00 - 2017-05-20 23:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-19 07:00 - 2017-05-20 23:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-19 07:00 - 2017-05-20 23:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-19 07:00 - 2017-05-20 23:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-19 07:00 - 2017-05-20 23:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-19 07:00 - 2017-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-19 07:00 - 2017-05-20 22:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-19 07:00 - 2017-05-20 22:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-19 07:00 - 2017-05-20 22:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-19 07:00 - 2017-05-20 22:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-19 07:00 - 2017-05-20 22:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-19 07:00 - 2017-05-20 22:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-19 07:00 - 2017-05-16 13:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-19 07:00 - 2017-05-16 12:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-19 07:00 - 2017-05-14 15:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-19 07:00 - 2017-05-14 15:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-19 07:00 - 2017-05-14 15:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-19 07:00 - 2017-05-14 15:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-19 07:00 - 2017-05-14 15:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-19 07:00 - 2017-05-14 15:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-19 07:00 - 2017-05-14 15:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-19 07:00 - 2017-05-14 15:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-19 07:00 - 2017-05-14 15:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-19 07:00 - 2017-05-14 15:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-19 07:00 - 2017-05-14 15:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-19 07:00 - 2017-05-14 15:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-19 07:00 - 2017-05-14 15:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-19 07:00 - 2017-05-14 15:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-19 07:00 - 2017-05-14 15:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-19 07:00 - 2017-05-14 15:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-19 07:00 - 2017-05-14 14:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-19 07:00 - 2017-05-14 14:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-19 07:00 - 2017-05-14 14:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-19 07:00 - 2017-05-14 14:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-19 07:00 - 2017-05-14 14:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-19 07:00 - 2017-05-14 14:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-19 07:00 - 2017-05-14 14:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-19 07:00 - 2017-05-14 14:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-19 07:00 - 2017-05-14 14:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-19 07:00 - 2017-05-14 14:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-19 07:00 - 2017-05-14 14:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-19 07:00 - 2017-05-14 14:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-19 07:00 - 2017-05-14 14:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-19 07:00 - 2017-05-14 14:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-19 07:00 - 2017-05-14 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-19 07:00 - 2017-05-14 14:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-19 07:00 - 2017-05-14 14:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-19 07:00 - 2017-05-14 14:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-19 07:00 - 2017-05-14 14:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-19 07:00 - 2017-05-14 14:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-19 07:00 - 2017-05-14 14:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-19 07:00 - 2017-05-14 14:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-19 07:00 - 2017-05-14 14:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-19 07:00 - 2017-05-14 14:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-19 07:00 - 2017-05-14 14:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-19 07:00 - 2017-05-14 14:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-19 07:00 - 2017-05-14 14:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-19 07:00 - 2017-05-14 13:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-19 07:00 - 2017-05-14 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-19 07:00 - 2017-05-14 13:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-19 07:00 - 2017-05-14 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-19 07:00 - 2017-05-14 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-19 07:00 - 2017-05-14 13:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-19 07:00 - 2017-05-14 13:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-19 07:00 - 2017-05-14 13:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-19 07:00 - 2017-05-14 13:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-19 07:00 - 2017-05-14 13:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-19 07:00 - 2017-05-14 13:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-19 07:00 - 2017-05-14 13:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-19 07:00 - 2017-05-14 13:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-19 07:00 - 2017-05-14 13:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-19 07:00 - 2017-05-14 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-19 07:00 - 2017-05-12 13:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-19 07:00 - 2017-05-12 13:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-19 07:00 - 2017-05-12 13:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-19 07:00 - 2017-05-12 13:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-19 07:00 - 2017-05-12 13:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-19 07:00 - 2017-05-12 13:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-19 07:00 - 2017-05-12 13:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 13:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 12:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-19 07:00 - 2017-05-12 12:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-19 07:00 - 2017-05-12 12:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-19 07:00 - 2017-05-12 12:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-19 07:00 - 2017-05-12 12:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-19 07:00 - 2017-05-12 12:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-19 07:00 - 2017-05-12 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-19 07:00 - 2017-05-12 12:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-19 07:00 - 2017-05-12 12:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-19 07:00 - 2017-05-12 12:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-19 07:00 - 2017-05-12 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-19 07:00 - 2017-05-12 12:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 12:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 12:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 12:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-19 07:00 - 2017-05-12 11:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-19 07:00 - 2017-05-12 10:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-19 07:00 - 2017-05-12 10:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-19 07:00 - 2017-05-10 10:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-19 07:00 - 2017-05-10 10:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-19 07:00 - 2017-05-10 10:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-19 07:00 - 2017-05-10 10:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-19 07:00 - 2017-05-10 10:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-19 07:00 - 2017-05-10 10:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-19 07:00 - 2017-05-10 10:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-19 07:00 - 2017-05-10 10:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-19 07:00 - 2017-05-10 10:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-19 07:00 - 2017-05-10 10:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-19 07:00 - 2017-05-10 10:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-19 07:00 - 2017-05-10 10:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-19 07:00 - 2017-05-10 10:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-19 07:00 - 2017-05-10 10:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-19 07:00 - 2017-05-10 10:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-19 07:00 - 2017-05-10 10:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-19 07:00 - 2017-05-10 10:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-19 07:00 - 2017-05-10 10:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-19 07:00 - 2017-05-10 10:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-19 07:00 - 2017-05-10 10:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-19 07:00 - 2017-05-10 09:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-19 07:00 - 2017-05-09 10:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-19 07:00 - 2017-05-09 10:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-19 07:00 - 2017-05-09 10:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-19 07:00 - 2017-05-07 10:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-19 07:00 - 2017-05-07 10:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-19 07:00 - 2017-03-30 10:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-19 07:00 - 2017-03-30 09:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-11 20:20 - 2017-06-11 20:21 - 150436469 _____ C:\Users\MiamE52\Downloads\B-JM53BSPWWB-1015.0.zip
2017-06-11 18:59 - 2017-06-11 18:59 - 09966975 _____ C:\Users\MiamE52\Downloads\SAC33601901_6-en.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-03 19:36 - 2017-03-31 20:36 - 00000282 _____ C:\Windows\Tasks\{5E41B75B-B16F-DD27-A97C-55B67D218453}.job
2017-07-03 19:35 - 2017-03-31 20:35 - 00000986 _____ C:\Windows\Tasks\Yahoo! Powered midem.job
2017-07-03 15:43 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-03 15:43 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-03 14:01 - 2015-03-01 20:54 - 00002302 ____H C:\Users\MiamE52\Documents\Default.rdp
2017-07-03 08:00 - 2016-05-08 10:17 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMiamE52
2017-07-03 08:00 - 2016-05-08 10:17 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForMiamE52.job
2017-07-03 06:39 - 2015-03-01 20:16 - 00000000 ____D C:\ProgramData\PDFC
2017-06-28 09:05 - 2015-03-14 18:31 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 09:05 - 2015-03-14 18:31 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 09:02 - 2017-04-02 17:21 - 00000000 ____D C:\Users\MiamE52\AppData\Local\NETGEARGenie
2017-06-26 07:36 - 2017-04-02 17:22 - 00000259 _____ C:\Users\MiamE52\AppData\Roaming\WB.CFG
2017-06-26 07:36 - 2017-03-31 20:35 - 00000000 ____D C:\Users\MiamE52\AppData\Roaming\Pudohopor
2017-06-26 06:58 - 2009-07-14 00:13 - 00799374 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-26 06:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-06-26 06:54 - 2016-12-21 08:50 - 00000000 __RSD C:\Users\MiamE52\Documents\McAfee Vaults
2017-06-26 06:52 - 2015-09-19 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-06-26 06:51 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-26 06:50 - 2009-07-13 23:45 - 00413136 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-26 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-26 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-19 21:08 - 2015-03-14 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-19 21:07 - 2016-12-23 15:43 - 00000000 ____D C:\Windows\system32\MRT
2017-06-19 21:07 - 2015-03-14 19:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-19 21:07 - 2015-03-14 19:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-19 21:02 - 2016-12-23 15:43 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-19 20:57 - 2016-12-21 08:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-19 20:15 - 2015-03-21 07:51 - 00000000 ____D C:\Users\MiamE52\Documents\Outlook Files
2017-06-19 20:15 - 2014-08-24 11:24 - 00000000 ____D C:\Users\Miss Edith\Documents\Outlook Files
2017-06-05 15:31 - 2016-12-21 08:49 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
==================== Files in the root of some directories =======
2017-04-28 18:36 - 2017-04-28 18:36 - 7649280 _____ () C:\Program Files (x86)\GUT6512.tmp
2017-04-02 17:22 - 2017-06-26 07:36 - 0000259 _____ () C:\Users\MiamE52\AppData\Roaming\WB.CFG
2015-11-02 20:29 - 2015-11-02 20:29 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\{5E41B75B-B16F-DD27-A97C-55B67D218453}.job
Some files in TEMP:
====================
2016-05-23 18:08 - 2017-02-09 21:19 - 10779584 _____ () C:\Users\MiamE52\AppData\Local\Temp\HPPSdr.exe
2016-10-20 13:02 - 2016-10-20 13:02 - 0737856 _____ (Oracle Corporation) C:\Users\MiamE52\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-01-20 19:09 - 2016-01-20 19:09 - 0644704 _____ (Oracle Corporation) C:\Users\MiamE52\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-06-25 14:59 - 2016-06-25 14:59 - 0739904 _____ (Oracle Corporation) C:\Users\MiamE52\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-05-31 04:13 - 2016-05-31 04:13 - 0219264 _____ (McAfee, Inc.) C:\Users\MiamE52\AppData\Local\Temp\McCSPInstall.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-12 00:42
==================== End of FRST.txt ============================
Next is the addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by MiamE52 (03-07-2017 19:50:29)
Running from C:\Users\MiamE52\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-03-01 23:54:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-966165078-3032698903-2344235266-500 - Administrator - Disabled)
Guest (S-1-5-21-966165078-3032698903-2344235266-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-966165078-3032698903-2344235266-1002 - Limited - Enabled)
MiamE52 (S-1-5-21-966165078-3032698903-2344235266-1001 - Administrator - Enabled) => C:\Users\MiamE52
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WTA-a620de4f-43cd-4ad3-9ced-d8fc6e852013) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-17786eca-eca6-4e1e-acd3-209134259f3b) (Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (HKLM-x32\...\WTA-665a303a-742f-4639-9a24-4fb79a28b9ba) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WTA-7c4cc3fc-6b7b-406f-aeca-4b36e2a0a85a) (Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-04712b30-f7ac-40d3-9f26-963d3e650776) (Version: 2.2.0.97 - WildTangent) Hidden
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.7.0.1 - Byte Technologies LLC) <==== ATTENTION
Cake Mania (HKLM-x32\...\WTA-f5cbfcce-0a98-456f-9bb7-ce5b0df94a9b) (Version: 2.2.0.95 - WildTangent) Hidden
Chromium (HKLM-x32\...\{E02508E5-B0A5-D965-0125-A9E5D1A57A65}) (Version: - )
Chronicles of Albian (HKLM-x32\...\WTA-3fe0a1ec-53fc-40f4-95a8-96f2457d07e9) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-cc88d482-e88c-445d-917c-b7653d581adc) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-8da6f84f-eee6-44fe-af60-f381590df958) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3922 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Farm Frenzy (HKLM-x32\...\WTA-b8412d97-5345-431e-b4c0-819ec81d8274) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-31231939-b873-4011-b256-d3a9b471b015) (Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-2396831a-741d-4d28-889c-fc6d999f7657) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.04.022 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT)
InstallRoot (HKLM\...\{8A5017FC-128C-446E-93FF-7115DDDFA430}) (Version: 5.0.1 - DoD PKE)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (HKLM-x32\...\WTA-0b33844c-c941-4e52-8552-b68426e5c48f) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
Mah Jong Medley (HKLM-x32\...\WTA-c924b05b-2987-4f7c-9adf-7b20cc35f4c9) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Multi Access - Internet Security (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Castle: The Mirror's Secret Platinum Edition (HKLM-x32\...\WTA-ad0e4638-d7c9-46e9-a461-90b3ccd940af) (Version: 3.0.2.126 - WildTangent) Hidden
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-0b291a3a-9c8d-42c2-9ff6-5c8e0e6183c2) (Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (HKLM-x32\...\WTA-e7cc80df-668d-4f3b-8a39-42e8b422792a) (Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.23.exe - NETGEAR Inc.)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WTA-43f188d3-fb58-4036-96dd-dec6ac328afa) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-768270fa-48a1-4356-8237-382d7f458af4) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-a90ee1c2-0ef0-436c-b0e0-94c329b860ee) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-7d11e879-0fc7-4672-b25a-71c43b0e119b) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-7204a585-ee47-49f2-bcf2-539cf1acc559) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.9.3 - Intuit)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.112 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SkyTools 3 Starter Edition (HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\SkyTools 3 Starter Edition) (Version: - )
Slingo Supreme (HKLM-x32\...\WTA-2612c666-5be7-42d6-9a41-c55c485ea5de) (Version: 2.2.0.97 - WildTangent) Hidden
Solitaire Mystery Double Pack (HKLM-x32\...\WTA-9811747f-6c43-4789-868d-28860117fcc2) (Version: 3.0.2.59 - WildTangent) Hidden
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.25 - iolo technologies, LLC)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.112 - Trusteer)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (HKLM-x32\...\WTA-39b40dbd-141e-4e43-bd5c-086873809231) (Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-355490d3-5d00-46e9-80f2-2b5469e39e2c) (Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zuma Deluxe (HKLM-x32\...\WTA-08347955-0f33-4a0d-8a46-912fa2184771) (Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-04-17] (McAfee, Inc.)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers03: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-05] (Hewlett-Packard)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-06-26] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-04-17] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {024A914E-5E8C-4D4E-8612-527844F99A13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {0978AC47-510F-4E7C-A9A2-C92E661AB826} - System32\Tasks\MirageAgent => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-23] (CyberLink)
Task: {1349C47A-A38F-42D8-8428-74E3D2B1972E} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {1B2C4E9A-2CA2-4322-B8E6-85EF87F09228} - System32\Tasks\HPCeeScheduleForMiamE52 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3436A15F-6E1F-4365-B351-A28D5A4F72AC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {44A874C8-7384-4B8A-83FF-8FC6D0598EC7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {52012E99-BC4F-4BA4-A7A8-BF6A8D8D7714} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {57719A5F-5EF8-464D-9908-0CFE4BDCCBDE} - System32\Tasks\Yahoo! Powered midem => Wscript.exe "C:\ProgramData\{3DF2F891-B7B0-7257-3176-EC15AB3467DB}\cito.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b33444632463839312d423742302d373235372d333137362d4543313541423334363744427d5c6c6f63656469" "433a5c50726f6772616d446174615c7b33444632463839312d423742302d373235372d3331 (the data entry has 80 more characters). <==== ATTENTION
Task: {5A850D28-A471-4989-ADA8-4EB8BECF6026} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {5B2C70F8-CC17-41C2-92FF-3268FD9D5A54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {5B896022-4678-4FB2-9010-D5F01B2CA620} - System32\Tasks\{5E41B75B-B16F-DD27-A97C-55B67D218453} => C:\Users\MiamE52\AppData\Roaming\Pudohopor\SyncVersion.exe [2013-05-06] ()
Task: {6E12BEAA-4837-4E4C-B6A3-54AA9EAC347D} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e9d0cb78121f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {774C92D9-CC62-4986-94DD-DCC0753D31ED} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e9d0cbb3e2b1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {77C59F3A-EF6C-4B8C-9AB8-44DC2C692B04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {7B66DB56-64A4-4ACF-8430-2FEB3139CCD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8882A8F9-BD9C-43FC-A39B-63CAC110C363} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {927B5B8D-145E-4B7D-8329-F120784B9C25} - System32\Tasks\WBUpdateTask => C:\Program Files\WebBarMedia\5.5.6275.25383\winwb.exe
Task: {932B0228-BF20-4952-8FCC-D5087350046C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-966165078-3032698903-2344235266-1001
Task: {974DBDCC-EAFB-459F-BBD1-72ACED4C33D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {A3F07606-872B-4506-8DDD-BAF8F680AA2E} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-03-22] () <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C9086497-37A0-47E4-9DDB-858632E8DC74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-05] (Adobe Systems Incorporated)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {CF8D9C0B-8241-4E1C-ACD7-C12B219A9934} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {D2A4E555-0382-4F3D-BF64-9221F325DC65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {D76881E1-1722-487A-9C09-DF08421C67EF} - System32\Tasks\WBLaunchTask => C:\Program Files\WebBarMedia\5.5.6275.25383\winwb.exe
Task: {DF3A30A4-B239-4362-83E5-7D564FA9024F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-03-22] () <==== ATTENTION
Task: {E163EA96-62CB-46ED-B23E-0CBE992DE9A2} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {EFC54C18-FA72-4124-A5C3-BFA412FB0D70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FED2AFFE-0FBA-4558-9907-1E210E28EC7B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-02-26] (McAfee, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMiamE52.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Yahoo! Powered midem.job => Wscript.exe C:\ProgramData\{3DF2F891-B7B0-7257-3176-EC15AB3467DB}\cito.txt <==== ATTENTION
Task: C:\Windows\Tasks\{5E41B75B-B16F-DD27-A97C-55B67D218453}.job => C:\Users\MiamE52\AppData\Roaming\PUDOHO~1\SYNCVE~1.EXE <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-01 19:57 - 2011-06-26 21:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2013-04-07 06:38 - 2013-04-07 06:38 - 01044224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2013-04-07 06:42 - 2013-04-07 06:42 - 00123136 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2017-06-28 09:05 - 2017-06-22 22:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 09:05 - 2017-06-22 22:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-07-11 18:03 - 2016-07-11 18:03 - 06504040 _____ () C:\Program Files\DoD-PKE\InstallRoot\IrTampLib_SWIG_vc.DLL
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2013-05-16 21:48 - 2013-05-16 21:48 - 00480768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 01553920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 22:12 - 2013-05-09 22:12 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 03:43 - 2013-03-27 03:43 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-16 00:04 - 2013-05-16 00:04 - 04334080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 03:52 - 2013-03-27 03:52 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 03:50 - 2013-03-27 03:50 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 21:56 - 2013-05-14 21:56 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-28 01:25 - 2013-04-28 01:25 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-14 00:18 - 2013-05-14 00:18 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 21:58 - 2013-03-26 21:58 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2015-03-01 20:13 - 2011-02-15 14:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
2017-03-31 20:39 - 2017-01-20 18:27 - 02246144 _____ () C:\Users\MiamE52\AppData\Local\chromium\Application\58.0.2988.0\libglesv2.dll
2017-03-31 20:39 - 2017-01-20 18:27 - 00079360 _____ () C:\Users\MiamE52\AppData\Local\chromium\Application\58.0.2988.0\libegl.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-966165078-3032698903-2344235266-1001\...\chase.com -> hxxps://chaseonline.chase.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2017-04-07 19:21 - 00002024 _____ C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-966165078-3032698903-2344235266-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MiamE52\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8AFB36BA-8CDA-4B0D-BEF4-8E5893FCF03A}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{2B118035-09FB-4033-8C16-23BD1ABF26E1}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{2F8DD39C-04D8-422C-AB01-DDACB0C305AF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{10D39BB9-9B84-46DC-8707-CC63F9B2E31F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{CACEF1D7-5BDC-4895-9441-BE04C2953451}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{999E65B9-4DF6-4E9D-8B72-67781502C73B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{2027E5D2-FAC1-4F7D-BC86-1BCCECC26E83}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{DD50D504-3E38-4F58-B078-E0E14E193B17}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{9D9A6439-34A7-4977-96F2-715DBC7FBF45}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6E003523-460C-48F0-A81C-5DFCB092EBB9}] => (Allow) LPort=2869
FirewallRules: [{9803AF46-C38C-449D-84DB-70E251215CB7}] => (Allow) LPort=1900
FirewallRules: [{B2563306-71C5-488F-89EC-66216FEAC354}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6DE1FA35-819C-4942-8804-8A94301E020B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{BB70FE89-9B63-4307-B6E8-BCFC367E5C1B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{D6B98C57-C2A4-4796-8F09-EA83AE54A1C4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{9FDFBAAE-3901-4F46-AD12-7D6F58E70FB2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{72C6C5D4-C29D-46C3-9122-8E1BB8BCC888}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{E3D2434E-67A5-4A7A-8F4D-E5AEABF7E9FB}] => (Allow) LPort=5357
FirewallRules: [{DADFF874-231F-49C1-8400-975E74518C8D}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D541BC26-83F6-485E-80EC-C80C85CFF20E}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS314A\HPDiagnosticCoreUI.exe
FirewallRules: [{DCF08687-5417-4ACC-991F-C9341A03B259}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS314A\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{951DCB7A-FB39-40F7-9777-D8ABC686CA66}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{CA9D965E-DA0F-4B4E-BD7F-74EDE8CA01DA}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{1CD60C29-BAC7-4FF1-B1EC-461DD14B23C2}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1416\HPDiagnosticCoreUI.exe
FirewallRules: [{C7625CE0-7A5E-4B6C-8B6B-FC3FCCB74D28}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1416\HPDiagnosticCoreUI.exe
FirewallRules: [{18BA22B3-EDEC-4900-A266-2B214985F4D0}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1440\HPDiagnosticCoreUI.exe
FirewallRules: [{938BA5CE-0ABA-4FEC-97A5-C548C7FD9646}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1440\HPDiagnosticCoreUI.exe
FirewallRules: [{0713BA27-DD75-4183-9397-92992F2A0142}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS199C\HPDiagnosticCoreUI.exe
FirewallRules: [{004C9B8A-E032-4009-A389-BC6882B7DF2A}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS199C\HPDiagnosticCoreUI.exe
FirewallRules: [{49B07921-F78D-4167-BAA3-4D57B1CD6990}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F5A5D65-6340-43D8-9D60-033EA838120F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA488D5D-8243-4248-BB78-0D616CD42FE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37D18EE7-7635-4BCA-8BF5-06427BC4395E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{455286C1-B42B-453F-93DD-139BAD481DEE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{662E658F-E1AD-467F-B91C-0D66A89C50BD}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS3AB4\HPDiagnosticCoreUI.exe
FirewallRules: [{353A0D48-97CF-45B2-AEFB-9CBD891539CA}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS3AB4\HPDiagnosticCoreUI.exe
FirewallRules: [{423D6CF5-DE0A-4A19-BA78-E462D1B4B186}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS13C4\HPDiagnosticCoreUI.exe
FirewallRules: [{6D62BCB4-00DC-4235-B753-74B7F13B0C60}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS13C4\HPDiagnosticCoreUI.exe
FirewallRules: [{E8A0F1F3-10D7-4BAF-97E7-5FB36B861C28}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1CC8\HPDiagnosticCoreUI.exe
FirewallRules: [{4D49728E-90CA-45A3-8DBD-8C5230367BB5}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1CC8\HPDiagnosticCoreUI.exe
FirewallRules: [{F7FD8583-2C7A-4079-BE42-C2974AED0C71}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1CF6\HPDiagnosticCoreUI.exe
FirewallRules: [{BE8F4F36-C343-405A-8119-0147BAD6A5E1}] => (Allow) C:\Users\MiamE52\AppData\Local\Temp\7zS1CF6\HPDiagnosticCoreUI.exe
FirewallRules: [{7B2A6592-F459-4A85-ABFE-E511AFA70129}] => (Allow) C:\Users\MiamE52\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{7930CE90-1926-4E43-9976-45AE01330322}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{C5F3FF1A-F7DB-4FC0-8BD7-0B92CE06BAFA}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{657D1CBD-36C5-4CCE-9946-6E08D758BE74}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{F2DDFEDF-8520-44E0-BF82-2B4C0ABCA93E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{EE3F00D7-381C-4149-9535-205EE23377E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{88C0FAE5-4E45-4501-9556-75C5F720ADE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
03-06-2017 16:12:12 Scheduled Checkpoint
04-06-2017 03:00:22 Windows Update
05-06-2017 15:31:34 Windows Update
19-06-2017 20:57:01 Windows Update
26-06-2017 06:51:25 Installed Rapport
27-06-2017 03:00:30 Windows Update
03-07-2017 15:40:16 Installed InstallRoot
03-07-2017 15:44:52 Installed InstallRoot
==================== Faulty Device Manager Devices =============
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/03/2017 07:24:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 5.1.168.192.in-addr.arpa. PTR MiamE52-HP.local.
Error: (07/03/2017 07:24:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 20 5.1.168.192.in-addr.arpa. PTR MiamE52-HP-2.local.
Error: (07/03/2017 07:24:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 8.1.168.192.in-addr.arpa. PTR MiamE52-HP.local.
Error: (07/03/2017 07:24:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353 20 8.1.168.192.in-addr.arpa. PTR MiamE52-HP-2.local.
Error: (07/03/2017 05:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8533
Error: (07/03/2017 05:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8533
Error: (07/03/2017 05:46:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/03/2017 05:45:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7488
Error: (07/03/2017 05:45:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7488
Error: (07/03/2017 05:45:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (07/03/2017 03:14:10 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (06/27/2017 03:01:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - USB - 5/15/2017 12:00:00 AM - 2.12.5.0.
Error: (06/27/2017 03:00:22 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Error: (06/26/2017 06:56:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/26/2017 06:53:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NETGEARGenieDaemon service terminated unexpectedly. It has done this 1 time(s).
Error: (06/26/2017 06:51:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ByteFence Security Real-time Protection service failed to start due to the following error:
This version of ByteFence Security Real-time Protection is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
Error: (06/26/2017 06:51:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ByteFence Anti-Malware Service service failed to start due to the following error:
This version of ByteFence Anti-Malware Service is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
Error: (06/19/2017 09:00:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - USB - 5/15/2017 12:00:00 AM - 2.12.5.0.
Error: (06/19/2017 08:58:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/19/2017 08:58:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 74%
Total physical RAM: 4000.32 MB
Available physical RAM: 1002.4 MB
Total Virtual: 7998.82 MB
Available Virtual: 2874.05 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.92 GB) (Free:831.76 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.5 GB) (Free:1.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Elements) (Fixed) (Total:596.17 GB) (Free:149.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 796A506A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 00046C18)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Last edited by a moderator: